75f3cce197
Co-authored-by: isaacmbrown <isaacmbrown@github.com> Co-authored-by: Hector Alfaro <hectorsector@github.com> Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Co-authored-by: hubwriter <hubwriter@github.com> Co-authored-by: Vanessa <vgrl@github.com> Co-authored-by: Christopher Nguyen <91625426+nguyen-dows@users.noreply.github.com> Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com> Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Andrew Eisenberg <aeisenberg@github.com> Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com> Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com> Co-authored-by: David Staheli <1767415+davidstaheli@users.noreply.github.com> Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com> Co-authored-by: sunbrye <sunbrye@github.com> Co-authored-by: Tim Rogers <timrogers@github.com> Co-authored-by: Felix Guntrip <stevecat@github.com> Co-authored-by: Sunbrye Ly <56200261+sunbrye@users.noreply.github.com> Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> Co-authored-by: Rachael Rose Renk <91027132+rachaelrenk@users.noreply.github.com> Co-authored-by: Jules <19994093+jules-p@users.noreply.github.com> Co-authored-by: Laura Coursen <lecoursen@github.com> Co-authored-by: Jules Porter <jules-p@users.noreply.github.com> Co-authored-by: Devraj Mehta <devm33@github.com> Co-authored-by: Kate Studwell <katestud@github.com> Co-authored-by: Katherine Oelsner <49968061+octokatherine@users.noreply.github.com> Co-authored-by: Rachael Sewell <rachmari@github.com> Co-authored-by: Tim Rogers <me@timrogers.co.uk> Co-authored-by: Arfon Smith <arfon@users.noreply.github.com>
3.7 KiB
3.7 KiB
title, shortTitle, intro, versions, type, topics, permissions, redirect_from
| title | shortTitle | intro | versions | type | topics | permissions | redirect_from | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Disabling authentication and provisioning for Enterprise Managed Users | Disable authentication and provisioning | You can disable SAML or OIDC single sign-on (SSO) and SCIM provisioning for {% data variables.product.prodname_emus %} by using a recovery code to sign in as the setup user. |
|
overview |
|
The setup user can disable SAML or OIDC SSO and SCIM provisioning for {% data variables.product.prodname_emus %}. |
|
About disabled authentication for {% data variables.product.prodname_emus %}
After you disable SAML or OIDC SSO for your enterprise, the following effects apply:
- All external identities for the enterprise, and associated email addresses for {% data variables.enterprise.prodname_managed_users %}, will be removed. For more information, see "AUTOTITLE."
- All {% data variables.enterprise.prodname_managed_users %} will be suspended. The suspended accounts will not be renamed. For more information, see "AUTOTITLE."
- All {% data variables.product.pat_generic_plural %} and SSH keys associated with {% data variables.enterprise.prodname_managed_users %} will be deleted.
- All of the external groups provisioned by SCIM will be deleted. For more information, see "AUTOTITLE."
If you later reconfigure authentication for the enterprise, external groups must be reprovisioned via SCIM, and {% data variables.enterprise.prodname_managed_users %} must be reprovisioned before users can sign in.
{% note %}
Note: When a {% data variables.enterprise.prodname_managed_user %} is suspended, the user's avatar is permanently deleted. If you reprovision the user, the user will need to reupload their avatar.
{% endnote %}
If you want to migrate to a new identity provider (IdP) or tenant rather than disabling authentication entirely, see "AUTOTITLE."
Disabling authentication
{% warning %}
Warning: Disabling authentication and provisioning will prevent your enterprise's {% data variables.enterprise.prodname_managed_users %} from signing in to access your enterprise on {% data variables.product.product_name %}.
{% endwarning %}
{% data reusables.emus.sign-in-as-setup-user %}
- Attempt to access your enterprise account, and use a recovery code to bypass SAML SSO or OIDC. For more information, see "AUTOTITLE." {% data reusables.enterprise-accounts.access-enterprise-emu %} {% data reusables.enterprise-accounts.settings-tab %} {% data reusables.enterprise-accounts.security-tab %}
- Under "SAML single sign-on", deselect Require SAML authentication or Require OIDC single sign-on.
- Click Save.