Update 2FA docs for GHES 3.17 changes related to members_without_2fa_enabled (#55047)
Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
This commit is contained in:
Maya Messinger
BIN
assets/images/help/2fa/ghes-filter-org-members-by-2fa.png
Normal file
BIN
assets/images/help/2fa/ghes-filter-org-members-by-2fa.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 205 KiB |
@@ -41,8 +41,8 @@ Before you require use of two-factor authentication, we recommend notifying orga
|
||||
{% data reusables.two_fa.ghes_ntp %}
|
||||
|
||||
> [!WARNING]
|
||||
> * When you require two-factor authentication for your enterprise, outside collaborators (including bot accounts) in all organizations owned by your enterprise who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable 2FA for their account within three months of their removal from your organization. For more information, see [AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
|
||||
> * Any outside collaborator in any of the organizations owned by your enterprise who disables 2FA for their account after you've enabled required two-factor authentication will automatically be removed from the organization. Members and billing managers who disable 2FA will not be able to access organization resources until they re-enable it.
|
||||
> * When you require two-factor authentication for your enterprise, {% ifversion ghes < 3.17 %}members and {% endif %}outside collaborators (including bot accounts) in all organizations owned by your enterprise who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable 2FA for their account within three months of their removal from your organization. For more information, see [AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
|
||||
> * Any {% ifversion ghes < 3.17 %}member or {% endif %}outside collaborator in any of the organizations owned by your enterprise who disables 2FA for their account after you've enabled required two-factor authentication will automatically be removed from the organization. Members {% ifversion fpt or ghes %}and billing managers{% endif %} who disable 2FA will not be able to access organization resources until they re-enable it.
|
||||
> * If you're the sole owner of an enterprise that requires two-factor authentication, you won't be able to disable 2FA for your user account without disabling required 2FA for the enterprise.
|
||||
|
||||
{% ifversion mandatory-2fa-dotcom-contributors %}
|
||||
@@ -58,7 +58,7 @@ Before you require use of two-factor authentication, we recommend notifying orga
|
||||
1. Under "Two-factor authentication", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
|
||||
1. Under "Two-factor authentication", select **Require two-factor authentication for the enterprise and all of its organizations**, then click **Save**.
|
||||
1. If prompted, read the information about how user access to organization resources will be affected by a 2FA requirement. To confirm the change, click **Confirm**.
|
||||
1. Optionally, if any outside collaborators are removed from the organizations owned by your enterprise, we recommend sending them an invitation to reinstate their former privileges and access to your organization. Each person must enable 2FA before they can accept your invitation.
|
||||
1. Optionally, if any {% ifversion ghes < 3.17 %}members or {% endif %}outside collaborators are removed from the organizations owned by your enterprise, we recommend sending them an invitation to reinstate their former privileges and access to your organization. Each person must enable 2FA before they can accept your invitation.
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
|
||||
|
||||
@@ -24,16 +24,24 @@ For more information, see [AUTOTITLE](/authentication/securing-your-account-with
|
||||
|
||||
## Requirements for enforcing two-factor authentication
|
||||
|
||||
Before you can require organization members and outside collaborators to use 2FA, you must [enable two-factor authentication](/authentication/securing-your-account-with-two-factor-authentication-2fa) for your own personal account.
|
||||
Before you can require organization members and outside collaborators to use two-factor authentication, you must [enable 2FA](/authentication/securing-your-account-with-two-factor-authentication-2fa) for your own personal account.
|
||||
|
||||
Before you require use of two-factor authentication, we recommend notifying organization members and outside collaborators and asking them to set up 2FA for their accounts. You can [see if members and outside collaborators already use 2FA](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/viewing-whether-users-in-your-organization-have-2fa-enabled) on an organization's People tab.
|
||||
Before you require use of 2FA, we recommend notifying organization members and outside collaborators and asking them to set up 2FA for their accounts. You can [see if members and outside collaborators already use 2FA](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/viewing-whether-users-in-your-organization-have-2fa-enabled) on an organization's People tab.
|
||||
|
||||
{% data reusables.two_fa.ghes_ntp %}
|
||||
|
||||
{% ifversion ghes < 3.17 %}
|
||||
> [!WARNING]
|
||||
> * When you require two-factor authentication, members and outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can reinstate their access privileges and settings, see [AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
|
||||
> * When you require 2FA, members and outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can reinstate their access privileges and settings, see [AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
|
||||
> * When 2FA is required, organization members or outside collaborators who disable 2FA will automatically be removed from the organization.
|
||||
> * If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization.
|
||||
> * If you're the sole owner of an organization that requires 2FA, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization.
|
||||
{% else %}
|
||||
> [!WARNING]
|
||||
> * When you require 2FA, members who do not use 2FA will not be able to access your enterprise resources until they enable 2FA on their account. They will retain membership even without 2FA, including occupying seats in your enterprise and organizations.
|
||||
> * When your require 2FA, outside collaborators (including bot accounts) who do not use 2FA will be removed from the enterprise and its organization and lose access to repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can [reinstate their access privileges and settings](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
|
||||
> * When 2FA is required, outside collaborators who disable 2FA will automatically be removed from the enterprise and its organizations. Members who disable 2FA will not be able to access your enterprise and organization resources until they re-enable it.
|
||||
> * If you're the sole owner of an organization that requires 2FA, you won't be able to disable 2FA for your personal account without disabling required 2FA for the organization.
|
||||
{% endif %}
|
||||
|
||||
## Requiring two-factor authentication for an organization
|
||||
|
||||
|
||||
@@ -57,7 +57,7 @@ You can also remove an administrator. For more information. see [AUTOTITLE](/adm
|
||||
|
||||
You can see all the current members for your enterprise. You can see useful information about each account and filter the list in useful ways, such as by role. In addition to the list of members, you will see an overview of the number of members in your enterprise, grouped by role{% ifversion ghec %}, type of license, and type of deployment{% endif %}.
|
||||
|
||||
You can find a specific person by searching for the person's username or display name. To view more information about the person's access to your enterprise, such as the organizations the person belongs to, you can click the person's name.
|
||||
You can find a specific person by searching for the person's username or display name. To view more information about the person's access to your enterprise, such as the organizations the person belongs to, you can select the person's name.
|
||||
|
||||
{% ifversion remove-enterprise-members %}
|
||||
You can also remove any enterprise member from all organizations owned by the enterprise. For more information, see [AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise).
|
||||
@@ -66,7 +66,7 @@ You can also remove any enterprise member from all organizations owned by the en
|
||||
{% data reusables.enterprise-accounts.access-enterprise %}
|
||||
{% data reusables.enterprise-accounts.people-tab %}
|
||||
{% ifversion enterprise-member-csv %}
|
||||
1. Optionally, to export the list of members as a CSV report, click **CSV report**. For more information about the information included in the report, see [AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/exporting-membership-information-for-your-enterprise).{% endif %}
|
||||
1. Optionally, to export the list of members as a CSV report, select **CSV report**. For more information about the information included in the report, see [AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/exporting-membership-information-for-your-enterprise).{% endif %}
|
||||
|
||||
### About the membership overview
|
||||
|
||||
@@ -130,11 +130,11 @@ If you use {% data variables.product.prodname_emus %}, verify a domain, or confi
|
||||
|
||||
You can see all the current outside collaborators for your enterprise. You can see useful information about each collaborator and filter the list in useful ways, such as by organization. You can find a specific collaborator by searching for their username or display name.
|
||||
|
||||
You can view more information about the person's access to your enterprise, such as a list of all the repositories the collaborator has access to, by clicking on the person's name.
|
||||
You can view more information about the person's access to your enterprise, such as a list of all the repositories the collaborator has access to, by selecting the person's name.
|
||||
|
||||
{% data reusables.enterprise-accounts.access-enterprise %}
|
||||
{% data reusables.enterprise-accounts.people-tab %}
|
||||
1. Under "People", click **Outside collaborators**.
|
||||
1. Under "People", select **Outside collaborators**.
|
||||
|
||||
{% ifversion ghec %}
|
||||
|
||||
@@ -151,11 +151,11 @@ If you use {% data variables.visual_studio.prodname_vss_ghe %}, the list of pend
|
||||
|
||||
{% data reusables.enterprise-accounts.access-enterprise %}
|
||||
{% data reusables.enterprise-accounts.people-tab %}
|
||||
1. Under "People", click **Invitations**.
|
||||
1. Optionally, you can cancel all invitations for an account to join organizations owned by your enterprise. To the right of the account, click {% octicon "kebab-horizontal" aria-label="Show actions" %}, then click **Cancel invitation**.
|
||||
1. Under "People", select **Invitations**.
|
||||
1. Optionally, you can cancel all invitations for an account to join organizations owned by your enterprise. To the right of the account, select {% octicon "kebab-horizontal" aria-label="Show actions" %}, then select **Cancel invitation**.
|
||||
|
||||
|
||||
1. Optionally, you can view pending invitations for enterprise administrators or outside collaborators. Under "Invitations", click **Administrators** or **Outside collaborators**.
|
||||
1. Optionally, you can view pending invitations for enterprise administrators or outside collaborators. Under "Invitations", select **Administrators** or **Outside collaborators**.
|
||||
1. Optionally, to filter the list of pending invitations by license, by organization, or by source, use the dropdown menus at the top of the list.
|
||||
|
||||
|
||||
@@ -168,7 +168,7 @@ If your enterprise uses {% ifversion ghec %}{% data variables.product.prodname_e
|
||||
|
||||
{% data reusables.enterprise-accounts.access-enterprise %}
|
||||
{% data reusables.enterprise-accounts.people-tab %}
|
||||
1. Under "People", click **Suspended**.
|
||||
1. Under "People", select **Suspended**.
|
||||
|
||||
## Viewing dormant users
|
||||
|
||||
@@ -180,11 +180,11 @@ You can view a list of all dormant users {% ifversion ghes %} who have not been
|
||||
|
||||
{% data reusables.enterprise-accounts.access-enterprise %}
|
||||
1. Under "Organizations", in the search bar, begin typing the organization's name until it appears in the search results.
|
||||
1. Click the name of the organization.
|
||||
1. Above the organization name, click **{% octicon "person" aria-hidden="true" %} People**.
|
||||
1. Select the name of the organization.
|
||||
1. Above the organization name, select **{% octicon "person" aria-hidden="true" %} People**.
|
||||
|
||||
|
||||
1. Above the list of members, click **Type**, then select the type of members you want to view.
|
||||
1. Above the list of members, select **Type**, then select the type of members you want to view.
|
||||
|
||||
|
||||
{% ifversion scim-for-ghes-public-beta %}
|
||||
@@ -210,7 +210,7 @@ You can view a list of members in your enterprise who don't have an email addres
|
||||
{% data reusables.enterprise-accounts.access-enterprise %}
|
||||
{% data reusables.enterprise-accounts.settings-tab %}
|
||||
{% data reusables.enterprise-accounts.verified-domains-tab %}
|
||||
1. Under "Notification preferences", click the **{% octicon "eye" aria-hidden="true" %} View enterprise members without an approved or verified domain email** link.
|
||||
1. Under "Notification preferences", select the **{% octicon "eye" aria-hidden="true" %} View enterprise members without an approved or verified domain email** link.
|
||||
|
||||
## Viewing whether members in your enterprise have 2FA enabled
|
||||
|
||||
@@ -220,7 +220,7 @@ You can see which people in your enterprise have enabled two-factor authenticati
|
||||
|
||||
{% data reusables.enterprise-accounts.access-enterprise %}
|
||||
{% data reusables.enterprise-accounts.people-tab %}
|
||||
1. To view the two-factor authentication security levels of enterprise members, on the right, select **Two-factor authentication**, then click **Secure**, **Insecure**, or **Disabled**.
|
||||
1. To view the two-factor authentication security levels of enterprise members, on the right, select **Two-factor authentication**, then select **Secure**, **Insecure**, or **Disabled**.
|
||||
|
||||
|
||||
|
||||
@@ -234,9 +234,13 @@ You can see which people in your enterprise have enabled two-factor authenticati
|
||||
|
||||
{% data reusables.enterprise-accounts.access-enterprise %}
|
||||
{% data reusables.enterprise-accounts.people-tab %}
|
||||
1. To view enterprise members who have enabled or disabled two-factor authentication, on the right, select **2FA**, then click **Enabled** or **Disabled**.
|
||||
1. To view enterprise members who have enabled or disabled two-factor authentication, on the right, select {% ifversion ghes > 3.16 %}**Two-factor authentication**{% else %}**2FA**{% endif %}, then select {% ifversion ghes > 3.16 %}**Secure**{% else %}**Enabled**{% endif %} or **Disabled**.
|
||||
|
||||
{% ifversion ghes > 3.16 %}
|
||||
|
||||
{% else %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -36,10 +36,16 @@ If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% ifversion ghes < 3.17 %}
|
||||
> [!WARNING]
|
||||
> * If you're a member or outside collaborator to a private repository of an organization that requires 2FA, you must leave the organization before you can disable 2FA.
|
||||
> * If you disable 2FA, you will automatically lose access to the organization and any private forks you have of the organization's private repositories. To regain access to the organization and your forks, re-enable 2FA and contact an organization owner.
|
||||
{% else %}
|
||||
> [!WARNING]
|
||||
> * If you're an outside collaborator to a private repository of an organization that requires 2FA, you must leave the organization before you can disable 2FA.
|
||||
> * If you're a member{% ifversion fpt or ghec %} or billing manager{% endif %} of an organization that requires 2FA, you will be unable to access that organization's resources while you have 2FA disabled.
|
||||
> * If you disable 2FA, you will automatically lose access to the organization. To regain access to the organization, if you're a member{% ifversion fpt or ghec %} or billing manager{% endif %}, you must re-enable 2FA. If you're an outside collaborator, you will also lose access to any private forks you have of the organization's private repositories after disabling 2FA, and must re-enable 2FA and contact an organization owner to have access restored.
|
||||
{% endif %}
|
||||
|
||||
> [!NOTE]
|
||||
> You can reconfigure your 2FA settings without disabling 2FA entirely, allowing you to keep both your recovery codes and your membership in organizations that require 2FA.
|
||||
|
||||
@@ -18,12 +18,12 @@ shortTitle: Disable 2FA
|
||||
{% data reusables.two_fa.mandatory-2fa-contributors-2023 %}
|
||||
{% endif %}
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
{% ifversion ghes < 3.17 %}
|
||||
> [!WARNING]
|
||||
> If you're a member{% ifversion fpt or ghec %} or billing manager{% endif %} to a repository of an organization that requires two-factor authentication and you disable 2FA, you'll lose your access to their repositories. To regain access to the organization, re-enable two-factor authentication.
|
||||
> If you're a member or outside collaborator to a repository of an organization that requires two-factor authentication and you disable 2FA, you'll be automatically removed from the organization, and you'll lose your access to their repositories. To regain access to the organization, re-enable 2FA and contact an organization owner.
|
||||
{% else %}
|
||||
> [!WARNING]
|
||||
> If you're a member{% ifversion fpt or ghec %}, billing manager,{% endif %} or outside collaborator to a repository of an organization that requires two-factor authentication and you disable 2FA, you'll be automatically removed from the organization, and you'll lose your access to their repositories. To regain access to the organization, re-enable two-factor authentication and contact an organization owner.
|
||||
> If you're a member {% ifversion fpt or ghec %}or billing manager{% endif %} to a repository of an organization that requires two-factor authentication and you disable 2FA, you'll lose your access to their repositories. To regain access to the organization, re-enable 2FA.
|
||||
{% endif %}
|
||||
|
||||
We strongly recommend using two-factor authentication (2FA) to secure your account. If you need to disable 2FA, we recommend re-enabling it as soon as possible.
|
||||
@@ -34,14 +34,14 @@ If you are part of the group that {% data variables.product.prodname_dotcom %} i
|
||||
You can modify your existing 2FA configuration instead of disabling it entirely. For more information, see [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-two-factor-authentication-method).
|
||||
{% endif %}
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
If your organization requires two-factor authentication and you're an outside collaborator on a repository of your organization, you must first leave the organization before you can disable two-factor authentication. To remove yourself from your organization, visit your Organizations settings page and select "Leave", or ask an organization owner or repository administrator to remove you from the organization's repositories. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/viewing-peoples-roles-in-an-organization) and [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-outside-collaborators/removing-an-outside-collaborator-from-an-organization-repository).
|
||||
{% else %}
|
||||
If your organization requires two-factor authentication and you're a member, owner, or an outside collaborator on a repository of your organization, you must first leave your organization before you can disable two-factor authentication.
|
||||
{% ifversion ghes < 3.17 %}
|
||||
If your organization requires two-factor authentication and you're a member, owner, or an outside collaborator on a repository of your organization, you must first leave your organization before you can disable 2FA.
|
||||
|
||||
To remove yourself from your organization:
|
||||
* As an organization member or owner, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization).
|
||||
* As an outside collaborator, ask an organization owner or repository administrator to remove you from the organization's repositories. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/viewing-peoples-roles-in-an-organization) and [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-outside-collaborators/removing-an-outside-collaborator-from-an-organization-repository).
|
||||
{% else %}
|
||||
If your organization requires two-factor authentication and you're an outside collaborator on a repository of your organization, you must first leave the organization before you can disable 2FA. To remove yourself from your organization, visit your Organizations settings page and select "Leave", or ask an organization owner or repository administrator to remove you from the organization's repositories. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/viewing-peoples-roles-in-an-organization) and [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-outside-collaborators/removing-an-outside-collaborator-from-an-organization-repository).
|
||||
{% endif %}
|
||||
|
||||
{% data reusables.user-settings.access_settings %}
|
||||
|
||||
@@ -15,13 +15,15 @@ topics:
|
||||
shortTitle: Prepare to require 2FA
|
||||
---
|
||||
{% ifversion fpt or ghec %}
|
||||
When requiring 2FA in your organization, consider if you also want to enforce usage of only secure methods among your users (secure two-factor methods are passkeys, security keys, authenticator apps, and the GitHub mobile app).
|
||||
When requiring two-factor authentication in your organization, consider if you also want to enforce usage of only secure methods among your users (secure 2FA methods are passkeys, security keys, authenticator apps, and the GitHub mobile app).
|
||||
{% endif %}
|
||||
|
||||
We recommend that you notify {% ifversion fpt or ghec %}organization members, outside collaborators, and billing managers{% else %}organization members and outside collaborators{% endif %} at least one week before you require 2FA in your organization.
|
||||
|
||||
When you require use of two-factor authentication for your organization, outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories.{% ifversion fpt or ghec %} If you require secure methods of 2FA, outside collaborators who have SMS 2FA configured will be removed. {% endif %} They will also lose access to their forks of the organization's private repositories.
|
||||
Members and billing managers will retain membership but not be able to access your organization resources until they meet your 2FA requirement{% ifversion fpt or ghec %} and 2FA security level{% endif %}.
|
||||
When you require use of 2FA for your organization, {% ifversion ghes < 3.17 %}members and {% endif %}outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories.{% ifversion fpt or ghec %} If you require secure methods of 2FA, outside collaborators who have SMS 2FA configured will be removed. {% endif %} They will also lose access to their forks of the organization's private repositories.
|
||||
{% ifversion fpt or ghec or ghes > 3.16 %}
|
||||
Members {% ifversion fpt or ghec %}and billing managers {% endif %}will retain membership but not be able to access your organization resources until they meet your 2FA requirement{% ifversion fpt or ghec %} and 2FA security level{% endif %}.
|
||||
{% endif %}
|
||||
|
||||
Before requiring 2FA in your organization, we recommend that you:
|
||||
|
||||
@@ -33,4 +35,8 @@ Before requiring 2FA in your organization, we recommend that you:
|
||||
* See whether users in your organization have 2FA enabled. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/viewing-whether-users-in-your-organization-have-2fa-enabled).
|
||||
{% endif %}
|
||||
* Enable 2FA for unattended or shared access accounts, such as bots and service accounts. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/managing-bots-and-service-accounts-with-two-factor-authentication).
|
||||
* Warn users that once 2FA is enabled, outside collaborators without 2FA are automatically removed from the organization, and members and billing managers will not be able to access your organization resources until they enable 2FA.
|
||||
{% ifversion ghes < 3.17 %}
|
||||
* Warn users that once 2FA is required, members and outside collaborators without 2FA are automatically removed from the organization, and must be re-added.
|
||||
{% else %}
|
||||
* Warn users that once 2FA is required, outside collaborators without 2FA are automatically removed from the organization, and members {% ifversion fpt or ghec %}and billing managers {% endif %}will not be able to access your organization resources until they enable 2FA.
|
||||
{% endif %}
|
||||
|
||||
@@ -24,7 +24,15 @@ product: 'Requiring two-factor authentication is available to organizations on a
|
||||
|
||||
{% data reusables.two_fa.about-2fa %} You can require all {% ifversion fpt or ghec %}members, outside collaborators, and billing managers{% else %}members and outside collaborators{% endif %} in your organization to enable two-factor authentication on {% data variables.product.github %}. For more information about two-factor authentication, see [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa).
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
{% ifversion ghes < 3.17 %}
|
||||
|
||||
> [!WARNING]
|
||||
> * When you require use of two-factor authentication for your organization, members and outside collaborators who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable two-factor authentication for their personal account within three months of their removal from your organization. For more information, see [AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
|
||||
> * You will also need to enable 2FA for unattended or shared access accounts, such as bots and service accounts. If you do not configure 2FA for these unattended accounts after you've enabled required two-factor authentication, the accounts will be removed from the organization and lose access to their repositories. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/managing-bots-and-service-accounts-with-two-factor-authentication).
|
||||
> * If an organization owner, member, or outside collaborator disables 2FA for their personal account after you've enabled required two-factor authentication, they will automatically be removed from the organization.
|
||||
> * If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization.
|
||||
|
||||
{% else %}
|
||||
|
||||
You can also require two-factor authentication for organizations in an enterprise. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise).
|
||||
|
||||
@@ -32,20 +40,12 @@ You can also require two-factor authentication for organizations in an enterpris
|
||||
> Some of the users in your organization may have been selected for mandatory two-factor authentication enrollment by {% data variables.product.prodname_dotcom %}, but it has no impact on how you enable the 2FA requirement for your organization. If you enable the 2FA requirement in your organization, all users without 2FA currently enabled will be removed from your organization, including those that are required to enable it by {% data variables.product.prodname_dotcom %}.
|
||||
|
||||
> [!WARNING]
|
||||
> * When you require use of two-factor authentication for your organization, members and billing managers who do not use 2FA will not be able to access your organization's resources until they enable 2FA on their account. They will retain membership even without 2FA, including consuming {% ifversion enterprise-licensing-language %}licenses{% else %}seats{% endif %} in your organization.
|
||||
> * When you require use of two-factor authentication for your organization, members {% ifversion fpt or ghec %}and billing managers {% endif %}who do not use 2FA will not be able to access your organization's resources until they enable 2FA on their account. They will retain membership even without 2FA{% ifversion not ghes %}, including consuming {% ifversion enterprise-licensing-language %}licenses{% else %}seats{% endif %} in your organization{% endif %}.
|
||||
> * When you require use of two-factor authentication for your organization, outside collaborators who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable 2FA for their personal account within three months of their removal from your organization. For more information, see [AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
|
||||
> * You will also need to enable two-factor authentication for unattended or shared access accounts that are outside collaborators, such as bots and service accounts. If you do not configure 2FA for these unattended outside collaborator accounts after you've enabled required 2FA, the accounts will be removed from the organization and lose access to their repositories. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/managing-bots-and-service-accounts-with-two-factor-authentication).
|
||||
> * If an outside collaborator disables two-factor authentication for their personal account after you've enabled required 2FA, they will automatically be removed from the organization.
|
||||
> * If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required 2FA for the organization.
|
||||
|
||||
{% else %}
|
||||
|
||||
> [!WARNING]
|
||||
> * When you require use of two-factor authentication for your organization, members and outside collaborators who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable two-factor authentication for their personal account within three months of their removal from your organization. For more information, see [AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
|
||||
> * You will also need to enable 2FA for unattended or shared access accounts, such as bots and service accounts. If you do not configure 2FA for these unattended accounts after you've enabled required two-factor authentication, the accounts will be removed from the organization and lose access to their repositories. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/managing-bots-and-service-accounts-with-two-factor-authentication).
|
||||
> * If an organization owner, member, or outside collaborator disables 2FA for their personal account after you've enabled required two-factor authentication, they will automatically be removed from the organization.
|
||||
> * If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization.
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% data reusables.two_fa.auth_methods_2fa %}
|
||||
|
||||
@@ -33,12 +33,16 @@ shortTitle: View 2FA usage
|
||||
|
||||
{% else %}
|
||||
|
||||
1. To view organization members, including organization owners, who have enabled or disabled two-factor authentication, on the right, select **2FA**, then click **Enabled** or **Disabled**.
|
||||
1. To view organization members, including organization owners, who have enabled or disabled two-factor authentication, on the right, select {% ifversion ghes > 3.16 %}**Two-factor authentication**{% else %}**2FA**{% endif %}, then click {% ifversion ghes > 3.16 %}**Secure**{% else %}**Enabled**{% endif %} or **Disabled**.
|
||||
|
||||
|
||||
{% ifversion ghes > 3.16 %}
|
||||
|
||||
{% else %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
1. To view outside collaborators in your organization, in the "Organization permissions" sidebar, click **Outside collaborators**.
|
||||
1. To view which outside collaborators have enabled or disabled two-factor authentication, above the list of outside collaborators, select the **2FA** dropdown menu, then click **Enabled** or **Disabled**.
|
||||
1. To view which outside collaborators have enabled or disabled two-factor authentication, above the list of outside collaborators, select {% ifversion ghes > 3.16 %}**Two-factor authentication**{% else %}**2FA**{% endif %}, then click {% ifversion ghes > 3.16 %}**Secure**{% else %}**Enabled**{% endif %} or **Disabled**.
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -97,6 +97,7 @@
|
||||
/assets/images/help/2fa/edit-2fa-method-dropdown.png 1x
|
||||
/assets/images/help/2fa/filter-enterprise-members-by-2fa.png 1x
|
||||
/assets/images/help/2fa/filter-org-members-by-2fa.png 1x
|
||||
/assets/images/help/2fa/ghes-filter-org-members-by-2fa.png 1x
|
||||
/assets/images/help/2fa/legacy-filter-org-members-by-2fa.png 1x
|
||||
/assets/images/help/2fa/legacy-filter-org-collaborators-by-2fa.png 2x
|
||||
/assets/images/help/2fa/ghes-3.8-and-higher-2fa-wizard-app-click-code.png 1x
|
||||
|
||||
Reference in New Issue
Block a user