Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -974,7 +974,7 @@ ghe-btop [ <port number> | --help | --usage ]

#### ghe-governor

This utility helps to analyze Git traffic. It queries _Governor_ data files, located under `/data/user/gitmon`. {% data variables.product.company_short %} holds one hour of data per file, retained for two weeks. For more information, see [Analyzing Git traffic using Governor](https://github.com/orgs/community/discussions/34220) in {% data variables.product.prodname_github_community %}.
This utility helps to analyze Git traffic. It queries _Governor_ data files, located under `/data/user/governor/`. {% data variables.product.company_short %} holds one hour of data per file, retained for two weeks. For more information, see [AUTOTITLE](/admin/monitoring-and-managing-your-instance/monitoring-your-instance/analyze-git-traffic).

```bash
ghe-governor <subcommand> <column> [options]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ You can set a global announcement banner to be displayed to all users at the top
You can also create announcement banners at the organization level. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/creating-an-announcement-banner-for-your-organization).

{% ifversion ghes %}
You can also set an announcement banner in the administrative shell using a command line utility or using the API. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-announce) and [AUTOTITLE](/rest/enterprise-admin#announcements).
You can also set an announcement banner in the administrative shell using a command line utility or using the API. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-announce) and [AUTOTITLE](/rest/enterprise-admin#announcements).
{% endif %}

{% data reusables.enterprise-accounts.access-enterprise %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,8 @@ If you use {% data variables.product.prodname_emus %}, the following limitations
After you add an existing organization to your enterprise, the organization's resources remain accessible to members at the same URLs, and the following changes will apply.

* **Two-factor authentication (2FA):** If required by the enterprise, members without 2FA, or with insecure 2FA, will be unable to access organization resources until they configure 2FA that meets the enterprise's 2FA security requirements.
* **Enterprise licenses:** Members become part of the enterprise, and usage is billed to the enterprise account. You must ensure that the enterprise account has enough licenses to accommodate any new members. See [AUTOTITLE](/billing/managing-your-billing/about-billing-for-your-enterprise).
* **Enterprise role management:** Enterprise owners can manage their roles within the organization. See [AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise).
* **Enterprise licenses:** Members become part of the enterprise, and usage is billed to the enterprise account. You must ensure that the enterprise account has enough licenses to accommodate any new members. See [AUTOTITLE](/billing/concepts/enterprise-billing/billing-for-enterprises).
* **Enterprise role management:** Enterprise owners can manage their roles within the organization. See [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise).
* **Enterprise policies:** Any policies applied to the enterprise will apply to the organization. {% data reusables.actions.org-to-enterprise-actions-permissions %}

* **SAML SSO Configuration:**
Expand All @@ -50,10 +50,10 @@ After you add an existing organization to your enterprise, the organization's re
* If SAML is **not** configured for the destination enterprise, the organization will retain any existing SAML and SCIM settings.
* If organization members have existing SAML authorizations for {% data variables.product.pat_generic_plural %} or SSH keys to access the organization, these authorizations will remain active.
* To see these authorizations, SAML must be configured for either the organization or enterprise, and the user must have a linked SAML identity.
* To access additional organizations owned by the enterprise, members must authorize the {% data variables.product.pat_generic %} or key. See [AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on) and [AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on).
* To access additional organizations owned by the enterprise, members must authorize the {% data variables.product.pat_generic %} or key. See [AUTOTITLE](/authentication/authenticating-with-single-sign-on/authorizing-a-personal-access-token-for-use-with-single-sign-on) and [AUTOTITLE](/authentication/authenticating-with-single-sign-on/authorizing-an-ssh-key-for-use-with-single-sign-on).

* **Trial enterprise:** Certain features may be disabled if added to a trial enterprise. See [AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud#features-not-included-in-the-trial).
* **{% data variables.product.prodname_github_connect %}:** If the organization was connected to {% data variables.product.prodname_ghe_server %} using {% data variables.product.prodname_github_connect %}, adding the organization to an enterprise will not update the connection. {% data variables.product.prodname_github_connect %} features will no longer function for the organization. To continue using {% data variables.product.prodname_github_connect %}, you must disable and re-enable the feature. See [AUTOTITLE](/enterprise-server@latest/admin/configuration/configuring-github-connect/managing-github-connect) in the {% data variables.product.prodname_ghe_server %} documentation.
* **{% data variables.product.prodname_github_connect %}:** If the organization was connected to {% data variables.product.prodname_ghe_server %} using {% data variables.product.prodname_github_connect %}, adding the organization to an enterprise will not update the connection. {% data variables.product.prodname_github_connect %} features will no longer function for the organization. To continue using {% data variables.product.prodname_github_connect %}, you must disable and re-enable the feature. See [AUTOTITLE](/enterprise-server@latest/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-githubcom) in the {% data variables.product.prodname_ghe_server %} documentation.
* **{% data variables.product.prodname_marketplace %} apps:** If you add a standalone organization that uses billed {% data variables.product.prodname_marketplace %} apps, the organization can continue to use the apps, but usage will be billable to the enterprise.
* If your enterprise is billed via invoice, contact the app vendor and pay directly.
* If your enterprise is billed via credit card or PayPal, billing continues automatically.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,4 @@ You can also enforce your default setting on all current organization members in
1. Under "Default organization membership visibility", select the drop-down menu, and click **Private** or **Public**.
1. Optionally, to prevent members from changing their membership visibility from the default, select **Enforce for all enterprise members**.
![Screenshot of the "Default organization membership visibility" section. The "Enforce for all enterprise members" checkbox is outlined.](/assets/images/enterprise/site-admin-settings/enforce-default-org-membership-visibility-setting.png)
1. If you'd like to enforce your new visibility setting on all existing members, use the `ghe-org-membership-update` command-line utility. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-org-membership-update).
1. If you'd like to enforce your new visibility setting on all existing members, use the `ghe-org-membership-update` command-line utility. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-org-membership-update).
Original file line number Diff line number Diff line change
Expand Up @@ -53,4 +53,4 @@ As part of the downgrade to the free plan:

## Further reading

* [AUTOTITLE](/admin/overview/about-enterprise-accounts)
* [AUTOTITLE](/admin/concepts/enterprise-fundamentals/enterprise-accounts)
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ category:

You can use the site admin dashboard to restore an organization that was previously deleted on {% data variables.location.product_location %}, as long as the audit log Elasticsearch indices contain the data for the `org.delete` event.

Immediately after you restore an organization, the organization will not be exactly the same as it was prior to the deletion. You'll have to manually restore any repositories that were owned by the organization. For more information, see [AUTOTITLE](/admin/user-management/managing-repositories-in-your-enterprise/restoring-a-deleted-repository).
Immediately after you restore an organization, the organization will not be exactly the same as it was prior to the deletion. You'll have to manually restore any repositories that were owned by the organization. For more information, see [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/restoring-a-deleted-repository).

You can also use the audit log to help you manually re-add teams and organization members. For more information, see [Restoring members and teams](#restoring-members-and-teams).

Expand All @@ -31,7 +31,7 @@ You can also use the audit log to help you manually re-add teams and organizatio

## Restoring members and teams

You can use the audit log to find a list of the previous members and teams of the organization, then recreate them manually. For more information about using the audit log, see [AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/auditing-users-across-your-enterprise).
You can use the audit log to find a list of the previous members and teams of the organization, then recreate them manually. For more information about using the audit log, see [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/auditing-users-across-your-enterprise).

In all the search phrases below, replace ORGANIZATION with the name of the organization and TEAM with the name of the team.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ category:

## About repository restoration

Usually, if someone deletes a repository, it will be available on disk for 90 days and can be restored via the site admin dashboard. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/site-admin-dashboard).
Usually, if someone deletes a repository, it will be available on disk for 90 days and can be restored via the site admin dashboard. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-web-ui).

Unless a legal hold is in effect on a user or organization, after 90 days the repository is purged and deleted forever.

Expand All @@ -34,4 +34,4 @@ Restoring a repository will not restore release attachments or team permissions.

## Further reading

* [AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/placing-a-legal-hold-on-a-user-or-organization)
* [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/placing-a-legal-hold-on-a-user-or-organization)
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ category:

If your enterprise uses {% data variables.product.prodname_emus %}, and you've allowed users to create repositories owned by their user accounts, you can view all user-owned repositories within your enterprise.

You can also temporarily access any user-owned repository. For more information, see [AUTOTITLE](/admin/user-management/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise).
You can also temporarily access any user-owned repository. For more information, see [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/accessing-user-owned-repositories-in-your-enterprise).

{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.policies-tab %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ Enterprise owners have complete control over the enterprise and can take every a
* Managing billing settings{% endif %}
* Managing security settings

Enterprise owners do not have access to organization settings or content by default, but they can gain access by joining any organization. See [AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise).
Enterprise owners do not have access to organization settings or content by default, but they can gain access by joining any organization. See [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise).

{% ifversion ghec %}

Expand All @@ -82,10 +82,10 @@ Billing managers do not have access to organization settings or content by defau

{% data variables.product.prodname_github_app %} managers:

* Can view, create, edit, and delete {% data variables.product.prodname_github_app %} registrations that are owned by the enterprise. For the specific app settings that {% data variables.product.prodname_github_app %} managers can control, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app).
* Can view, create, edit, and delete {% data variables.product.prodname_github_app %} registrations that are owned by the enterprise. For the specific app settings that {% data variables.product.prodname_github_app %} managers can control, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app-registration).
* Cannot install and uninstall {% data variables.product.prodname_github_apps %} on an enterprise or organization.

App managers can also be assigned to individual apps. See [AUTOTITLE](/admin/managing-your-enterprise-account/adding-and-removing-github-app-managers-in-your-enterprise).
App managers can also be assigned to individual apps. See [AUTOTITLE](/admin/managing-github-apps-for-your-enterprise/adding-and-removing-github-app-managers-in-your-enterprise).

{% endif %}

Expand Down Expand Up @@ -160,6 +160,6 @@ To create a custom enterprise role, see [AUTOTITLE](/admin/managing-accounts-and

## Next steps

When you have decided which roles your users require, assign the roles to them. See [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/assign-roles).
When you have decided which roles your users require, assign the roles to them. See [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-roles-in-your-enterprise/assign-roles).

{% endif %}
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Once a user account has been deleted, the username will be available for use wit
You cannot delete a user that is currently an **organization owner**.

* **If the user is the only owner:** Transfer ownership to another person, or delete the organization. See [AUTOTITLE](/organizations/managing-organization-settings/transferring-organization-ownership) and [AUTOTITLE](/organizations/managing-organization-settings/deleting-an-organization-account).
* **If there are other owners:** Remove the user from the organization. See [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization).
* **If there are other owners:** Remove the user from the organization. See [AUTOTITLE](/account-and-profile/how-tos/organization-membership/removing-yourself-from-an-organization).

You cannot delete **your own user account**. If you need to delete your own user account, ask another site administrator to delete your account for you.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ When guest collaborators are enabled in your IdP, you can use SCIM to provision
* If you use a partner IdP, use the "Roles" attribute in the {% data variables.product.prodname_emus %} application.
* If you use the SCIM endpoints of {% data variables.product.company_short %}'s REST API to provision users, use the `roles` user attribute.

For more information about partner IdPs and other identity management systems, see [AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users#identity-management-systems).
For more information about partner IdPs and other identity management systems, see [AUTOTITLE](/admin/concepts/identity-and-access-management/enterprise-managed-users#identity-management-systems).

## Giving guest collaborators access to resources

Expand All @@ -96,7 +96,7 @@ When you have added a guest collaborator to your enterprise, you can add the use
To give the user access to repositories in an organization, add the user as a **member of the organization**.

* As for all members, the base permission policy for the organization determines whether the user has access to internal and private repositories by default. See [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/setting-base-permissions-for-an-organization).
* Guest collaborators can be members of IdP groups that are connected to {% data variables.product.prodname_dotcom %} teams, and will be added to the organization via SCIM, just like other enterprise members. See [AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups).
* Guest collaborators can be members of IdP groups that are connected to {% data variables.product.prodname_dotcom %} teams, and will be added to the organization via SCIM, just like other enterprise members. See [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/managing-team-memberships-with-identity-provider-groups).

### Add the user to a repository

Expand All @@ -108,5 +108,5 @@ This gives the user access to the repository without giving them access to other

* [Tutorial: Configure GitHub Enterprise Managed User for automatic user provisioning](https://learn.microsoft.com/en-us/entra/identity/saas-apps/github-enterprise-managed-user-provisioning-tutorial) in the Entra ID documentation
* [Configure PingFederate for provisioning and SSO](https://docs.pingidentity.com/integrations/github/github_emu_provisioner/pf_gh_emu_configure_pf_for_provisioning_and_sso.html) in the PingIdentity documentation
* [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-with-okta)
* [AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-with-scim-using-the-rest-api)
* [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-with-okta)
* [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api)
Loading
Loading