About SAML access to your enterprise account
When you enable SAML single sign-on for your enterprise account, each enterprise member can link their external identity on your identity provider (IdP) to their existing account on your GitHub Enterprise Server instance. To access each organization's resources on GitHub, the member must have an active SAML session in their browser. Enterprise owners can view and revoke a member's active SAML sessions at any time.
Note
This view is only enabled when SAML with SCIM is enabled.
Viewing a linked identity
You can view the single sign-on identity that a member has linked to their account on GitHub.
-
In the top-right corner of GitHub Enterprise Server, click your profile photo, then click Enterprise settings.
-
On the left side of the page, in the enterprise account sidebar, click People.
-
Click on the name of the member whose linked identity you'd like to view or revoke.
-
In the left sidebar, click SAML identity linked.
-
Under "Linked SSO identity", view the linked SSO identity for the member.
The identity data on this page will include the SCIM data that was sent to GitHub during user provisioning. This SCIM data is what GitHub uses when matching a SAML SSO request to the provisioned user. Note that GitHub does not use SAML mappings when SCIM is enabled. For more information on how GitHub maps SAML and SCIM data for users, please see REST API endpoints for SCIM.
Viewing and revoking an active SAML session
-
In the top-right corner of GitHub Enterprise Server, click your profile photo, then click Enterprise settings.
-
On the left side of the page, in the enterprise account sidebar, click People.
-
Click on the name of the member whose SAML session you'd like to view or revoke.
-
In the left sidebar, click SAML identity linked.
-
Under "Active SAML sessions", view the active SAML sessions for the member.
-
To revoke a session, to the right of the session you'd like to revoke, click Revoke.