2db9da5c8f
* Empty commit * updated beta note for GHAE * more GHAE update + resolve conflict * more GHAE updates + prepare for screenshots * Apply suggestions from code review Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * address remaining review comments * Revise "About GitHub AE" (#17679) * add screenshots to the Configuring article * reworked to have a separate GHAE section * list numbering * more work on screenshots and conditions * add GHAE screenshots in article * review screenshots in article * added more screenshots and updated more articles * screenshot madness * fix liquid versioning * refactor the ghae script * [GHAE CB/Feb 22]: Add article about data residency for GitHub AE (#17847) * add missing GHAE versioning to article * move screenshots to GHAE asset directory * forgot to change the path for these two images * replace CBB screenshot + add better screenshot * [GHAE CB/Feb 22]: Document upgrades for GitHub AE (#17848) * Version article for GitHub AE * Replace unused variable * Incorporate reviewer feedback * Update intro Co-authored-by: Ethan P <56270045+ethanpalm@users.noreply.github.com> * [GHAE] Enable IP allow list (#17691) * Notes for CC * Updat permission leves chart * Add updated article to further reading * Update gated feature callout with GitHub AE * Version "Managing allowed IP addresses for your organization" for AE * Update images * Update "Restricting network traffic to your enterprise" with new procedures * remove todo note * Update audited actions * Update info about Premium Runners * Use reusable for Premium Runners * Change "Premium Runners" to "AE hosted runners" * Incorporate reviewer feedback * Use correct reusable * Version reusable correctly * [Feb 22] GHAE: Code scanning beta (#17830) * Add "github-ae" to all the frontmatter * GHAE-ify the reusables * Add some more changes * Re-use some content * 🔪 Semmle links * Revert change re "--external-repository-token" in the CodeQL runner * Update CodeQL runner token scopes * Update two screenshots * Remove mention of GitHub.com from AE + other fixes * Apply suggestions from code review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> * Use `product_name` variable instead of `product_location` * Remove confusing phrase * [Feb 22] GHAE: Code scanning API and webhook docs (#17883) * Version API and webhook docs * Actually add versioning for GHAE * Fix anchor * [TEMPORARY] Preview for API endpoints * Revert API previews * Update procedure step Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> * Update docs for AzureAD Group SCIM support in GHAE (#17892) * [GHAE CB] SMTP bootstrapping flow (#17888) * draft * update with AE conntent * update with tons of versioning * remove that lie * fill out the rest of these steps * update with correct versioning * more edits * add images * reversion most of ae article * fix versioning * format correctlly * words matter * last image * update with permmissions * update versioning * add link * apply feedback ❤️ * update with differrent spacing * update with feedback * more feedback * Temporary GHAE release notes for consumables beta launch (#17859) * Create release-notes.md * Add frontmatter * Add to index file * Update github-ae-release-notes.md * Add release notes from Google Doc * Update finalized docs links that have been reviewed * OAuth device flow link update * version for AE * few fixes * Update content/admin/overview/github-ae-release-notes.md * small edits * whoops * commit * update with different links * used wrong reusable * fix more brokenness * Update repository-references.js * Update repository-references.js Co-authored-by: Meg Bird <megbird@github.com> Co-authored-by: Kevin Heis <heiskr@users.noreply.github.com> * [GHAE] Audit public repos (#17917) * verifying what we mean by public * Apply suggestions from code review * Update content/developers/apps/installing-github-apps.md Co-authored-by: Laura Coursen <lecoursen@github.com> * fixing placememnt of liquid conditional Co-authored-by: Laura Coursen <lecoursen@github.com> * GHAE packages beta (#17786) Co-authored-by: jmarlena <6732600+jmarlena@users.noreply.github.com> Co-authored-by: Martin Lopes <martin389@github.com> * fix broken links * [GHAE CB/March 01]: GitHub Actions on GHAE (beta) (#17725) * Added initial layout for premium runners * Restructured content * Added placeholder for removing premium runner * Added versioning and warning note for self-hosted runners * Added versioning and beta notice for actions content * Rephrased beta note * Added versioning for API docs, fixes * Added versioning fixes * Split Github-hosted and premium topics into separate articles * Added edits * Restructured some topics * Revised "Using premium runners in a workflow" * Some small fixes * Fixed typo * Added fixes to reusable * Added edits * Made section titles consistent * Added billing, group mgmt, reusable steps * Cropped certain screenshots for future-proofing * Removed superfluous reusable * Added fixes * Revert "Cropped certain screenshots for future-proofing" This reverts commit c7f24f31fa30d4fe3de2b63fc3cd5feba44ef518. * Added new section for custom images * Added versioning for enterprise-admin operations * Added edits * Added edits * Update adding-premium-runners.md * Removed SHR screenshots. Intending to update them when UI is available. * Update using-labels-with-premium-runners.md * Added custom labels section * Added preview of API docs changes * Added versioning for ip allow list section * Removed removal article * Renamed premium runners to AE hosted runners * Re-added added API preview * Fixed links, updated software specs * Revised "Software specifications" based on feedback * Fixed typos * Small fixes * Added new article "Creating custom images" * Moved "Creating custom images" link * Apply suggestions from code review Co-authored-by: ahdbilal <55514721+ahdbilal@users.noreply.github.com> * Added update from review * Added updates from tech review * Apply suggestions from code review Co-authored-by: ahdbilal <55514721+ahdbilal@users.noreply.github.com> * Added updates from tech review * Added updates from tech review * Added updates from tech review * Added updates from tech review * Fixed reusable * Added fixes * Added update from tech review * Removed the dereferenced OpenAPI schema files * Added fixes * Fixed links * Fixed links * Apply suggestions from code review Co-authored-by: jmarlena <6732600+jmarlena@users.noreply.github.com> * Added updates from peer review * Removed sections that are not in beta * Update viewing-your-github-actions-usage.md * Update viewing-job-execution-time.md * Update index.md * Update about-github-hosted-runners.md * Restored versioning to match GHES approach * Fixed link * Restored self-hosted runner reference to UI steps. * Updated screenshots * Updated screenshots and procedures * Small edits to screenshots * Added AE url info for SHR * Removed superfluous versioning * Update security-hardening-for-github-actions.md * Update actions-shared.md * Small edits * Update usage-limits-billing-and-administration.md * Update managing-complex-workflows.md * Additional versioning * Additional versioning * version environments api and checkrun deployments for ghae (#17991) Co-authored-by: Martin Lopes <martin389@github.com> * Update reviewing-the-audit-log-for-your-organization.md * Added versioning for enterprise policy settings * version configuring artifact retention for AE * remove AE versioning for connecting to Marketplace * Apply suggestions from code review Co-authored-by: Joe Bourne <thejoebourneidentity@github.com> * Update content/admin/github-actions/getting-started-with-github-actions-for-github-ae.md Co-authored-by: Joe Bourne <thejoebourneidentity@github.com> * rewording not public to private * fixing liquid * Fixed elseif entries * Added expectations note * Revised label management article for AE hosted runners * Added enterprise-admin note for adding AE hosted runners * Update enterprise-admin.md * Update self-hosted-runner-security.md * Versioned reusable for AE * Empty commit for CI Co-authored-by: ahdbilal <55514721+ahdbilal@users.noreply.github.com> Co-authored-by: jmarlena <6732600+jmarlena@users.noreply.github.com> Co-authored-by: skedwards88 <skedwards88@github.com> Co-authored-by: Leona B. Campbell <3880403+runleonarun@users.noreply.github.com> Co-authored-by: Joe Bourne <thejoebourneidentity@github.com> Co-authored-by: runleonarun <runleonarun@github.com> * Update OpenAPI Descriptions for GHAE * Update content/admin/overview/github-ae-release-notes.md Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com> Co-authored-by: mchammer01 <42146119+mchammer01@users.noreply.github.com> Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> Co-authored-by: shati-patel <shati-patel@github.com> Co-authored-by: Sarah Schneider <sarahs@github.com> Co-authored-by: skedwards88 <skedwards88@github.com> Co-authored-by: Sarah Schneider <sarahs@users.noreply.github.com> Co-authored-by: Melanie Yarbrough <11952755+myarb@users.noreply.github.com> Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Meg Bird <megbird@github.com> Co-authored-by: Kevin Heis <heiskr@users.noreply.github.com> Co-authored-by: Leona B. Campbell <3880403+runleonarun@users.noreply.github.com> Co-authored-by: Laura Coursen <lecoursen@github.com> Co-authored-by: jmarlena <6732600+jmarlena@users.noreply.github.com> Co-authored-by: Martin Lopes <martin389@github.com> Co-authored-by: ahdbilal <55514721+ahdbilal@users.noreply.github.com> Co-authored-by: Joe Bourne <thejoebourneidentity@github.com> Co-authored-by: runleonarun <runleonarun@github.com> Co-authored-by: github-openapi-bot <69533958+github-openapi-bot@users.noreply.github.com>
120 lines
11 KiB
Markdown
120 lines
11 KiB
Markdown
---
|
|
title: Initializing GitHub AE
|
|
intro: 'To get your enterprise ready to use, you can complete the initial configuration of {% data variables.product.product_name %}.'
|
|
versions:
|
|
github-ae: '*'
|
|
---
|
|
|
|
### About initialization
|
|
|
|
Before you can initialize your enterprise, you must purchase {% data variables.product.product_name %}. For more information, contact {% data variables.contact.contact_enterprise_sales %}.
|
|
|
|
After you purchase {% data variables.product.product_name %}, we'll ask you to provide an email address and username for the person you want to initialize the enterprise. Your dedicated technical account manager in {% data variables.contact.enterprise_support %} will create an account for the enterprise owner and send the enterprise owner an email to log into {% data variables.product.product_name %} and complete the initialization. Make sure the information you provide matches the intended enterprise owner's information in the IdP. For more information about enterprise owners, see "[Roles in an enterprise](/github/setting-up-and-managing-your-enterprise/roles-in-an-enterprise#enterprise-owner)."
|
|
|
|
During initialization, the enterprise owner will name your enterprise, configure SAML SSO, create policies for all organizations in your enterprise, and configure a support contact for your users.
|
|
|
|
### Prerequisites
|
|
|
|
{% note %}
|
|
|
|
**Note**: Before you begin initialization, store the initial username and password for {% data variables.product.prodname_ghe_managed %} securely in a password manager. {% data reusables.saml.contact-support-if-your-idp-is-unavailable %}
|
|
|
|
{% endnote %}
|
|
|
|
1. To initialize {% data variables.product.product_location %}, you must have a SAML identity provider (IdP). {% data reusables.saml.ae-uses-saml-sso %} To connect your IdP to your enterprise during initialization, you should have your IdP's Entity ID (SSO) URL, Issuer ID URL, and public signing certificate (Base64-encoded). For more information, see "[About identity and access management for your enterprise](/admin/authentication/about-identity-and-access-management-for-your-enterprise)."
|
|
|
|
{% note %}
|
|
|
|
**Note**: {% data reusables.saml.create-a-machine-user %}
|
|
|
|
{% endnote %}
|
|
|
|
2. {% data reusables.saml.assert-the-administrator-attribute %}
|
|
|
|
### Signing in and naming your enterprise
|
|
|
|
1. Follow the instructions in your welcome email to reach your enterprise.
|
|
2. Type your credentials under "Change password", then click **Change password**.
|
|
3. Under "What would you like your enterprise account to be named?", type the enterprise's name, then click **Save and continue**.
|
|
|
|
|
|
### Connecting your IdP to your enterprise
|
|
|
|
To configure authentication for {% data variables.product.product_name %}, you must provide {% data variables.product.product_name %} with the details for your SAML IdP. {% data variables.product.company_short %} recommends using Azure AD as your IdP. For more information, see "[Configuring authentication and provisioning with your identity provider](/admin/authentication/configuring-authentication-and-provisioning-with-your-identity-provider)."
|
|
|
|
1. To the right of "Set up your identity provider", click **Configure**.
|
|
|
|
1. Under "Sign on URL", copy and paste the URL for your SAML IdP.
|
|
|
|
1. Under "Issuer", copy and paste the issuer URL for your SAML IdP.
|
|
|
|
1. Under "Public certificate", copy and paste the public certificate for your SAML IdP.
|
|
|
|
1. Click **Test SAML configuration** to ensure that the information you've entered is correct.
|
|
|
|
1. Click **Save**.
|
|
|
|
|
|
### Setting your enterprise policies
|
|
|
|
Configuring policies will set limitations for repository and organization management for your enterprise. These can be reconfigured after the initialization process.
|
|
|
|
1. To the right of "Set your enterprise policies", click **Configure**.
|
|
|
|
2. Under "Default Repository Permissions", use the drop-down menu and click a default permissions level for repositories in your enterprise. If a person has multiple avenues of access to an organization, either individually, through a team, or as an organization member, the highest permission level overrides any lower permission levels. Optionally, to allow organizations within your enterprise to set their default repository permissions, click **No policy**
|
|
|
|
3. Under "Repository creation", choose whether you want to allow members to create repositories. Optionally, to allow organizations within your enterprise to set permissions, click **No policy**.
|
|
|
|
4. Under "Repository forking", choose whether to allow forking of private and internal repositories. Optionally, to allow organizations within your enterprise to set permissions, click **No policy**
|
|
|
|
5. Under "Repository invitations", choose whether members or organization owners can invite collaborators to repositories. Optionally, to allow organizations within your enterprise to set permissions, click **No policy**
|
|
|
|
6. Under "Default repository visibility", use the drop-down menu and click the default visibility setting for new repositories.
|
|
|
|
7. Under "Users can create organizations", use the drop-down menu to enable or disable organization creation access for members of the enterprise.
|
|
|
|
8. Under "Force pushes", use the drop-down menu and choose whether to allow or block force pushes.
|
|
|
|
9. Under "Git SSH access", use the drop-down menu and choose whether to enable Git SSH access for all repositories in the enterprise.
|
|
|
|
10. Click **Save**
|
|
|
|
11. Optionally, to reset all selections, click "Reset to default policies".
|
|
|
|
|
|
### Setting your internal support contact
|
|
|
|
You can configure the method your users will use to contact your internal support team. This can be reconfigured after the initialization process.
|
|
|
|
1. To the right of "Internal support contact", click **Configure**.
|
|
|
|
2. Under "Internal support contact", select the method for users of your enterprise to contact support, through a URL or an e-mail address. Then, type the support contact information.
|
|
|
|
3. Click **Save**.
|
|
|
|
|
|
### Setting your email settings
|
|
|
|
Once this is initialized, you can reconfigure any settings after the initialization process. For more information, see "[Configuring email for notifications](/admin/configuration/configuring-email-for-notifications)."
|
|
|
|
1. To the right of "Configure email settings", click **Configure**.
|
|
|
|
2. Select **Enable email**. This will enable both outbound and inbound email, however, for inbound email to work you will also need to configure your DNS settings. For more information, see "[Configuring DNS and firewall
|
|
settings to allow incoming emails](/admin/configuration/configuring-email-for-notifications#configuring-dns-and-firewall-settings-to-allow-incoming-emails)."
|
|
|
|
3. Complete your email server settings:
|
|
- In the **Server address** field, type the address of your SMTP server.
|
|
- In the **Port** field, type the port that your SMTP server uses to send email.
|
|
- In the **Domain** field, type the domain name that your SMTP server will send with a HELO response, if any.
|
|
- In the **Authentication** dropdown, choose the type of encryption used by your SMTP server.
|
|
- In the **No-reply email address** field, type the email address to use in the From and To fields for all notification emails.
|
|
|
|
4. If you want to discard all incoming emails that are addressed to the no-reply email address, select **Discard email addressed to the no-reply email address**.
|
|
|
|
5. Click **Test email settings**.
|
|
|
|
6. Under "Send test email to," type the email address where you want to send a test email, then click **Send test email**.
|
|
|
|
7. Click **Save**.
|
|
|