Introduction

  • 2 minutes

User authentication has traditionally been achieved using a User ID and password. A password is a single-factor form of authentication. The fundamental issue with single-factor authentication is that it's easier for any bad actor with knowledge of the sign-on information to impersonate the valid user. To prevent a breach of security for a user account, GitHub has authentication tools available to promote security best practices. You can even enforce a security policy for all GitHub users within the organization.

Controlling access to your company's data is foundational for a secure GitHub Enterprise. GitHub is committed to helping enterprises on their security journey with authentication methods to allow for more secure account access and a better user experience. In a GitHub Enterprise, most organizations want to require extra levels of authentication for better security. Enterprise System Administrators can enforce authentication and authorization security policies across an organization. These security features allow you to ensure that users are required to sign on securely to access the correct permissions in repositories. These features also include access and tools for auditing user access and activity, identity maintenance, and authentication compliance. As an administrator, you should work with your internal resources to identify what type of authentication and authorization is appropriate. This module provides an overview of the authentication and authorization options available to you in your GitHub organization or GitHub Enterprise.

Learning goals

By the end of this module, you'll be able to:

  • Describe the GitHub authentication and authorization Model.
  • Understand how to manage user access to your GitHub organization through Authorization and Authentication tools.
  • Identify the identity providers and technologies that support secure repository access.
  • Understand the implications of enabling SAML SSO.
  • Identify the authorization and authentication options available, and understand the administrator's role in enforcing a secure access strategy for a GitHub enterprise.
  • Describe how users access private information in a GitHub organization.
  • Evaluate the benefits of enabling Team Synchronization to manage team membership.

Prerequisites

  • Administrative access to your GitHub organization or GitHub Enterprise