From 580d8fed389d307c16dc0803dff904a3e4a67c4e Mon Sep 17 00:00:00 2001 From: Laura Coursen Date: Fri, 17 Dec 2021 08:35:42 -0600 Subject: [PATCH] Enterprise bug fixes for the week of 2021-12-13 (#23803) --- .../using-saml.md | 9 +++++++++ ...g-github-enterprise-server-with-a-load-balancer.md | 4 ++-- .../site-admin-dashboard.md | 4 ++-- ...r-enterprise-account-to-github-enterprise-cloud.md | 11 +++++++++-- .../installing-github-enterprise-server-on-azure.md | 2 +- .../dormant-user-activity-threshold.md | 2 +- data/reusables/saml/saml-accounts.md | 8 +++++++- 7 files changed, 31 insertions(+), 9 deletions(-) diff --git a/content/admin/authentication/authenticating-users-for-your-github-enterprise-server-instance/using-saml.md b/content/admin/authentication/authenticating-users-for-your-github-enterprise-server-instance/using-saml.md index 33cd83f62b..e3c6192362 100644 --- a/content/admin/authentication/authenticating-users-for-your-github-enterprise-server-instance/using-saml.md +++ b/content/admin/authentication/authenticating-users-for-your-github-enterprise-server-instance/using-saml.md @@ -71,6 +71,15 @@ These attributes are available. You can change the attribute names in the [manag | `public_keys` | Optional | The public SSH keys for the user. More than one can be specified. | | `gpg_keys` | Optional | The GPG keys for the user. More than one can be specified. | +To specify more than one value for an attribute, use multiple `` elements. + +``` + + ssh-rsa LONG KEY + ssh-rsa LONG KEY 2 + +``` + ## Configuring SAML settings {% data reusables.enterprise_site_admin_settings.access-settings %} diff --git a/content/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md b/content/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md index b720b6c9a0..35573b2ad4 100644 --- a/content/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md +++ b/content/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md @@ -31,6 +31,8 @@ Because client connections to {% data variables.product.prodname_ghe_server %} c {% data reusables.enterprise_clustering.proxy_xff_firewall_warning %} +{% data reusables.enterprise_installation.terminating-tls %} + ### Enabling PROXY protocol support on {% data variables.product.product_location %} We strongly recommend enabling PROXY protocol support for both your appliance and the load balancer. Use the instructions provided by your vendor to enable the PROXY protocol on your load balancer. For more information, see [the PROXY protocol documentation](http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt). @@ -50,8 +52,6 @@ We strongly recommend enabling PROXY protocol support for both your appliance an {% data reusables.enterprise_clustering.x-forwarded-for %} -{% data reusables.enterprise_installation.terminating-tls %} - {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} {% data reusables.enterprise_management_console.privacy %} diff --git a/content/admin/configuration/configuring-your-enterprise/site-admin-dashboard.md b/content/admin/configuration/configuring-your-enterprise/site-admin-dashboard.md index 36e474e3e2..9cb3ba1b65 100644 --- a/content/admin/configuration/configuring-your-enterprise/site-admin-dashboard.md +++ b/content/admin/configuration/configuring-your-enterprise/site-admin-dashboard.md @@ -56,8 +56,8 @@ If you need to get information on the users, organizations, and repositories in Specifically, you can download CSV reports that list - all users -- all users who have been active within the last month -- all users who have been inactive for one month or more +- all active users +- all [dormant users](/admin/user-management/managing-dormant-users) - all users who have been suspended - all organizations - all repositories diff --git a/content/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud.md b/content/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud.md index ac01707283..19a5c2f5bb 100644 --- a/content/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud.md +++ b/content/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud.md @@ -10,7 +10,6 @@ redirect_from: - /enterprise/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud - /admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud - /admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/connecting-github-enterprise-server-to-github-enterprise-cloud -permissions: 'Enterprise owners who are also owners of a {% data variables.product.prodname_ghe_cloud %} organization or enterprise account can enable {% data variables.product.prodname_github_connect %}.' versions: ghes: '*' ghae: '*' @@ -60,6 +59,12 @@ Enabling {% data variables.product.prodname_github_connect %} will not allow {% For more information about managing enterprise accounts using the GraphQL API, see "[Enterprise accounts](/graphql/guides/managing-enterprise-accounts)." ## Enabling {% data variables.product.prodname_github_connect %} +Enterprise owners who are also owners of an organization or enterprise account that uses {% data variables.product.prodname_ghe_cloud %} can enable {% data variables.product.prodname_github_connect %}. + +If you're connecting {% data variables.product.product_location %} to an organization on {% data variables.product.prodname_dotcom_the_website %} that is not owned by an enterprise account, you must enable {% data variables.product.prodname_github_connect %} with a personal account on {% data variables.product.prodname_dotcom_the_website %} that is an owner of the organization. + +If you're connecting {% data variables.product.product_location %} to an organization on {% data variables.product.prodname_dotcom_the_website %} that is owned by an enterprise account or to an enterprise account itself, you must enable {% data variables.product.prodname_github_connect %} with a personal account on {% data variables.product.prodname_dotcom_the_website %} that is an owner of the enterprise account. + {% ifversion ghes %} 1. Sign in to {% data variables.product.product_location %} and {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.enterprise-accounts.access-enterprise %}{% ifversion ghes < 3.1 %}{% data reusables.enterprise-accounts.settings-tab %}{% endif %}{% data reusables.enterprise-accounts.github-connect-tab %}{% else %} @@ -73,7 +78,9 @@ For more information about managing enterprise accounts using the GraphQL API, s 1. Next to the enterprise account or organization you'd like to connect, click **Connect**. ![Connect button next to an enterprise account or business](/assets/images/enterprise/business-accounts/choose-enterprise-or-org-connect.png) -## Disconnecting a {% data variables.product.prodname_ghe_cloud %} organization or enterprise account from your enterprise account +## Disabling {% data variables.product.prodname_github_connect %} + +Enterprise owners can disable {% data variables.product.prodname_github_connect %}. When you disconnect from {% data variables.product.prodname_ghe_cloud %}, the {% data variables.product.prodname_github_connect %} {% data variables.product.prodname_github_app %} is deleted from your enterprise account or organization and credentials stored on {% data variables.product.product_location %} are deleted. diff --git a/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md b/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md index 514b440f73..748685a4e0 100644 --- a/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md +++ b/content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md @@ -62,7 +62,7 @@ Before launching {% data variables.product.product_location %} on Azure, you'll {% data reusables.enterprise_installation.necessary_ports %} -4. Create and attach a new unencrypted data disk to the VM, and configure the size based on your user license count. For more information, see "[az vm disk attach](https://docs.microsoft.com/cli/azure/vm/disk?view=azure-cli-latest#az_vm_disk_attach)" in the Microsoft documentation. +4. Create and attach a new managed data disk to the VM, and configure the size based on your license count. All Azure managed disks created since June 10, 2017 are encrypted at rest by default with Storage Service Encryption (SSE). For more information about the `az vm disk attach` command, see "[az vm disk attach](https://docs.microsoft.com/cli/azure/vm/disk?view=azure-cli-latest#az_vm_disk_attach)" in the Microsoft documentation. Pass in options for the name of your VM (for example, `ghe-acme-corp`), the resource group, the premium storage SKU, the size of the disk (for example, `100`), and a name for the resulting VHD. diff --git a/data/reusables/enterprise-accounts/dormant-user-activity-threshold.md b/data/reusables/enterprise-accounts/dormant-user-activity-threshold.md index b78499d214..534d9c25e0 100644 --- a/data/reusables/enterprise-accounts/dormant-user-activity-threshold.md +++ b/data/reusables/enterprise-accounts/dormant-user-activity-threshold.md @@ -1 +1 @@ -A user account is considered to be dormant if it has not been active for {% ifversion ghec %}90 days{% else %}at least a month{% endif %}.{% ifversion ghes %} You may choose to suspend dormant users to release user licenses.{% endif %} +{% ifversion not ghec%}By default, a{% else %}A{% endif %} user account is considered to be dormant if it has not been active for 90 days. {% ifversion not ghec %}You can configure the length of time a user must be inactive to be considered dormant{% ifversion ghes%} and choose to suspend dormant users to release user licenses{% endif %}.{% endif %} diff --git a/data/reusables/saml/saml-accounts.md b/data/reusables/saml/saml-accounts.md index f6121c8a99..e0536a6b79 100644 --- a/data/reusables/saml/saml-accounts.md +++ b/data/reusables/saml/saml-accounts.md @@ -1 +1,7 @@ -If you configure SAML SSO, members of your organization will continue to log into their user accounts on {% data variables.product.prodname_dotcom_the_website %}. When a member accesses resources within your organization that uses SAML SSO, {% data variables.product.prodname_dotcom %} redirects the member to your IdP to authenticate. After successful authentication, your IdP redirects the member back to {% data variables.product.prodname_dotcom %}, where the member can access your organization's resources. +If you configure SAML SSO, members of your organization will continue to log into their user accounts on {% data variables.product.prodname_dotcom_the_website %}. When a member accesses non-public resources within your organization that uses SAML SSO, {% data variables.product.prodname_dotcom %} redirects the member to your IdP to authenticate. After successful authentication, your IdP redirects the member back to {% data variables.product.prodname_dotcom %}, where the member can access your organization's resources. + +{% note %} + +**Note:** Organization members can perform read operations such as viewing, cloning, and forking on public resources owned by your organization even without a valid SAML session. + +{% endnote %} \ No newline at end of file