About two-factor authentication and SAML single sign-on
Organizations administrators can enable both SAML single sign-on and two-factor authentication to add additional authentication measures for their organization members.
Note: This feature is only available with GitHub Enterprise Cloud. For more information, see "GitHub's products."
Two-factor authentication (2FA) provides basic authentication for organization members. By enabling 2FA, organization administrators limit the likelihood that a member's GitHub account could be compromised. For more information on 2FA, see "About two-factor authentication."
To add additional authentication measures, organization administrators can also enable SAML single sign-on (SSO) so that organization members must use single sign-on to access an organization. For more information on SAML SSO, see "About identity and access management with SAML single sign-on."
If both 2FA and SAML SSO are enabled, organization members must do the following:
- Use 2FA to log in to their GitHub account
- Use single sign-on to access the organization
- Use an authorized token for API or Git access and use single sign-on to authorize the token