Skip to content

Commit

Permalink
Merge pull request github#35268 from github/repo-sync
Browse files Browse the repository at this point in the history
Repo sync
  • Loading branch information
docs-bot authored Nov 13, 2024
2 parents 9bb1b98 + f468a8d commit ebc8601
Show file tree
Hide file tree
Showing 37 changed files with 292 additions and 226 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -133,9 +133,9 @@ To prevent confusion from your developers, you can change this behavior so that
> [!NOTE]
> If a user is signed in to their personal account when they attempt to access any of your enterprise's resources, they'll be automatically signed out and redirected to SSO to sign in to their {% data variables.enterprise.prodname_managed_user %}. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts)."
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.security-tab %}
{% data reusables.enterprise-accounts.access-enterprise-emu %}
{% data reusables.enterprise-accounts.identity-provider-tab %}
{% data reusables.enterprise-accounts.sso-configuration %}
1. Under "Single sign-on settings", select or deselect **Automatically redirect users to sign in**.
{% endif %}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,9 +47,9 @@ OIDC does not support IdP-initiated authentication.

1. Sign into {% data variables.product.prodname_dotcom %} as the setup user for your new enterprise with the username **@SHORT-CODE_admin**.
{% data reusables.enterprise-accounts.access-enterprise-emu %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.security-tab %}
1. Under "OpenID Connect single sign-on", select **Require OIDC single sign-on**.
{% data reusables.enterprise-accounts.identity-provider-tab %}
{% data reusables.enterprise-accounts.sso-configuration %}
1. Under "OIDC single sign-on", select **Enable OIDC configuration**.
1. To continue setup and be redirected to Entra ID, click **Save**.
{% data reusables.enterprise-accounts.emu-azure-admin-consent %}
{% data reusables.enterprise-accounts.download-recovery-codes %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -104,16 +104,16 @@ After the initial configuration of SAML SSO, the only setting you can update on
> {% data reusables.enterprise-accounts.emu-password-reset-session %}
{% data reusables.enterprise-accounts.access-enterprise-emu %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.security-tab %}
{% data reusables.enterprise-accounts.identity-provider-tab %}
{% data reusables.enterprise-accounts.sso-configuration %}

1. Under "SAML single sign-on", select **Require SAML authentication**.
1. Under "SAML single sign-on", select **Add SAML configuration**.
1. Under **Sign on URL**, type the HTTPS endpoint of your IdP for SSO requests that you noted while configuring your IdP.
1. Under **Issuer**, type your SAML issuer URL that you noted while configuring your IdP, to verify the authenticity of sent messages.
1. Under **Public Certificate**, paste the certificate that you noted while configuring your IdP, to verify SAML responses.
{% data reusables.saml.edit-signature-and-digest-methods %}
1. Under **Public Certificate**, select the **Signature Method** and **Digest Method** dropdown menus, then click the hashing algorithm used by your SAML issuer.
1. Before enabling SAML SSO for your enterprise, to ensure that the information you've entered is correct, click **Test SAML configuration**. {% data reusables.saml.test-must-succeed %}
1. Click **Save**.
1. Click **Save SAML settings**.

> [!NOTE]
> After you require SAML SSO for your enterprise and save SAML settings, the setup user will continue to have access to the enterprise and will remain signed in to GitHub along with the {% data variables.enterprise.prodname_managed_users %} provisioned by your IdP who will also have access to the enterprise.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ If you want to migrate to a new identity provider (IdP) or tenant rather than di
{% data reusables.emus.sign-in-as-setup-user %}
1. Attempt to access your enterprise account, and use a recovery code to bypass SAML SSO or OIDC. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable)."
{% data reusables.enterprise-accounts.access-enterprise-emu %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.security-tab %}
1. Under "SAML single sign-on", deselect **Require SAML authentication** or **Require OIDC single sign-on**.
1. Click **Save**.
{% data reusables.enterprise-accounts.identity-provider-tab %}
{% data reusables.enterprise-accounts.sso-configuration %}
1. Next to "SAML single sign-on" or "OIDC single sign-on", click to deselect **SAML single sign-on** or **OIDC single sign-on**.
1. To confirm, click **Disable SAML single sign-on** or **Disable OIDC single sign-on**.
Original file line number Diff line number Diff line change
Expand Up @@ -20,16 +20,23 @@ In the event that your IdP is unavailable, you can use a recovery code to sign i

If you did not save your recovery codes when you configured SSO, you can still access the codes from your enterprise's settings.

{% data reusables.enterprise-accounts.access-enterprise %}
## Downloading codes for an enterprise with personal accounts

{% data reusables.enterprise-accounts.access-enterprise-personal-accounts %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.security-tab %}

1. Under{% ifversion oidc-for-emu %} either{% endif %} "Require SAML authentication"{% ifversion oidc-for-emu %} or "Require OIDC authentication"{% endif %}, click **Save your recovery codes**.{% ifversion oidc-for-emu %}
1. Under "Require SAML authentication", click **Save your recovery codes**.

![Screenshot of the "Authentication security" screen. The "Save your recovery codes" hyperlink is highlighted with an orange outline.](/assets/images/help/enterprises/saml-recovery-codes-link.png)
1. To save your recovery codes, click **Download**, **Print**, or **Copy**.

## Downloading codes for an enterprise with {% data variables.product.prodname_emus %}

> [!NOTE]
> OIDC SSO is only available for {% data variables.product.prodname_emus %}. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
{% data reusables.enterprise-accounts.access-enterprise-emu %}
{% data reusables.enterprise-accounts.identity-provider-tab %}
{% data reusables.enterprise-accounts.sso-configuration %}

{% endif %}
1. Under either "SAML single sign-on" or "OIDC single sign-on", click **Save your recovery codes**.

![Screenshot of the "Authentication security" screen. The "Save your recovery codes" hyperlink is highlighted with an orange outline.](/assets/images/help/enterprises/saml-recovery-codes-link.png)
1. To save your recovery codes, click **Download**, **Print**, or **Copy**.
Original file line number Diff line number Diff line change
Expand Up @@ -181,10 +181,10 @@ If you don't use a partner IdP, or if you only use a partner IdP for authenticat
> {% data reusables.enterprise-accounts.emu-password-reset-session %}
{% data reusables.enterprise-accounts.access-enterprise-emu %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.security-tab %}
{% data reusables.enterprise-accounts.identity-provider-tab %}
{% data reusables.enterprise-accounts.sso-configuration %}
1. Under "Open SCIM Configuration", select "Enable open SCIM configuration".
1. Manage the lifecycle of your users by making calls to the REST API endpoints for SCIM provisioning. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api)."
1. Manage the lifecycle of your users by making calls to the REST API endpoints for SCIM provisioning. See "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api)."

{% endif %}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -88,9 +88,8 @@ Enterprise owners can review a list of IdP groups, each group's memberships, and

{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.click-identity-provider %}

1. To see the members and teams connected to an IdP group, click the group's name.

1. {% data reusables.enterprise-accounts.groups-tab %}
1. To view the teams connected to the IdP group, click **Teams**.

If a team cannot sync with the group on your IdP, the team will display an error. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/troubleshooting-team-membership-with-identity-provider-groups)."
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,13 @@ If {% data variables.product.prodname_dotcom %} is unable to synchronize team me
## Viewing errors for team synchronization with an IdP group

{% data reusables.enterprise-accounts.access-enterprise %}
1. In the list of enterprises, click the enterprise you want to view.
{% data reusables.enterprise-accounts.click-identity-provider %}
1. Under **Identity provider**, click **Groups**.
1. If synchronization for a group is experiencing problems, you'll see a message that reads "Some groups are failing to synchronize to teams. Check that you have available licenses."
1. In the list of IdP groups, click the group you'd like to review.
1. To review the synchronization error for the group, under the name of the group, click **Teams**.

![Screenshot of the page for a synchronized IdP group. Under the name of the group, to the right, the "Teams" tab is highlighted in dark orange.](/assets/images/help/enterprises/idp-group-sync-teams-tab.png)

If a team is unable to sync membership with a group on your IdP, you'll see a description of the problem under the team's name and membership count.

{% ifversion ghec %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,10 @@ If you're new to {% data variables.product.prodname_emus %} and haven't yet conf
## Migrating your enterprise

{% data reusables.emus.sign-in-as-setup-user %}
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.access-enterprise-emu %}
{% data reusables.emus.use-enterprise-recovery-code %}
{% data reusables.enterprise-accounts.security-tab %}
1. Deselect **Require OIDC single sign-on**.
1. Click **Save**.
1. Configure SAML authentication and SCIM provisioning. For more information, see [Tutorial: Microsoft Entra single sign-on (SSO) integration with GitHub Enterprise Managed User](https://learn.microsoft.com/entra/identity/saas-apps/github-enterprise-managed-user-tutorial) on Microsoft Learn.
{% data reusables.enterprise-accounts.identity-provider-tab %}
{% data reusables.enterprise-accounts.sso-configuration %}
1. Deselect **OIDC single sign-on**.
1. Confirm and click **Disable OIDC single sign-on**.
1. Configure SAML authentication and SCIM provisioning. See [Tutorial: Microsoft Entra single sign-on (SSO) integration with GitHub Enterprise Managed User](https://learn.microsoft.com/entra/identity/saas-apps/github-enterprise-managed-user-tutorial) on Microsoft Learn.
Original file line number Diff line number Diff line change
Expand Up @@ -44,14 +44,15 @@ To migrate your enterprise from SAML to OIDC, you will disable your existing {%
> Migration of your enterprise from SAML to OIDC can take up to an hour. During the migration, users cannot access your enterprise on {% data variables.product.github %}.
1. Before you begin the migration, sign in to Azure and disable provisioning in the existing {% data variables.product.prodname_emu_idp_application %} application.
1. If you use [Conditional Access (CA) network location policies](https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition) in Entra ID, and you're currently using an IP allow list with your enterprise account or any of the organizations owned by the enterprise account, disable the IP allow lists. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-allowed-ip-addresses-for-organizations-in-your-enterprise)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization)."
1. If you use [Conditional Access (CA) network location policies](https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition) in Entra ID, and you're currently using an IP allow list with your enterprise account or any of the organizations owned by the enterprise account, disable the IP allow lists. See "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-allowed-ip-addresses-for-organizations-in-your-enterprise)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization)."
{% data reusables.emus.sign-in-as-setup-user %}
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.access-enterprise-emu %}
{% data reusables.emus.use-enterprise-recovery-code %}
{% data reusables.enterprise-accounts.security-tab %}
1. At the bottom of the page, next to "Migrate to OpenID Connect single sign-on", click **Configure with Azure**.
1. Read the warning, then click **I understand, begin migrating to OpenID Connect**.
{% data reusables.enterprise-accounts.identity-provider-tab %}
{% data reusables.enterprise-accounts.sso-configuration %}
1. At the bottom of the page, click **Migrate to OpenID Connect single sign-on**.
1. Read the warning, then click **Migrate to OIDC**.
1. Click **Begin OIDC migration**.
{% data reusables.enterprise-accounts.emu-azure-admin-consent %}
1. After you grant consent, a new browser window will open to {% data variables.product.github %} and display a new set of recovery codes for your {% data variables.enterprise.prodname_emu_enterprise %}. Download the codes, then click **Enable OIDC authentication**.
1. Wait for the migration to complete, which can take up to an hour. To check the status of the migration, navigate to your enterprise's authentication security settings page. If "Require SAML authentication" is selected, the migration is still in progress.
Expand All @@ -60,10 +61,9 @@ To migrate your enterprise from SAML to OIDC, you will disable your existing {%
> Do not provision new users from the application on Entra ID during the migration.
1. In a new tab or window, while signed in as the setup user, create a {% data variables.product.pat_v1 %} with the **scim:enterprise** scope and **no expiration** and copy it to your clipboard. For more information about creating a new token, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users#creating-a-personal-access-token)."
1. In the provisioning settings for the {% data variables.product.prodname_emu_idp_oidc_application %} application in the Microsoft Entra admin center, under "Tenant URL", type the tenant URL for your enterprise:

* For **{% data variables.product.prodname_dotcom_the_website %}**: `https://api.github.com/scim/v2/enterprises/YOUR_ENTERPRISE`, replacing YOUR_ENTERPRISE with the name of your enterprise account. For example, if your enterprise account's URL is `https://github.com/enterprises/octo-corp`, the name of the enterprise account is `octo-corp`.
* For **{% data variables.enterprise.data_residency_site %}**: `https://api.SUBDOMAIN.ghe.com/scim/v2/enterprises/SUBDOMAIN`, where SUBDOMAIN is your enterprise's subdomain on {% data variables.enterprise.data_residency_site %}.
1. In the provisioning settings for the {% data variables.product.prodname_emu_idp_oidc_application %} application in the Microsoft Entra admin center, under "Tenant URL", the tenant URL for your enterprise:
* For **{% data variables.product.prodname_dotcom_the_website %}**: `https://api.github.com/scim/v2/enterprises/YOUR_ENTERPRISE`, replacing YOUR_ENTERPRISE with the name of your enterprise account. For example, if your enterprise account's URL is `https://github.com/enterprises/octo-corp`, the name of the enterprise account is `octo-corp`.
* For **{% data variables.enterprise.data_residency_site %}**: `https://api.SUBDOMAIN.ghe.com/scim/v2/enterprises/SUBDOMAIN`, where SUBDOMAIN is your enterprise's subdomain on {% data variables.enterprise.data_residency_site %}.

1. Under "Secret token", paste the {% data variables.product.pat_v1 %} with the **scim:enterprise** scope that you created earlier.
1. To test the configuration, click **Test Connection**.
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
1. In the top-right corner of {% data variables.product.prodname_dotcom %}, click your profile photo.
1. Click **Your enterprises**, then click the enterprise you want to view.
1 change: 1 addition & 0 deletions data/reusables/enterprise-accounts/groups-tab.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
1. Under **Identity provider**, click **Groups**.
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
1. On the left side of the page, in the enterprise account sidebar, click **Identity provider**.
1 change: 1 addition & 0 deletions data/reusables/enterprise-accounts/sso-configuration.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
1. Under **Identity Provider**, click **Single sign-on configuration**.
3 changes: 2 additions & 1 deletion src/events/components/Survey.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ import { ThumbsdownIcon, ThumbsupIcon } from '@primer/octicons-react'

import { useTranslation } from 'src/languages/components/useTranslation'
import { Link } from 'src/frame/components/Link'
import { sendEvent, EventType } from 'src/events/components/events'
import { sendEvent } from 'src/events/components/events'
import { EventType } from '../types'

import styles from './Survey.module.scss'

Expand Down
73 changes: 2 additions & 71 deletions src/events/components/events.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import Cookies from 'src/frame/components/lib/cookies'
import { parseUserAgent } from './user-agent'
import { Router } from 'next/router'
import { isLoggedIn } from 'src/frame/components/hooks/useHasAccount'
import { EventType, EventPropsByType } from '../types'

const COOKIE_NAME = '_docs-events'

Expand Down Expand Up @@ -54,76 +55,6 @@ export function getUserEventsId() {
return cookieValue
}

export enum EventType {
page = 'page',
exit = 'exit',
link = 'link',
hover = 'hover',
search = 'search',
searchResult = 'searchResult',
survey = 'survey',
experiment = 'experiment',
preference = 'preference',
clipboard = 'clipboard',
print = 'print',
}

type SendEventProps = {
[EventType.clipboard]: {
clipboard_operation: string
clipboard_target?: string
}
[EventType.exit]: {
exit_render_duration?: number
exit_first_paint?: number
exit_dom_interactive?: number
exit_dom_complete?: number
exit_visit_duration?: number
exit_scroll_length?: number
exit_scroll_flip?: number
}
[EventType.experiment]: {
experiment_name: string
experiment_variation: string
experiment_success?: boolean
}
[EventType.hover]: {
hover_url: string
hover_samesite?: boolean
}
[EventType.link]: {
link_url: string
link_samesite?: boolean
link_samepage?: boolean
link_container?: string
}
[EventType.page]: {}
[EventType.preference]: {
preference_name: string
preference_value: string
}
[EventType.print]: {}
[EventType.search]: {
search_query: string
search_context?: string
}
[EventType.searchResult]: {
search_result_query: string
search_result_index: number
search_result_total: number
search_result_rank: number
search_result_url: string
}
[EventType.survey]: {
survey_token?: string // Honeypot, doesn't exist in schema
survey_vote: boolean
survey_comment?: string
survey_email?: string
survey_rating?: number
survey_comment_language?: string
}
}

function getMetaContent(name: string) {
const metaTag = document.querySelector(`meta[name="${name}"]`) as HTMLMetaElement
return metaTag?.content
Expand All @@ -136,7 +67,7 @@ export function sendEvent<T extends EventType>({
}: {
type: T
version?: string
} & SendEventProps[T]) {
} & EventPropsByType[T]) {
const body = {
type,

Expand Down
3 changes: 2 additions & 1 deletion src/events/components/experiment.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import murmur from 'imurmurhash'
import { getUserEventsId, sendEvent, EventType } from './events'
import { getUserEventsId, sendEvent } from './events'
import { EventType } from '../types'

let initialized = false

Expand Down
Loading

0 comments on commit ebc8601

Please sign in to comment.