diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam.md b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam.md index 0ad2ac1361..0992bd4192 100644 --- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam.md +++ b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam.md @@ -30,6 +30,8 @@ redirect_from: If your enterprise members manage their own user accounts on {% data variables.product.product_location %}, you can configure SAML authentication as an additional access restriction for your enterprise or organization. {% data reusables.saml.dotcom-saml-explanation %} +{% data reusables.saml.saml-accounts %} + {% data reusables.saml.about-saml-enterprise-accounts %} For more information, see "[Configuring SAML single sign-on for your enterprise](/admin/authentication/managing-identity-and-access-for-your-enterprise/configuring-saml-single-sign-on-for-your-enterprise)." Alternatively, you can provision and manage the accounts of your enterprise members with {% data variables.product.prodname_emus %}. To help you determine whether SAML SSO or {% data variables.product.prodname_emus %} is better for your enterprise, see "[About authentication for your enterprise](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#identifying-the-best-authentication-method-for-your-enterprise)." diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md index be095b071c..f62297bd90 100644 --- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md +++ b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md @@ -29,7 +29,11 @@ redirect_from: {% ifversion ghec %} -{% data reusables.saml.dotcom-saml-explanation %} For more information, see "[About identity and access management with SAML single sign-on](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on)." +{% data reusables.saml.dotcom-saml-explanation %} + +{% data reusables.saml.saml-accounts %} + +For more information, see "[About identity and access management with SAML single sign-on](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on)." {% data reusables.saml.about-saml-enterprise-accounts %} diff --git a/content/admin/overview/about-enterprise-accounts.md b/content/admin/overview/about-enterprise-accounts.md index 684e032555..60793424f8 100644 --- a/content/admin/overview/about-enterprise-accounts.md +++ b/content/admin/overview/about-enterprise-accounts.md @@ -35,7 +35,7 @@ The enterprise account on {% ifversion ghes %}{% data variables.product.product_ Organizations are shared accounts where enterprise members can collaborate across many projects at once. Organization owners can manage access to the organization's data and projects with sophisticated security and administrative features. For more information, see "[About organizations](/organizations/collaborating-with-groups-in-organizations/about-organizations)." {% ifversion ghec %} -Enterprise owners can invite existing organizations to join your enterprise account, or create new organizations in the enterprise settings. +Enterprise owners can invite existing organizations to join your enterprise account, or create new organizations in the enterprise settings. For more information, see "[Adding organizations to your enterprise](/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise)." {% endif %} Your enterprise account allows you to manage and enforce policies for all the organizations owned by the enterprise. {% data reusables.enterprise.about-policies %} For more information, see "[About enterprise policies](/admin/policies/enforcing-policies-for-your-enterprise/about-enterprise-policies)." diff --git a/content/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise.md b/content/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise.md index 437374e8e5..0e4046bd7f 100644 --- a/content/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise.md +++ b/content/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise.md @@ -14,13 +14,14 @@ topics: - Enterprise - Organizations shortTitle: Add organizations +permissions: Enterprise owners can add organizations to an enterprise. --- ## About organizations Your enterprise account can own organizations. Members of your enterprise can collaborate across related projects within an organization. For more information, see "[About organizations](/organizations/collaborating-with-groups-in-organizations/about-organizations)." -Enterprise owners can create new organizations within an enterprise account's settings or invite existing organizations to join an enterprise. To add an organization to your enterprise, you must create the organization from within the enterprise account settings. +You can add a new or existing organization to your enterprise in your enterprise account's settings. You can only add organizations this way to an existing enterprise account. {% data reusables.enterprise.create-an-enterprise-account %} For more information, see "[Creating an enterprise account](/admin/overview/creating-an-enterprise-account)." diff --git a/content/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on.md b/content/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on.md index 3caa475045..dc86c1d0b6 100644 --- a/content/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on.md +++ b/content/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on.md @@ -1,6 +1,6 @@ --- title: About authentication with SAML single sign-on -intro: 'You can access {% ifversion ghae %}{% data variables.product.product_location %}{% elsif ghec %}an organization that uses SAML single sign-on (SSO){% endif %} by authenticating {% ifversion ghae %}with SAML single sign-on (SSO) {% endif %}through an identity provider (IdP).{% ifversion ghec %} After you authenticate with the IdP successfully from {% data variables.product.product_name %}, you must authorize any personal access token, SSH key, or {% data variables.product.prodname_oauth_app %} you would like to access the organization''s resources.{% endif %}' +intro: 'You can access {% ifversion ghae %}{% data variables.product.product_location %}{% elsif ghec %}an organization that uses SAML single sign-on (SSO){% endif %} by authenticating {% ifversion ghae %}with SAML single sign-on (SSO) {% endif %}through an identity provider (IdP).' redirect_from: - /articles/about-authentication-with-saml-single-sign-on - /github/authenticating-to-github/about-authentication-with-saml-single-sign-on @@ -30,7 +30,7 @@ If you can't access {% data variables.product.product_name %}, contact your loca If you're a member of an {% data variables.product.prodname_emu_enterprise %}, you will instead use a new account that is provisioned for you and controlled by your enterprise. {% data reusables.enterprise-accounts.emu-more-info-account %} -When you access resources within an organization that uses SAML SSO, {% data variables.product.prodname_dotcom %} will redirect you to the organization's SAML IdP to authenticate. After you successfully authenticate with your account on the IdP, the IdP redirects you back to {% data variables.product.prodname_dotcom %}, where you can access the organization's resources. +When you access private resources within an organization that uses SAML SSO, {% data variables.product.prodname_dotcom %} will redirect you to the organization's SAML IdP to authenticate. After you successfully authenticate with your account on the IdP, the IdP redirects you back to {% data variables.product.prodname_dotcom %}, where you can access the organization's resources. {% data reusables.saml.outside-collaborators-exemption %} diff --git a/content/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on.md b/content/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on.md index 5e863a03d9..076f7265e3 100644 --- a/content/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on.md +++ b/content/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on.md @@ -12,14 +12,12 @@ topics: shortTitle: IAM with SAML SSO --- -{% data reusables.enterprise-accounts.emu-saml-note %} +{% data reusables.saml.ghec-only %} ## About SAML SSO {% data reusables.saml.dotcom-saml-explanation %} -{% data reusables.saml.ghec-only %} - {% data reusables.saml.saml-accounts %} Organization owners can enforce SAML SSO for an individual organization, or enterprise owners can enforce SAML SSO for all organizations in an enterprise account. For more information, see "[Configuring SAML single sign-on for your enterprise](/enterprise-cloud@latest/admin/authentication/managing-identity-and-access-for-your-enterprise/configuring-saml-single-sign-on-for-your-enterprise)." diff --git a/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-and-deleting-branches-within-your-repository.md b/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-and-deleting-branches-within-your-repository.md index f2bc4e9bfd..521d8fef16 100644 --- a/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-and-deleting-branches-within-your-repository.md +++ b/content/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-and-deleting-branches-within-your-repository.md @@ -25,6 +25,7 @@ You can create a branch in different ways on {% data variables.product.product_n {% endnote %} +{% ifversion create-branch-from-overview %} ### Creating a branch via the branches overview {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.navigate-to-branches %} @@ -35,6 +36,7 @@ You can create a branch in different ways on {% data variables.product.product_n ![Screenshot of branch creation modal for a fork with branch source emphasized](/assets/images/help/branches/branch-creation-popup-branch-source.png) 3. Click **Create branch**. ![Screenshot of branch creation modal with create branch button emphasized](/assets/images/help/branches/branch-creation-popup-button.png) +{% endif %} ### Creating a branch using the branch dropdown {% data reusables.repositories.navigate-to-repo %} @@ -44,10 +46,12 @@ You can create a branch in different ways on {% data variables.product.product_n ![branch selector menu](/assets/images/help/branch/branch-selection-dropdown.png) 1. Type a unique name for your new branch, then select **Create branch**. ![branch creation text box](/assets/images/help/branch/branch-creation-text-box.png) + {% ifversion fpt or ghec or ghes > 3.4 %} ### Creating a branch for an issue You can create a branch to work on an issue directly from the issue page and get started right away. For more information, see "[Creating a branch to work on an issue](/issues/tracking-your-work-with-issues/creating-a-branch-for-an-issue)". {% endif %} + ## Deleting a branch {% data reusables.pull_requests.automatically-delete-branches %} diff --git a/data/features/create-branch-from-overview.yml b/data/features/create-branch-from-overview.yml new file mode 100644 index 0000000000..a51e624c41 --- /dev/null +++ b/data/features/create-branch-from-overview.yml @@ -0,0 +1,5 @@ +versions: + fpt: '*' + ghec: '*' + ghes: '>=3.7' + ghae: 'issue-6670' diff --git a/data/reusables/saml/dotcom-saml-explanation.md b/data/reusables/saml/dotcom-saml-explanation.md index 1193514f50..d8413a8725 100644 --- a/data/reusables/saml/dotcom-saml-explanation.md +++ b/data/reusables/saml/dotcom-saml-explanation.md @@ -1 +1 @@ -SAML single sign-on (SSO) gives organization owners and enterprise owners using {% data variables.product.product_name %} a way to control and secure access to organization resources like repositories, issues, and pull requests. +SAML single sign-on (SSO) gives organization owners and enterprise owners using {% data variables.product.product_name %} a way to control and secure access to organization resources like repositories, issues, and pull requests. \ No newline at end of file diff --git a/data/reusables/saml/outside-collaborators-exemption.md b/data/reusables/saml/outside-collaborators-exemption.md index 29525c7593..c6c2ae1009 100644 --- a/data/reusables/saml/outside-collaborators-exemption.md +++ b/data/reusables/saml/outside-collaborators-exemption.md @@ -1,5 +1,8 @@ {% note %} -**Note:** Outside collaborators aren't required to authenticate with an IdP to access the resources in an organization with SAML SSO. For more information on outside collaborators, see "[Roles in an organization](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#outside-collaborators)." +**Notes:** + +- SAML authentication is not required for organization members to perform read operations such as viewing, cloning, and forking of public resources. +- SAML authentication is not required for outside collaborators. For more information about outside collaborators, see "[Roles in an organization](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#outside-collaborators)." {% endnote %} diff --git a/data/reusables/saml/saml-accounts.md b/data/reusables/saml/saml-accounts.md index cfb5746ae3..1c176cf358 100644 --- a/data/reusables/saml/saml-accounts.md +++ b/data/reusables/saml/saml-accounts.md @@ -1,7 +1,7 @@ -If you configure SAML SSO, members of your organization will continue to log into their personal accounts on {% data variables.product.prodname_dotcom_the_website %}. When a member accesses non-public resources within your organization that uses SAML SSO, {% data variables.product.prodname_dotcom %} redirects the member to your IdP to authenticate. After successful authentication, your IdP redirects the member back to {% data variables.product.prodname_dotcom %}, where the member can access your organization's resources. +If you configure SAML SSO, members of your organization will continue to sign into their personal accounts on {% data variables.product.prodname_dotcom_the_website %}. When a member accesses non-public resources within your organization, {% data variables.product.prodname_dotcom %} redirects the member to your IdP to authenticate. After successful authentication, your IdP redirects the member back to {% data variables.product.prodname_dotcom %}. For more information, see "[About authentication with SAML single sign-on](/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on)." {% note %} -**Note:** Organization members can perform read operations such as viewing, cloning, and forking on public resources owned by your organization even without a valid SAML session. +**Note:** SAML SSO does not replace the normal sign-in process for {% data variables.product.prodname_dotcom %}. Unless you use {% data variables.product.prodname_emus %}, members will continue to sign into their personal accounts on {% data variables.product.prodname_dotcom_the_website %}, and each personal account will be linked to an external identity in your IdP. -{% endnote %} +{% endnote %} \ No newline at end of file