Delete content that was ghae only (#48716)
This commit is contained in:
Peter Bengtsson
@@ -1,34 +0,0 @@
|
||||
---
|
||||
title: Getting started with GitHub Actions for GitHub AE
|
||||
shortTitle: Get started
|
||||
intro: 'Learn about configuring {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_managed %}.'
|
||||
permissions: 'Enterprise owners can enable {% data variables.product.prodname_actions %} and configure enterprise settings.'
|
||||
versions:
|
||||
ghae: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Actions
|
||||
- Enterprise
|
||||
redirect_from:
|
||||
- /admin/github-actions/getting-started-with-github-actions-for-github-ae
|
||||
- /admin/github-actions/using-github-actions-in-github-ae/getting-started-with-github-actions-for-github-ae
|
||||
---
|
||||
|
||||
|
||||
## About {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_managed %}
|
||||
|
||||
{% data variables.product.prodname_actions %} is enabled for {% data variables.product.product_name %} by default. To get started using {% data variables.product.prodname_actions %} within your enterprise, you need to manage access permissions for {% data variables.product.prodname_actions %} and add runners to run workflows.
|
||||
|
||||
{% data reusables.actions.introducing-enterprise %}
|
||||
|
||||
{% data reusables.actions.migrating-enterprise %}
|
||||
|
||||
## Managing access permissions for {% data variables.product.prodname_actions %} in your enterprise
|
||||
|
||||
You can use policies to manage access to {% data variables.product.prodname_actions %}. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise)."
|
||||
|
||||
## Adding runners
|
||||
|
||||
You must configure and host your own machines to run jobs for your enterprise on {% data variables.product.product_name %}. {% data reusables.actions.about-self-hosted-runners %} For more information, see "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise)" and "[AUTOTITLE](/actions/hosting-your-own-runners)."
|
||||
|
||||
{% data reusables.actions.general-security-hardening %}
|
||||
@@ -4,7 +4,6 @@ intro: 'Learn how to adopt {% data variables.product.prodname_actions %} for you
|
||||
versions:
|
||||
ghec: '*'
|
||||
ghes: '*'
|
||||
ghae: '*'
|
||||
topics:
|
||||
- Enterprise
|
||||
- Actions
|
||||
@@ -14,8 +13,6 @@ children:
|
||||
- /migrating-your-enterprise-to-github-actions
|
||||
- /getting-started-with-github-actions-for-github-enterprise-cloud
|
||||
- /getting-started-with-github-actions-for-github-enterprise-server
|
||||
- /getting-started-with-github-actions-for-github-ae
|
||||
- /getting-started-with-self-hosted-runners-for-your-enterprise
|
||||
shortTitle: Get started
|
||||
---
|
||||
|
||||
|
||||
@@ -7,12 +7,10 @@ redirect_from:
|
||||
versions:
|
||||
ghec: '*'
|
||||
ghes: '*'
|
||||
ghae: '*'
|
||||
topics:
|
||||
- Enterprise
|
||||
children:
|
||||
- /getting-started-with-github-actions-for-your-enterprise
|
||||
- /using-github-actions-in-github-ae
|
||||
- /enabling-github-actions-for-github-enterprise-server
|
||||
- /managing-access-to-actions-from-githubcom
|
||||
- /advanced-configuration-and-troubleshooting
|
||||
|
||||
@@ -1,10 +0,0 @@
|
||||
---
|
||||
title: Using GitHub Actions in GitHub AE
|
||||
intro: 'Learn how to configure {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_managed %}.'
|
||||
versions:
|
||||
ghae: '*'
|
||||
children:
|
||||
- /using-actions-in-github-ae
|
||||
shortTitle: Use Actions in GitHub AE
|
||||
---
|
||||
|
||||
@@ -1,26 +0,0 @@
|
||||
---
|
||||
title: Using actions in GitHub AE
|
||||
intro: '{% data variables.product.prodname_ghe_managed %} includes most of the {% data variables.product.prodname_dotcom %}-authored actions.'
|
||||
versions:
|
||||
ghae: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Actions
|
||||
- Enterprise
|
||||
redirect_from:
|
||||
- /admin/github-actions/using-actions-in-github-ae
|
||||
shortTitle: Use actions
|
||||
---
|
||||
|
||||
|
||||
{% data variables.product.prodname_actions %} workflows can use _actions_, which are individual tasks that you can combine to create jobs and customize your workflow. You can create your own actions, or use and customize actions shared by the {% data variables.product.prodname_dotcom %} community.
|
||||
|
||||
## Official actions bundled with {% data variables.product.prodname_ghe_managed %}
|
||||
|
||||
Most official {% data variables.product.prodname_dotcom %}-authored actions are automatically bundled with {% data variables.product.prodname_ghe_managed %}, and are captured at a point in time from {% data variables.product.prodname_marketplace %}. When your {% data variables.product.prodname_ghe_managed %} instance is updated, the bundled official actions are also updated.
|
||||
|
||||
The bundled official actions include `actions/checkout`, `actions/upload-artifact`, `actions/download-artifact`, `actions/labeler`, and various `actions/setup-` actions, among others. To see which of the official actions are included, browse to the following organizations on your instance:
|
||||
- <code>https://<em>HOSTNAME</em>/actions</code>
|
||||
- <code>https://<em>HOSTNAME</em>/github</code>
|
||||
|
||||
Each action's files are kept in a repository in the `actions` and `github` organizations. Each action repository includes the necessary tags, branches, and commit SHAs that your workflows can use to reference the action.
|
||||
@@ -1,156 +0,0 @@
|
||||
---
|
||||
title: Configuring authentication and provisioning for your enterprise using Okta
|
||||
shortTitle: Configure with Okta
|
||||
intro: 'You can use Okta as an identity provider (IdP) to centrally manage authentication and user provisioning for {% data variables.location.product_location %}.'
|
||||
permissions: 'Enterprise owners can configure authentication and provisioning for {% data variables.product.product_name %}.'
|
||||
versions:
|
||||
ghae: '*'
|
||||
redirect_from:
|
||||
- /admin/authentication/configuring-authentication-and-provisioning-with-your-identity-provider/configuring-authentication-and-provisioning-for-your-enterprise-using-okta
|
||||
- /admin/identity-and-access-management/configuring-authentication-and-provisioning-with-your-identity-provider/configuring-authentication-and-provisioning-for-your-enterprise-using-okta
|
||||
type: how_to
|
||||
topics:
|
||||
- Accounts
|
||||
- Authentication
|
||||
- Enterprise
|
||||
- Identity
|
||||
- SSO
|
||||
---
|
||||
|
||||
{% data reusables.saml.okta-ae-sso-beta %}
|
||||
|
||||
## About authentication and user provisioning with Okta
|
||||
|
||||
You can use Okta as an Identity Provider (IdP) for {% data variables.product.product_name %}, which allows your Okta users to sign in to {% data variables.product.product_name %} using their Okta credentials.
|
||||
|
||||
To use Okta as your IdP for {% data variables.product.product_name %}, you can add the {% data variables.product.product_name %} app to Okta, configure Okta as your IdP in {% data variables.product.product_name %}, and provision access for your Okta users and groups.
|
||||
|
||||
{% data reusables.saml.idp-saml-and-scim-explanation %}
|
||||
- "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams)"
|
||||
|
||||
After you enable SCIM, the following provisioning features are available for any users that you assign your {% data variables.product.product_name %} application to in Okta.
|
||||
|
||||
{% data reusables.scim.ghes-beta-note %}
|
||||
|
||||
The following provisioning features are available for all Okta users that you assign to your {% data variables.product.product_name %} application.
|
||||
|
||||
| Feature | Description |
|
||||
| --- | --- |
|
||||
| Push New Users | When you create a new user in Okta, the user is added to {% data variables.product.product_name %}. |
|
||||
| Push User Deactivation | When you deactivate a user in Okta, it will suspend the user from your enterprise on {% data variables.product.product_name %}. |
|
||||
| Push Profile Updates | When you update a user's profile in Okta, it will update the metadata for the user's membership in your enterprise on {% data variables.product.product_name %}. |
|
||||
| Reactivate Users | When you reactivate a user in Okta, it will unsuspend the user in your enterprise on {% data variables.product.product_name %}. |
|
||||
|
||||
For more information about managing identity and access for your enterprise on {% data variables.location.product_location %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam)."
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- To configure authentication and user provisioning for {% data variables.product.product_name %} using Okta, you must have an Okta account and tenant.
|
||||
|
||||
{%- ifversion scim-for-ghes %}
|
||||
- {% data reusables.saml.ghes-you-must-configure-saml-sso %}
|
||||
{%- endif %}
|
||||
|
||||
- {% data reusables.saml.create-a-machine-user %}
|
||||
|
||||
## Adding the {% data variables.product.product_name %} application in Okta
|
||||
|
||||
{% data reusables.saml.okta-ae-applications-menu %}
|
||||
{% data reusables.saml.okta-browse-app-catalog %}
|
||||
{%- ifversion ghae %}
|
||||
1. In the search field, type "GitHub AE", then click **GitHub AE** in the results.
|
||||
1. Click **Add**.
|
||||
1. For "Base URL", type the URL of your enterprise on {% data variables.product.product_name %}.
|
||||
1. Click **Done**.
|
||||
{%- elsif scim-for-ghes %}
|
||||
1. In the search field, type "GitHub Enterprise Server", then click **GitHub Enterprise Server** in the results.
|
||||
1. Click **Add**.
|
||||
1. For "Base URL", type the URL of {% data variables.location.product_location %}.
|
||||
1. Click **Done**.
|
||||
{% endif %}
|
||||
|
||||
## Enabling SAML SSO for {% data variables.product.product_name %}
|
||||
|
||||
To enable single sign-on (SSO) for {% data variables.product.product_name %}, you must configure {% data variables.product.product_name %} to use the sign-on URL, issuer URL, and public certificate provided by Okta. You can find these details in the Okta app for {% data variables.product.product_name %}.
|
||||
|
||||
{% data reusables.saml.okta-ae-applications-menu %}
|
||||
{% data reusables.saml.okta-click-on-the-app %}
|
||||
{% ifversion ghae %}
|
||||
{% data reusables.saml.okta-sign-on-tab %}
|
||||
{% data reusables.saml.okta-view-setup-instructions %}
|
||||
1. Take note of the "Sign on URL", "Issuer", and "Public certificate" details.
|
||||
1. Use the details to enable SAML SSO for your enterprise on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)."
|
||||
{% elsif scim-for-ghes %}
|
||||
{% data reusables.saml.okta-sign-on-tab %}
|
||||
1. Use the details to enable SAML SSO for {% data variables.location.product_location %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)."
|
||||
{%- endif %}
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** To test your SAML configuration from {% data variables.product.product_name %}, your Okta user account must be assigned to the {% data variables.product.product_name %} app.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
## Enabling API integration
|
||||
|
||||
The Okta app uses the REST API for {% data variables.product.product_name %} for SCIM provisioning. You can enable and test access to the API by configuring Okta with a {% data variables.product.pat_generic %} for {% data variables.product.product_name %}.
|
||||
|
||||
1. In {% data variables.product.product_name %}, generate a {% data variables.product.pat_v1 %} with the `admin:enterprise` scope. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)".
|
||||
{% data reusables.saml.okta-ae-applications-menu %}
|
||||
{% data reusables.saml.okta-click-on-the-app %}
|
||||
{% data reusables.saml.okta-ae-provisioning-tab %}
|
||||
1. Click **Configure API Integration**.
|
||||
1. Select **Enable API integration**.
|
||||
1. For "API Token", type the {% data variables.product.product_name %} {% data variables.product.pat_generic %} you generated previously.
|
||||
|
||||
1. Click **Test API Credentials**.
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** If you see `Error authenticating: No results for users returned`, confirm that you have enabled SSO for {% data variables.product.product_name %}. For more information see "[Enabling SAML SSO for {% data variables.product.product_name %}](#enabling-saml-sso-for-github-ae)."
|
||||
|
||||
{% endnote %}
|
||||
|
||||
## Configuring SCIM provisioning settings
|
||||
|
||||
This procedure demonstrates how to configure the SCIM settings for Okta provisioning. These settings define which features will be used when automatically provisioning Okta user accounts to {% data variables.product.product_name %}.
|
||||
|
||||
{% data reusables.saml.okta-ae-applications-menu %}
|
||||
{% data reusables.saml.okta-click-on-the-app %}
|
||||
{% data reusables.saml.okta-ae-provisioning-tab %}
|
||||
1. Under "Settings", click **To App**.
|
||||
1. To the right of "Provisioning to App", click **Edit**.
|
||||
1. To the right of "Create Users", select **Enable**.
|
||||
1. To the right of "Update User Attributes", select **Enable**.
|
||||
1. To the right of "Deactivate Users", select **Enable**.
|
||||
1. Click **Save**.
|
||||
|
||||
## Allowing Okta users and groups to access {% data variables.product.product_name %}
|
||||
|
||||
You can provision access to {% data variables.product.product_name %} for your individual Okta users, or for entire groups.
|
||||
|
||||
### Provisioning access for Okta users
|
||||
|
||||
Before your Okta users can use their credentials to sign in to {% data variables.product.product_name %}, you must assign the users to the Okta app for {% data variables.product.product_name %}.
|
||||
|
||||
{% data reusables.saml.okta-ae-applications-menu %}
|
||||
{% data reusables.saml.okta-click-on-the-app %}
|
||||
|
||||
1. Click **Assignments**.
|
||||
1. Select the **Assign** dropdown menu, then click **Assign to People**.
|
||||
1. To the right of the required user account, click **Assign**.
|
||||
1. To the right of "Role", select the dropdown menu, then click a role for the user.
|
||||
1. Click **Save and go back**.
|
||||
1. Click **Done**.
|
||||
|
||||
{% ifversion ghae %}
|
||||
|
||||
### Provisioning access for Okta groups
|
||||
|
||||
You can map your Okta group to a team in {% data variables.product.product_name %}. Members of the Okta group will then automatically become members of the mapped {% data variables.product.product_name %} team. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams)."
|
||||
{% endif %}
|
||||
|
||||
## Further reading
|
||||
|
||||
- [Understanding SAML](https://developer.okta.com/docs/concepts/saml/) in the Okta documentation
|
||||
- [Understanding SCIM](https://developer.okta.com/docs/concepts/scim/) in the Okta documentation
|
||||
@@ -5,7 +5,6 @@ intro: 'You can centrally manage {% ifversion ghes or ghae %}accounts and {% end
|
||||
versions:
|
||||
ghec: '*'
|
||||
ghes: '*'
|
||||
ghae: '*'
|
||||
redirect_from:
|
||||
- /github/setting-up-and-managing-your-enterprise/configuring-identity-and-access-management-for-your-enterprise-account
|
||||
- /admin/authentication/managing-identity-and-access-for-your-enterprise
|
||||
@@ -25,8 +24,6 @@ children:
|
||||
- /configuring-saml-single-sign-on-for-your-enterprise-using-okta
|
||||
- /disabling-saml-single-sign-on-for-your-enterprise
|
||||
- /configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad
|
||||
- /configuring-authentication-and-provisioning-for-your-enterprise-using-okta
|
||||
- /mapping-okta-groups-to-teams
|
||||
- /enabling-encrypted-assertions
|
||||
- /updating-a-users-saml-nameid
|
||||
- /switching-your-saml-configuration-from-an-organization-to-an-enterprise-account
|
||||
|
||||
@@ -1,77 +0,0 @@
|
||||
---
|
||||
title: Mapping Okta groups to teams
|
||||
shortTitle: Map Okta groups to teams
|
||||
intro: 'You can map your Okta groups to teams on {% data variables.product.prodname_ghe_managed %} to automatically add and remove team members.'
|
||||
permissions: 'Enterprise owners can configure authentication and provisioning for {% data variables.product.prodname_ghe_managed %}.'
|
||||
versions:
|
||||
ghae: '*'
|
||||
redirect_from:
|
||||
- /admin/authentication/configuring-authentication-and-provisioning-with-your-identity-provider/mapping-okta-groups-to-teams
|
||||
- /admin/identity-and-access-management/configuring-authentication-and-provisioning-with-your-identity-provider/mapping-okta-groups-to-teams
|
||||
type: how_to
|
||||
topics:
|
||||
- Accounts
|
||||
- Authentication
|
||||
- Enterprise
|
||||
- Identity
|
||||
- SSO
|
||||
---
|
||||
|
||||
{% data reusables.saml.okta-ae-sso-beta %}
|
||||
|
||||
## About team mapping
|
||||
|
||||
If you use Okta as your IdP, you can map your Okta group to a team in {% data variables.product.prodname_ghe_managed %}. Members of the Okta group will automatically become members of the mapped {% data variables.product.prodname_ghe_managed %} team. To configure this mapping, you can configure the Okta "GitHub AE" app to push the group and its members to {% data variables.product.prodname_ghe_managed %}. You can then choose which team in {% data variables.product.prodname_ghe_managed %} will be mapped to the Okta group.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
You or your Okta administrator must be a Global administrator or a Privileged Role administrator in Okta.
|
||||
|
||||
You must enable SAML single sign-on with Okta. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)."
|
||||
|
||||
You must authenticate to your enterprise account using SAML SSO and Okta. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on)."
|
||||
|
||||
## Assigning your Okta group to the "GitHub AE" app
|
||||
|
||||
1. In the Okta Dashboard, open your group's settings.
|
||||
1. Click **Manage Apps**.
|
||||
1. To the right of "GitHub AE", click **Assign**.
|
||||
1. Click **Done**.
|
||||
|
||||
## Pushing the Okta group to {% data variables.product.prodname_ghe_managed %}
|
||||
|
||||
When you push an Okta group and map the group to a team, all of the group's members will be able to sign in to {% data variables.product.prodname_ghe_managed %}.
|
||||
|
||||
{% data reusables.saml.okta-ae-applications-menu %}
|
||||
{% data reusables.saml.okta-ae-configure-app %}
|
||||
|
||||
1. Click **Push Groups**.
|
||||
1. Select the **Push Groups** dropdown menu and click **Find groups by name**.
|
||||
1. Under "Push groups by name", type the name of the group to push to {% data variables.product.prodname_ghe_managed %}, then click **Save**.
|
||||
|
||||
## Mapping a team to the Okta group
|
||||
|
||||
You can map a team in your enterprise to an Okta group you previously pushed to {% data variables.product.prodname_ghe_managed %}. Members of the Okta group will then automatically becomes members of the {% data variables.product.prodname_ghe_managed %} team. Any subsequent changes to the Okta group's membership are automatically synchronized with the {% data variables.product.prodname_ghe_managed %} team.
|
||||
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.user-settings.access_org %}
|
||||
{% data reusables.organizations.specific_team %}
|
||||
{% data reusables.organizations.team_settings %}
|
||||
1. Under "Identity Provider Group", select the drop-down menu and click an identity provider group.
|
||||
|
||||
1. Click **Save changes**.
|
||||
|
||||
## Checking the status of your mapped teams
|
||||
|
||||
Enterprise owners can use the site admin dashboard to check how Okta groups are mapped to teams on {% data variables.product.prodname_ghe_managed %}.
|
||||
|
||||
1. To access the dashboard, in the upper-right corner of any page, click {% octicon "rocket" aria-label="Site admin" %}.
|
||||
1. In the left pane, click **External groups**.
|
||||
1. To view more details about a group, in the list of external groups, click on a group.
|
||||
1. The group's details includes the name of the Okta group, a list of the Okta users that are members of the group, and the corresponding mapped team on {% data variables.product.prodname_ghe_managed %}.
|
||||
|
||||
## Viewing audit log events for mapped groups
|
||||
|
||||
To monitor SSO activity for mapped groups, you can review the `external_group` and `external_identity` events in the {% data variables.product.prodname_ghe_managed %} audit log.
|
||||
|
||||
For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization)."
|
||||
@@ -1,16 +0,0 @@
|
||||
---
|
||||
title: About data residency
|
||||
intro: 'You can choose the geography where {% data variables.product.product_name %} stores all customer data for your enterprise.'
|
||||
versions:
|
||||
ghae: '*'
|
||||
type: overview
|
||||
topics:
|
||||
- Enterprise
|
||||
- Fundamentals
|
||||
---
|
||||
|
||||
{% data reusables.github-ae.github-ae-enables-you %} You can choose the geography where you store all the customer data for {% data variables.location.product_location %}, and members of your enterprise can access {% data variables.product.product_name %} from anywhere in the world.
|
||||
|
||||
When creating your enterprise, you can tell {% data variables.contact.contact_enterprise_sales %} where to store your customer data. {% data variables.product.company_short %} will not store or move any of your enterprise's data outside of the geography you choose.
|
||||
|
||||
For more information about the available geographies, contact {% data variables.contact.contact_enterprise_sales %}.
|
||||
@@ -1,58 +0,0 @@
|
||||
---
|
||||
title: About GitHub AE
|
||||
intro: '{% data variables.product.prodname_ghe_managed %} is a security-enhanced and compliant way to use {% data variables.product.prodname_dotcom %} in the cloud.'
|
||||
versions:
|
||||
ghae: '*'
|
||||
type: overview
|
||||
topics:
|
||||
- Enterprise
|
||||
- Fundamentals
|
||||
---
|
||||
|
||||
## About {% data variables.product.prodname_ghe_managed %}
|
||||
|
||||
{% data reusables.github-ae.github-ae-enables-you %} {% data variables.product.prodname_ghe_managed %} is fully managed, reliable, and scalable, allowing you to accelerate delivery while improving your risk and compliance posture.
|
||||
|
||||
{% data variables.product.prodname_ghe_managed %} offers one developer platform from idea to production. You can increase development velocity with the tools that teams know and love, while you maintain industry and regulatory compliance with security and access controls, workflow automation, and policy enforcement.
|
||||
|
||||
## A highly available and planet-scale cloud
|
||||
|
||||
{% data variables.product.prodname_ghe_managed %} is a fully managed service, hosted in a high availability architecture. {% data variables.product.prodname_ghe_managed %} is hosted globally in a cloud that can scale to support your full development lifecycle without limits. {% data variables.product.prodname_dotcom %} fully manages backups, failover, and disaster recovery, so you never need to worry about your service or data.
|
||||
|
||||
## Data residency
|
||||
|
||||
All of your data is stored within the geographic region of your choosing. You can comply with GDPR data residency requirements and global data protection standards by keeping all of your data within your chosen region.
|
||||
|
||||
## Isolated accounts
|
||||
|
||||
By default, all developer accounts on {% data variables.product.product_name %} are fully isolated from other services, including products from {% data variables.product.company_short %}. You can control the accounts through your identity provider, with SAML single sign-on as mandatory. SCIM enables you to ensure that employees only have access to the resources they should, as defined in your central identity management system. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam)."
|
||||
|
||||
Optionally, enterprise owners can enable limited integration between {% data variables.product.product_name %} and {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/about-github-connect)."
|
||||
|
||||
## Restricted network access
|
||||
|
||||
Secure access to your enterprise on {% data variables.product.prodname_ghe_managed %} with restricted network access, so that your data can only be accessed from within your network. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list)."
|
||||
|
||||
## Commercial and government environments
|
||||
|
||||
{% data variables.product.prodname_ghe_managed %} is available in the Azure Government cloud, the trusted cloud for US government agencies and their partners. {% data variables.product.prodname_ghe_managed %} is also available in the commercial cloud, so you can choose the hosting environment that is right for your organization.
|
||||
|
||||
## Compliance accreditations
|
||||
|
||||
{% data variables.product.company_short %} continues to invest in security best practices to make sure your data is safe, your developers are productive, and your team can focus on solving problems. As part of that commitment to security, {% data variables.product.prodname_ghe_managed %} maintains compliance with the following accreditations.
|
||||
|
||||
- FedRAMP High Authorization to Operate (ATO)
|
||||
- SOC 1, SOC 2 Type II, and SOC 3
|
||||
- ISO/IEC certifications
|
||||
- ISO/IEC 27001:2013
|
||||
- ISO/IEC 27701:2019
|
||||
- ISO/IEC 9001:2015
|
||||
- ISO/IEC 22301:2019
|
||||
- ISO/IEC 27018:2014
|
||||
- ISO/IEC 20000-1:2018
|
||||
- ISO/IEC 27017:2015
|
||||
|
||||
## Further reading
|
||||
|
||||
- "[AUTOTITLE](/get-started/learning-about-github/about-versions-of-github-docs)"
|
||||
- "[AUTOTITLE](/support/contacting-github-support)"
|
||||
@@ -1,65 +0,0 @@
|
||||
---
|
||||
title: Deploying GitHub AE
|
||||
intro: 'You can deploy {% data variables.product.product_name %} to an available Azure region.'
|
||||
versions:
|
||||
ghae: '*'
|
||||
topics:
|
||||
- Accounts
|
||||
- Enterprise
|
||||
type: how_to
|
||||
shortTitle: Deploy GitHub AE
|
||||
redirect_from:
|
||||
- /get-started/signing-up-for-github/setting-up-a-trial-of-github-ae
|
||||
- /admin/configuration/configuring-your-enterprise/deploying-github-ae
|
||||
---
|
||||
|
||||
## About deployment of {% data variables.product.product_name %}
|
||||
|
||||
{% data reusables.github-ae.github-ae-enables-you %} For more information, see "[AUTOTITLE](/admin/overview/about-github-ae)."
|
||||
|
||||
After you purchase or start a trial of {% data variables.product.product_name %}, you can deploy {% data variables.product.product_name %} to an available Azure region. This guide refers to the Azure resource that contains the deployment of {% data variables.product.product_name %} as the {% data variables.product.product_name %} account. You'll use the Azure portal at [https://portal.azure.com](https://portal.azure.com) to deploy the {% data variables.product.product_name %} account.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
You must have permission to perform the `/register/action` operation for the resource provider in Azure. The permission is included in the `Contributor` and `Owner` roles. For more information, see [Azure resource providers and types](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in the Microsoft documentation.
|
||||
|
||||
## Deploying {% data variables.product.product_name %} with the {% data variables.actions.azure_portal %}
|
||||
|
||||
The {% data variables.actions.azure_portal %} allows you to deploy the {% data variables.product.product_name %} account in your Azure resource group.
|
||||
|
||||
1. Click one of the following two links to begin deployment of {% data variables.product.product_name %}. The link you should click depends on the Azure cloud where you plan to deploy {% data variables.product.product_name %}. For more information about Azure Government, see [What is Azure Government?](https://docs.microsoft.com/en-us/azure/azure-government/documentation-government-welcome) in the Microsoft documentation.
|
||||
|
||||
- [Deploy {% data variables.product.product_name %} to Azure Commercial](https://aka.ms/create-github-ae-instance)
|
||||
- [Deploy {% data variables.product.product_name %} to Azure Government](https://aka.ms/create-github-ae-instance-gov)
|
||||
1. To begin the process of adding a new {% data variables.product.product_name %} account, click **Create GitHub AE account**.
|
||||
1. Complete the "Project details" and "Instance details" fields.
|
||||
- **Account name:** The hostname for your enterprise
|
||||
- **Administrator username:** A username for the initial enterprise owner that will be created in {% data variables.product.product_name %}
|
||||
- **Administrator email:** The email address that will receive the login information
|
||||
1. To review a summary of the proposed changes, click **Review + create**.
|
||||
1. After the validation process has completed, click **Create**.
|
||||
|
||||
The email address you entered above will receive instructions on how to access your enterprise. After you have access, you can get started by following the initial setup steps. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/initializing-github-ae)."
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** Software updates for your {% data variables.product.product_name %} deployment are performed by {% data variables.product.prodname_dotcom %}. For more information, see "[AUTOTITLE](/admin/overview/about-upgrades-to-new-releases)."
|
||||
|
||||
{% endnote %}
|
||||
|
||||
## Navigating to your enterprise
|
||||
|
||||
You can use the {% data variables.actions.azure_portal %} to navigate to your {% data variables.product.product_name %} deployment. The resulting list includes all the {% data variables.product.product_name %} deployments in your Azure region.
|
||||
|
||||
1. On the {% data variables.actions.azure_portal %}, in the left panel, click **All resources**.
|
||||
1. From the available filters, click **All types**, then deselect **Select all** and select **GitHub AE**:
|
||||
|
||||
## Next steps
|
||||
|
||||
- Once your deployment has been provisioned, the next step is to initialize {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/initializing-github-ae)."
|
||||
- If you're trying {% data variables.product.product_name %}, you can upgrade to a full license at any time during the trial period by contacting contact {% data variables.contact.contact_enterprise_sales %}. If you haven't upgraded by the last day of your trial, then the deployment is automatically deleted. If you need more time to evaluate {% data variables.product.product_name %}, contact {% data variables.contact.contact_enterprise_sales %} to request an extension.
|
||||
|
||||
## Further reading
|
||||
|
||||
- "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security#enabling-advanced-security-features-on-github-ae)"
|
||||
- "[AUTOTITLE](/admin/release-notes)"
|
||||
@@ -6,18 +6,13 @@ redirect_from:
|
||||
versions:
|
||||
ghec: '*'
|
||||
ghes: '*'
|
||||
ghae: '*'
|
||||
children:
|
||||
- /about-github-for-enterprises
|
||||
- /about-github-enterprise-cloud
|
||||
- /setting-up-a-trial-of-github-enterprise-cloud
|
||||
- /about-github-enterprise-server
|
||||
- /setting-up-a-trial-of-github-enterprise-server
|
||||
- /about-github-ae
|
||||
- /about-upgrades-to-new-releases
|
||||
- /about-data-residency
|
||||
- /deploying-github-ae
|
||||
- /initializing-github-ae
|
||||
- /about-enterprise-accounts
|
||||
- /system-overview
|
||||
- /about-the-github-enterprise-api
|
||||
|
||||
@@ -1,102 +0,0 @@
|
||||
---
|
||||
title: Initializing GitHub AE
|
||||
intro: 'To get your enterprise ready to use, you can complete the initial configuration of {% data variables.product.product_name %}.'
|
||||
versions:
|
||||
ghae: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Enterprise
|
||||
redirect_from:
|
||||
- /admin/configuration/initializing-github-ae
|
||||
- /enterprise-server@latest/admin/configuration/configuring-your-enterprise/initializing-github-ae
|
||||
- /admin/configuration/configuring-your-enterprise/initializing-github-ae
|
||||
---
|
||||
## About initialization
|
||||
|
||||
Before you can initialize your enterprise, you must purchase {% data variables.product.product_name %}. For more information, contact {% data variables.contact.contact_enterprise_sales %}.
|
||||
|
||||
{% data reusables.github-ae.initialize-enterprise %} Make sure the information you provide matches the intended enterprise owner's information in the IdP. For more information about enterprise owners, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise#enterprise-owner)."
|
||||
|
||||
{% note %}
|
||||
|
||||
**Notes**:
|
||||
|
||||
- If the initial password for {% data variables.product.prodname_ghe_managed %} expires before you finish initialization, you can request a password reset at any time from your invitation email.
|
||||
|
||||
- Store the initial username and password for {% data variables.product.prodname_ghe_managed %} securely in a password manager. {% data reusables.saml.contact-support-if-your-idp-is-unavailable %}
|
||||
|
||||
{% endnote %}
|
||||
|
||||
During initialization, the enterprise owner will name your enterprise, configure SAML SSO, create policies for all organizations in your enterprise, and configure a support contact for your users.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
To begin initialization, you will receive an invitation email from {% data variables.product.company_short %}. Before you configure {% data variables.product.prodname_ghe_managed %}, review the following prerequisites.
|
||||
|
||||
To initialize {% data variables.location.product_location %}, you must have a SAML identity provider (IdP). {% data reusables.saml.ae-uses-saml-sso %} To connect your IdP to your enterprise during initialization, you should have your IdP's Entity ID (SSO) URL, Issuer ID URL, and public signing certificate (Base64-encoded). For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam)."
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note**: {% data reusables.saml.create-a-machine-user %}
|
||||
|
||||
{% endnote %}
|
||||
|
||||
## Signing in and naming your enterprise
|
||||
|
||||
1. Follow the instructions in your welcome email to reach your enterprise.
|
||||
1. Type your credentials under "Change password", then click **Change password**.
|
||||
1. Under "What would you like your enterprise account to be named?", type the enterprise's name, then click **Save and continue**.
|
||||
|
||||
## Connecting your IdP to your enterprise
|
||||
|
||||
To configure authentication for {% data variables.product.product_name %}, you must provide {% data variables.product.product_name %} with the details for your SAML IdP. {% data variables.product.company_short %} recommends using Azure AD as your IdP. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam)."
|
||||
|
||||
1. To the right of "Set up your identity provider", click **Configure**.
|
||||
1. Under "Sign on URL", copy and paste the URL for your SAML IdP.
|
||||
1. Under "Issuer", copy and paste the issuer URL for your SAML IdP.
|
||||
1. Under "Public certificate", copy and paste the public certificate for your SAML IdP.
|
||||
1. Click **Test SAML configuration** to ensure that the information you've entered is correct.
|
||||
1. Click **Save**.
|
||||
1. {% data reusables.saml.assert-the-administrator-attribute %}
|
||||
|
||||
## Setting your enterprise policies
|
||||
|
||||
Configuring policies will set limitations for repository and organization management for your enterprise. These can be reconfigured after the initialization process.
|
||||
|
||||
1. To the right of "Set your enterprise policies", click **Configure**.
|
||||
1. Under "Default Repository Permissions", select the drop-down menu and click a default permissions level for repositories in your enterprise. If a person has multiple avenues of access to an organization, either individually, through a team, or as an organization member, the highest permission level overrides any lower permission levels. Optionally, to allow organizations within your enterprise to set their default repository permissions, click **No policy**
|
||||
1. Under "Repository creation", choose whether you want to allow members to create repositories. Optionally, to allow organizations within your enterprise to set permissions, click **No policy**.
|
||||
1. Under "Repository forking", choose whether to allow forking of private and internal repositories. Optionally, to allow organizations within your enterprise to set permissions, click **No policy**
|
||||
1. Under "Repository invitations", choose whether members or organization owners can invite collaborators to repositories. Optionally, to allow organizations within your enterprise to set permissions, click **No policy**
|
||||
1. Under "Default repository visibility", select the drop-down menu and click the default visibility setting for new repositories.
|
||||
1. Under "Users can create organizations", select the drop-down menu to enable or disable organization creation access for members of the enterprise.
|
||||
1. Under "Force pushes", select the drop-down menu and choose whether to allow or block force pushes.
|
||||
1. Under "Git SSH access", select the drop-down menu and choose whether to enable Git SSH access for all repositories in the enterprise.
|
||||
1. Optionally, to reset all selections, click "Reset to default policies".
|
||||
1. Click **Save**.
|
||||
|
||||
## Setting your internal support contact
|
||||
|
||||
You can configure the method your users will use to contact your internal support team. This can be reconfigured after the initialization process.
|
||||
|
||||
1. To the right of "Internal support contact", click **Configure**.
|
||||
1. Under "Internal support contact", select the method for users of your enterprise to contact support, through a URL or an e-mail address. Then, type the support contact information.
|
||||
1. Click **Save**.
|
||||
|
||||
## Setting your email settings
|
||||
|
||||
Once this is initialized, you can reconfigure any settings after the initialization process. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications)."
|
||||
|
||||
1. To the right of "Configure email settings", click **Configure**.
|
||||
1. Select **Enable email**. This will enable both outbound and inbound email, however, for inbound email to work you will also need to configure your DNS settings. For more information, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications#configuring-dns-and-firewall-settings-to-allow-incoming-emails)."
|
||||
1. Complete your email server settings:
|
||||
- In the **Server address** field, type the address of your SMTP server.
|
||||
- In the **Port** field, type the port that your SMTP server uses to send email.
|
||||
- In the **Domain** field, type the domain name that your SMTP server will send with a HELO response, if any.
|
||||
- In the **Authentication** dropdown, choose the type of encryption used by your SMTP server.
|
||||
- In the **No-reply email address** field, type the email address to use in the From and To fields for all notification emails.
|
||||
|
||||
1. If you want to discard all incoming emails that are addressed to the no-reply email address, select **Discard email addressed to the no-reply email address**.
|
||||
1. Click **Test email settings**.
|
||||
1. Under "Send test email to," type the email address where you want to send a test email, then click **Send test email**.
|
||||
1. Click **Save**.
|
||||
Reference in New Issue
Block a user