GitHub brings centralized, granular controls to enterprise user accounts

Let the OSS Enterprise newsletter guide your open source journey! Sign up here.

GitHub has formally launched Enterprise Managed Users (EMUs), a new type of user account for GitHub Enterprise Cloud (GHEC) customers that can be provisioned and managed centrally via the company’s identity provider (IdP).

This represents part of GitHub’s broader efforts to transition software development away from local environments and into the cloud, the most obvious other example being its browser-based Codespaces platform, which it recently launched for enterprises.

GitHub’s EMUs, which were first announced in private beta last year, give admins granular control over GitHub accounts across the company by tying GitHub Enterprise Cloud to their IdP of choice, such as Google, Microsoft, or Okta. This means admins can create (or suspend) user accounts for their employees via a linked IdP and manage user profile data (e.g. username, display name, or email address) and GitHub teams membership.

Above: GitHub EMU

Prior to now, GitHub Enterprise Cloud customers were able to invite developers into company groups using their own existing individual accounts, but with EMUs, companies can now create user accounts for their employees centrally specifically for use at work — these accounts can only be used on repositories that belong to the company. This is particularly notable from a security perspective, as repositories associated with EMU accounts are automatically blocked from making private code publicly visible, which goes some way toward averting human error.

And because accounts support single sign-on (SSO) and are synchronized with a company’s corporate ID, it’s always clear who is collaborating — this is perhaps more important in the current global landscape, given that million of employees are working remotely and may never actually meet their collaborators face to face.

For today’s launch, GitHub’s EMUs only support identity services from Microsoft’s AzureAD and Okta, though plans are afoot to extend coverage to additional IdPs in the future.

Source link