bcfe4dab3b
* Add new product to products.yml * Move directory to its new location and rename it * Update new index page * Remove old category from GitHub product index * Add collaboration category * Add membership category * Add roles category * Add teams category * Add team discussion category * Add repo access category * Add project board access category * Add app management category * Add org settings category * Add improved org perms category * Add category for OAuth app restrictions * Add org security category * Add SAML category * Add SAML access category * Add git access category * Add redirects and update links for collaboration category * Add redirects and update links to team discussions content * Add redirects and update links to SAML access category * Update links to org security category and add redirects * Add redirects for app managers content * Add redirects for project board category * Add redirects and update links for the repo access category * Add redirects for git access category * Add redirects and update links for membership category * Add redirects and update links for org settings category * Fix links * Add redirects and update links to org access category * Add redirects and upate links to SSO category * Add redirects to improved org perms category * Add redirects and update links to teams category * Add redirects and update links to oauth apps category * Fix links * Fix links * Fix links
5.6 KiB
title, intro, product, redirect_from, versions, topics
| title | intro | product | redirect_from | versions | topics | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| About authentication with SAML single sign-on | You can access {% if currentVersion == "github-ae@latest" %}{% data variables.product.product_location %}{% elsif currentVersion == "free-pro-team@latest" %}an organization that uses SAML single sign-on (SSO){% endif %} by authenticating {% if currentVersion == "github-ae@latest" %}with SAML single sign-on (SSO) {% endif %}through an identity provider (IdP).{% if currentVersion == "free-pro-team@latest" %} After you authenticate with the IdP successfully from {% data variables.product.product_name %}, you must authorize any personal access token, SSH key, or {% data variables.product.prodname_oauth_app %} you would like to access the organization's resources.{% endif %} | {% data reusables.gated-features.saml-sso %} |
|
|
|
About authentication with SAML SSO
{% if currentVersion == "github-ae@latest" %}
SAML SSO allows an enterprise owner to centrally control and secure access to {% data variables.product.product_name %} from a SAML IdP. When you visit {% data variables.product.product_location %} in a browser, {% data variables.product.product_name %} will redirect you to your IdP to authenticate. After you successfully authenticate with an account on the IdP, the IdP redirects you back to {% data variables.product.product_location %}. {% data variables.product.product_name %} validates the response from your IdP, then grants access.
{% data reusables.saml.you-must-periodically-authenticate %}
If you can't access {% data variables.product.product_name %}, contact your local enterprise owner or administrator for {% data variables.product.product_name %}. You may be able to locate contact information for your enterprise by clicking Support at the bottom of any page on {% data variables.product.product_name %}. {% data variables.product.company_short %} and {% data variables.contact.github_support %} do not have access to your IdP, and cannot troubleshoot authentication problems.
{% endif %}
{% if currentVersion == "free-pro-team@latest" %}
{% data reusables.saml.dotcom-saml-explanation %} Organization owners can invite your user account on {% data variables.product.prodname_dotcom %} to join their organization that uses SAML SSO, which allows you to contribute to the organization and retain your existing identity and contributions on {% data variables.product.prodname_dotcom %}.
When you access resources within an organization that uses SAML SSO, {% data variables.product.prodname_dotcom %} will redirect you to the organization's SAML IdP to authenticate. After you successfully authenticate with your account on the IdP, the IdP redirects you back to {% data variables.product.prodname_dotcom %}, where you can access the organization's resources.
{% data reusables.saml.outside-collaborators-exemption %}
If you have recently authenticated with your organization's SAML IdP in your browser, you are automatically authorized when you access a {% data variables.product.prodname_dotcom %} organization that uses SAML SSO. If you haven't recently authenticated with your organization's SAML IdP in your browser, you must authenticate at the SAML IdP before you can access the organization.
{% data reusables.saml.you-must-periodically-authenticate %}
To use the API or Git on the command line to access protected content in an organization that uses SAML SSO, you will need to use an authorized personal access token over HTTPS or an authorized SSH key.
If you don't have a personal access token or an SSH key, you can create a personal access token for the command line or generate a new SSH key. For more information, see "Creating a personal access token" or "Generating a new SSH key and adding it to the ssh-agent."
To use a new or existing personal access token or SSH key with an organization that uses or enforces SAML SSO, you will need to authorize the token or authorize the SSH key for use with a SAML SSO organization. For more information, see "Authorizing a personal access token for use with SAML single sign-on" or "Authorizing an SSH key for use with SAML single sign-on."
About {% data variables.product.prodname_oauth_apps %} and SAML SSO
You must have an active SAML session each time you authorize an {% data variables.product.prodname_oauth_app %} to access an organization that uses or enforces SAML SSO.
After an enterprise or organization owner enables or enforces SAML SSO for an organization, you must reauthorize any {% data variables.product.prodname_oauth_app %} that you previously authorized to access the organization. To see the {% data variables.product.prodname_oauth_apps %} you've authorized or reauthorize an {% data variables.product.prodname_oauth_app %}, visit your {% data variables.product.prodname_oauth_apps %} page.
{% endif %}
Further reading
{% if currentVersion == "free-pro-team@latest" %}- "About identity and access management with SAML single sign-on"{% endif %} {% if currentVersion == "github-ae@latest" %}- "About identity and access management for your enterprise"{% endif %}