ドキュメントには頻繁に更新が加えられ、その都度公開されています。本ページの翻訳はまだ未完成な部分があることをご了承ください。最新の情報については、英語のドキュメンテーションをご参照ください。本ページの翻訳に問題がある場合はこちらまでご連絡ください。

About identity and access management with SAML single sign-on

Using Security Assertion Markup Language (SAML) web browser single sign-on (SSO), administrators can use an identity provider to manage the identities of their users and the applications they use. Organization members can authenticate with an identity provider that grants access to your GitHub organization.

SAMLシングルサインオンはGitHub Enterprise Cloudで利用できます。詳しい情報についてはGitHubの製品を参照してください。

In this article

About SAML SSO

With SAML SSO, organization administrators can invite members to connect their existing GitHub user accounts to a supported IdP. SAML SSO gives organizations a centralized and secure way of controlling access to their resources on GitHub and helps organization members maintain control of their identity and contributions.

Organization members sign in through the organization's IdP, and their existing GitHub account is linked to an external identity that belongs to the organization. This external identity is separate from, but related to, their GitHub account and is used to control access to the organization's resources like
 repositories, issues, and pull requests.

メモ: 外部コラボレーター は、SAML SSO を利用する Organization にアクセスする上で、外部の (SAML) アイデンティティは必要ありません。

Organization members must periodically log in to the SAML provider to authenticate and gain access to the organization's resources on GitHub. The duration of this login period is specified by your IdP and is generally 24 hours. This periodic login requirement limits the length of access and requires users to re-identify themselves to continue.

To access the organization's protected resources using the API and Git on the command line, members will be required to create and use personal access tokens. Organization administrators can revoke the access token at any time. For more information, see "Viewing and revoking organization members' authorized access to tokens."

SAML SSO can be disabled, enabled but not enforced, or enabled and enforced. For more information on setting up and enforcing SAML SSO for your GitHub organization, see "Connecting your identity provider to your organization" and "Enforcing SAML single sign-on for your organization."

Supported SAML services

弊社では、SAML 2.0 標準を実装するすべてのアイデンティティプロバイダに対して限定的なサポートを提供します。内部的にテストされた以下のアイデンティティプロバイダを公式にサポートします:

If your IdP supports SCIM, members are automatically invited to join the GitHub organization when access is provisioned in your IdP and will be automatically removed from the GitHub organization when their access is removed from your IdP.

GitHub は、SAML シングルログアウトをサポートしません。アクティブな SAML セッションを終了するには、ユーザは SAML サーバーで直接ログアウトしなければなりません。

Adding members to an organization using SAML SSO

After you enable SAML SSO, there are multiple ways you can add new members to your organization. Organization owners can invite new members manually on GitHub or using the API. For more information, see "Inviting users to join your organization" and "Members" on GitHub 開発者ドキュメンテーション.

You can use team synchronization to automatically add and remove team members in an organization through an identity provider. For more information, see "Synchronizing teams between your identity provider and GitHub."

To provision new users without an invitation from an organization owner, you can use the URL https://github.com/orgs/ORGANIZATION/sso/sign_up, replacing ORGANIZATION with the name of your organization. For example, you can configure your IdP so that anyone with access to the IdP can click a link on the IdP's dashboard to join your GitHub organization.

If your IdP supports SCIM, new users in your IdP can be added automatically to your organization on GitHub. For more information, see "About SCIM."

Further reading

担当者にお尋ねください

探しているものが見つからなかったでしょうか?

弊社にお問い合わせください