Skip to content

Commit

Permalink
GitHub AE (GHAE) (github#16090)
Browse files Browse the repository at this point in the history
  • Loading branch information
@lecoursen
lecoursen authored Nov 2, 2020
1 parent 63328d6 commit a3e1733
Show file tree
Hide file tree
Showing 1,410 changed files with 68,918 additions and 129,620 deletions.
Binary file added assets/images/enterprise/business-accounts/enable-github-pages-checkbox.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/business-accounts/enable-log-forwarding-checkbox.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/business-accounts/enable-tls-checkbox.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/business-accounts/log-forwarding-tab.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/business-accounts/pages-policies-save-button.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/business-accounts/pages-tab.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/business-accounts/protocol-drop-down-menu.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/business-accounts/public-certificate-text-box.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/business-accounts/public-github-pages-checkbox.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/business-accounts/save-button-log-forwarding.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/business-accounts/server-address-field.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/configuration/ae-enterprise-configuration.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/configuration/ae-force-pushes-configuration-menu.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/configuration/ae-git-ssh-access-menu.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/configuration/ae-idp-configure.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/configuration/ae-idp-issuer-url.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/configuration/ae-idp-public-certificate.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/configuration/ae-idp-sign-on-url.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added ...s/images/enterprise/configuration/ae-organization-creation-permissions-menu.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/configuration/ae-policies-configure.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/configuration/ae-repository-creation-permissions.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/configuration/ae-repository-forking-menu.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/configuration/ae-repository-invitations-menu.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/configuration/ae-repository-permissions-menu.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/configuration/ae-repository-visibility-menu.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/enterprise/configuration/ae-reset-default-options.png
View file
Binary file added assets/images/enterprise/configuration/ae-save.png
View file
Binary file added assets/images/enterprise/configuration/ae-support-configure.png
View file
Binary file added assets/images/enterprise/configuration/ae-support-link-url.png
View file
Binary file added assets/images/enterprise/configuration/ae-test-saml-configuration.png
View file
Binary file modified assets/images/help/business-accounts/enterprise-account-settings-security-tab.png
View file
Binary file added assets/images/help/enterprises/settings-require-scim-user-provisioning.png
View file
Binary file added assets/images/help/enterprises/settings-scim-save.png
View file
Binary file added assets/images/help/personal_token_ghae.png
View file
Binary file added ...ges/help/saml/ae-edit-idp-details-edit-signature-and-digest-drop-down-menus.png
View file
Binary file added assets/images/help/saml/ae-edit-idp-details-edit-signature-and-digest.png
View file
Binary file added assets/images/help/saml/ae-edit-idp-details-save.png
View file
Binary file added assets/images/help/saml/ae-edit-idp-details-test-saml-configuration.png
View file
Binary file added assets/images/help/saml/ae-edit-idp-details.png
View file
Binary file added assets/images/help/saml/ae-saml-disabled-save.png
View file
Binary file added assets/images/help/saml/ae-saml-disabled.png
View file
2 changes: 1 addition & 1 deletion content/actions/guides/about-continuous-integration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ versions:

{% data reusables.actions.enterprise-beta %}
{% data reusables.actions.enterprise-github-hosted-runners %}

### About continuous integration

Continuous integration (CI) is a software practice that requires frequently committing code to a shared repository. Committing code more often detects errors sooner and reduces the amount of code a developer needs to debug when finding the source of an error. Frequent code updates also make it easier to merge changes from different members of a software development team. This is great for developers, who can spend more time writing code and less time debugging errors or resolving merge conflicts.
Expand Down
2 changes: 1 addition & 1 deletion content/actions/hosting-your-own-runners/about-self-hosted-runners.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ api.github.com
*.actions.githubusercontent.com
```

If you use an IP address allow list for your {% data variables.product.prodname_dotcom %} organization or enterprise account, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)" or "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise-account/enforcing-security-settings-in-your-enterprise-account#using-github-actions-with-an-ip-allow-list)".
If you use an IP address allow list for your {% data variables.product.prodname_dotcom %} organization or enterprise account, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)" or "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account#using-github-actions-with-an-ip-allow-list)".

{% else %}

Expand Down
7 changes: 1 addition & 6 deletions content/actions/hosting-your-own-runners/adding-self-hosted-runners.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,16 +50,11 @@ You can add self-hosted runners to an enterprise, where they can be assigned to

{% if currentVersion == "free-pro-team@latest" %}
To add a self-hosted runner to an enterprise account, you must be an enterprise owner.
{% else if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
{% elsif enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
To add a self-hosted runner at the enterprise level of {% data variables.product.product_location %}, you must be a site administrator.
{% endif %}

{% if currentVersion == "free-pro-team@latest" %}
{% data reusables.enterprise-accounts.access-enterprise %}
{% else if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.business %}
{% endif %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.actions-tab %}
1. Click the **Self-hosted runners** tab.
Expand Down
5 changes: 0 additions & 5 deletions ...hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,12 +54,7 @@ Self-hosted runners are automatically assigned to the default group when created

When creating a group, you must choose a policy that grants access to all organizations in the enterprise or choose specific organizations.

{% if currentVersion == "free-pro-team@latest" %}
{% data reusables.enterprise-accounts.access-enterprise %}
{% else if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.business %}
{% endif %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.actions-tab %}
1. Click the **Self-hosted runners** tab.
Expand Down
8 changes: 2 additions & 6 deletions content/actions/hosting-your-own-runners/removing-self-hosted-runners.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,18 +62,14 @@ To remove a self-hosted runner from an organization, you must be an organization

{% if currentVersion == "free-pro-team@latest" %}
To remove a self-hosted runner from an enterprise account, you must be an enterprise owner. We recommend that you also have access to the self-hosted runner machine.
{% else if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
{% elsif enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
To remove a self-hosted runner at the enterprise level of {% data variables.product.product_location %}, you must be a site administrator. We recommend that you also have access to the self-hosted runner machine.
{% endif %}

{% data reusables.github-actions.self-hosted-runner-reusing %}

{% if currentVersion == "free-pro-team@latest" %}

{% data reusables.enterprise-accounts.access-enterprise %}
{% else if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.business %}
{% endif %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.actions-tab %}
{% data reusables.github-actions.self-hosted-runner-removing-a-runner %}
4 changes: 2 additions & 2 deletions content/actions/reference/usage-limits-billing-and-administration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ For more information, see:

- [Configuring the retention period for {% data variables.product.prodname_actions %} for artifacts and logs in your repository](/github/administering-a-repository/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository)
- [Configuring the retention period for {% data variables.product.prodname_actions %} for artifacts and logs in your organization](/github/setting-up-and-managing-organizations-and-teams/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization)
- [Configuring the retention period for {% data variables.product.prodname_actions %} for artifacts and logs in your enterprise](/github/setting-up-and-managing-your-enterprise-account/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account)
- [Configuring the retention period for {% data variables.product.prodname_actions %} for artifacts and logs in your enterprise](/github/setting-up-and-managing-your-enterprise/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account)
{% endif %}

### Disabling or limiting {% data variables.product.prodname_actions %} for your repository or organization
Expand All @@ -74,7 +74,7 @@ For more information, see:
For more information, see:
- "[Disabling or limiting {% data variables.product.prodname_actions %} for a repository](/github/administering-a-repository/disabling-or-limiting-github-actions-for-a-repository)"
- "[Disabling or limiting {% data variables.product.prodname_actions %} for your organization](/github/setting-up-and-managing-organizations-and-teams/disabling-or-limiting-github-actions-for-your-organization)"{% if currentVersion == "free-pro-team@latest" %}
- "[Enforcing {% data variables.product.prodname_actions %} policies in your enterprise account](/github/setting-up-and-managing-your-enterprise-account/enforcing-github-actions-policies-in-your-enterprise-account)" for {% data variables.product.prodname_ghe_cloud %}{% endif %}
- "[Enforcing {% data variables.product.prodname_actions %} policies in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-github-actions-policies-in-your-enterprise-account)" for {% data variables.product.prodname_ghe_cloud %}{% endif %}

### Disabling and enabling workflows

Expand Down
27 changes: 27 additions & 0 deletions ...dmin/authentication/about-identity-and-access-management-for-your-enterprise.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
---
title: About identity and access management for your enterprise
shortTitle: About identity and access management
intro: 'You can use {% if enterpriseServerVersions contains currentVersion %}{% data variables.product.prodname_ghe_server %}''s built-in authentication, or choose between CAS, LDAP, or SAML{% else %}SAML single sign-on (SSO) and System for Cross-domain Identity Management (SCIM){% endif %} to centrally manage access {% if currentVersion == "free-pro-team@latest" %}to organizations owned by your enterprise on {% data variables.product.prodname_dotcom_the_website %}{% endif %}{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}to {% data variables.product.product_location %}{% endif %}.'
product: '{% data reusables.gated-features.saml-sso %}'
versions:
github-ae: '*'
---

### About identity and access management for your enterprise

{% if currentVersion == "github-ae@latest" %}

{% data reusables.saml.ae-uses-saml-sso %} {% data reusables.saml.ae-enable-saml-sso-during-bootstrapping %}

After you configure the application for {% data variables.product.product_name %} on your IdP, you can grant access to {% data variables.product.product_location %} by assigning the application to users on your IdP. For more information about SAML SSO for {% data variables.product.product_name %}, see "[Configuring SAML single sign-on for your enterprise](/admin/authentication/configuring-saml-single-sign-on-for-your-enterprise)."

{% data reusables.scim.after-you-configure-saml %} For more information, see "[Configuring user provisioning for your enterprise](/admin/authentication/configuring-user-provisioning-for-your-enterprise)."

To learn how to configure both authentication and user provisioning for {% data variables.product.product_location %} with your specific IdP, see "[Configuring authentication and provisioning with your identity provider](/admin/authentication/configuring-authentication-and-provisioning-with-your-identity-provider)."

{% endif %}

### Further reading

- [SAML Wiki](https://wiki.oasis-open.org/security) on the OASIS website
- [System for Cross-domain Identity Management: Protocol (RFC 7644)](https://tools.ietf.org/html/rfc7644) on the IETF website
2 changes: 1 addition & 1 deletion ...thentication/authenticating-users-for-your-github-enterprise-server-instance.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
title: Authenticating users for your GitHub Enterprise Server instance
intro: 'You can use {% data variables.product.prodname_ghe_server %}''s built-in authentication, or choose between CAS, LDAP, or SAML to integrate your existing accounts and centrally manage user access to {% data variables.product.product_location_enterprise %}.'
intro: 'You can use {% data variables.product.prodname_ghe_server %}''s built-in authentication, or choose between CAS, LDAP, or SAML to integrate your existing accounts and centrally manage user access to {% data variables.product.product_location %}.'
redirect_from:
- /enterprise/admin/categories/authentication/
- /enterprise/admin/guides/installation/user-authentication/
Expand Down
4 changes: 2 additions & 2 deletions content/admin/authentication/changing-authentication-methods.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ redirect_from:
versions:
enterprise-server: '*'
---
User accounts on {% data variables.product.product_location_enterprise %} are preserved when you change the authentication method and users will continue to log into the same account as long as their username doesn't change.
User accounts on {% data variables.product.product_location %} are preserved when you change the authentication method and users will continue to log into the same account as long as their username doesn't change.

If the new method of authentication changes usernames, new accounts will be created. As an administrator, you can rename users through the site admin settings or by using [the User Administration API](/enterprise/{{currentVersion}}/v3/enterprise-admin/users/#rename-an-existing-user).

Expand All @@ -29,4 +29,4 @@ Other issues you should take into consideration include:

* **Two-factor authentication:** {% data reusables.enterprise_user_management.external_auth_disables_2fa %}

* **Built-in authentication for users outside your identity provider:** You can invite users to authenticate to {% data variables.product.product_location_enterprise %} without adding them to your identity provider. For more information, see "[Allowing built-in authentication for users outside your identity provider](/enterprise/{{ currentVersion }}/admin/guides/user-management/allowing-built-in-authentication-for-users-outside-your-identity-provider)."
* **Built-in authentication for users outside your identity provider:** You can invite users to authenticate to {% data variables.product.product_location %} without adding them to your identity provider. For more information, see "[Allowing built-in authentication for users outside your identity provider](/enterprise/{{ currentVersion }}/admin/guides/user-management/allowing-built-in-authentication-for-users-outside-your-identity-provider)."
47 changes: 47 additions & 0 deletions ...nfiguring-authentication-and-provisioning-for-your-enterprise-using-azure-ad.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
---
title: Configuring authentication and provisioning for your enterprise using Azure AD
shortTitle: Configuring with Azure AD
intro: You can use a tenant in Azure Active Directory (Azure AD) as an identity provider (IdP) to centrally manage authentication and user provisioning for {% data variables.product.product_location %}.
permissions: Enterprise owners can configure authentication and provisioning for an enterprise on {% data variables.product.product_name %}.
product: '{% data reusables.gated-features.saml-sso %}'
versions:
github-ae: '*'
---

### About authentication and user provisioning with Azure AD

Azure Active Directory (Azure AD) is a service from Microsoft that allows you to centrally manage user accounts and access to web applications. For more information, see [What is Azure Active Directory?](https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis) in the Microsoft Docs.

To manage identity and access for {% data variables.product.product_name %}, you can use an Azure AD tenant as a SAML IdP for authentication. You can also configure Azure AD to automatically provision accounts and access with SCIM. This configuration allows you to assign or unassign the {% data variables.product.prodname_ghe_managed %} application for a user account in your Azure AD tenant to automatically create, grant access to, or deactivate a corresponding user account on {% data variables.product.product_name %}.

For more information about managing identity and access for your enterprise on {% data variables.product.product_location %}, see "[Managing identity and access for your enterprise](/admin/authentication/managing-identity-and-access-for-your-enterprise)."

### Prerequisites

To configure authentication and user provisioning for {% data variables.product.product_name %} using Azure AD, you must have an Azure AD account and tenant. For more information, see the [Azure AD website](https://azure.microsoft.com/en-us/free/active-directory) and [Quickstart: Create an Azure Active Directory tenant](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant) in the Microsoft Docs.

{% data reusables.saml.assert-the-administrator-attribute %} For more information about including the `administrator` attribute in the SAML claim from Azure AD, see [How to: customize claims issued in the SAML token for enterprise applications](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization) in the Microsoft Docs.

{% data reusables.saml.create-a-machine-user %}

### Configuring authentication and user provisioning with Azure AD

{% if currentVersion == "github-ae@latest" %}

1. In Azure AD, add {% data variables.product.ae_azure_ad_app_link %} to your tenant and configure single sign-on.

| Value in Azure AD | Value from {% data variables.product.prodname_ghe_managed %} |
| :- | :- |
| Identifier (Entity ID) | <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em><code> |
| Reply URL | <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em>/saml/consume</code> |
| Sign on URL | <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em>/sso</code> |

1. In {% data variables.product.prodname_ghe_managed %}, enter the details for your Azure AD tenant.

- {% data reusables.saml.ae-enable-saml-sso-during-bootstrapping %}

- If you've already configured SAML SSO for {% data variables.product.product_location %} using another IdP and you want to use Azure AD instead, you can edit your configuration. For more information, see "[Configuring SAML single sign-on for your enterprise](/admin/authentication/configuring-saml-single-sign-on-for-your-enterprise#editing-the-saml-sso-configuration)."

1. Enable user provisioning in {% data variables.product.product_name %} and configure user provisioning in Azure AD. For more information, see "[Configuring user provisioning for your enterprise](/admin/authentication/configuring-user-provisioning-for-your-enterprise#enabling-user-provisioning-for-your-enterprise)."

{% endif %}
8 changes: 8 additions & 0 deletions ...tion/configuring-authentication-and-provisioning-with-your-identity-provider.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
title: Configuring authentication and provisioning with your identity provider
intro: You can use an identity provider (IdP) that supports both SAML single sign-on (SSO) and System for Cross-domain Identity Management (SCIM) to configure authentication and user provisioning for {% data variables.product.product_location %}.
mapTopic: true
versions:
github-ae: '*'
---

Loading

0 comments on commit a3e1733

Please sign in to comment.