U of MN Github Docs#
University of Minnesota has an Enterprise on GitHub.com for use by IT Administrators. Membership is provisioned by CESI/ITAC units as Organizations in the Enterprise.
Repositories created in in the University of Minnesota Enterprise are hosted on github.com. This means that repositories created as public
are public on the Internet. This is a major difference from github.umn.edu; appropriate actions should be taken to keep University of Minnesota intellectual property inside Enterprise-owned repositories.
"Outside Collaborators" can be added to any repository and will allow access specific to the repository that they are added to. These members will consume a GitHub user license and their access should be regularly attested; if a user is a member of the University they can be onboarded to the team to provide regular access to repositories. Member access depends on the visibility of the repositories, outlined here.
New Units/Organization#
-
Request to onboard your team using our UMN Github.com Org Intake form
- Note: you may not be able to use your UMN Internet ID for github.com depending on worldwide availability of the username
-
If you already have an organization in the UMN Github.com Enterprise, you can request to add new users by emailing
devex@umn.edu
Policy on multiple Organization for a Unit#
Github Orgs offer Roles and Teams to manage multiple different team members with different access needs. If a unit has a business case for an additional Organization and can demonstrate that the Roles/Teams does not provide sufficient separation an additional Organization can be provisioned. This will be evaluated on a case by case basis.
Login#
Login is a two step process.
- Sign in to your
github.com
account. This account must be tied to yourinternetid@umn.edu
email account. If you don't have agithub.com
account that uses your UMN email, you will need to create one or add your email to an existing account you own under profile settings. - Once you're signed in to
github.com
, you will sign in with UMN's Azure EntraID to access any Organizations you're a member or owner of in the University of Minnesota enterprise
Note: GitHub.com requires that users who publish content on github.com have one or more Two-factor authentication strategies enabled. This means to get into a UMN org you will have to do 2-factor auth for the github.com
login AND a DUO push for access to UMN Enterprise Orgs and Repositories.
Data Security Policy#
Because GitHub stores code that is used to transport and manipulate protected University data, data in GHEC is considered Private - Restricted
and proper considerations should be made to protect this data.
Repositories#
Do not push private data of any kind (e.g. social security numbers, student ID numbers, private keys, session tokens) to GitHub Enterprise Cloud. If you 'test' data is just a copy of production data and contains highly-private data, it is not allowed.
If your code touches systems that interact with University of MN IP (Intellectual Property), do not publish it to a Public
repository of any kind as it will be easily located on the consumer Internet. This includes code that represent a webapp/site, especially one that is in production and has the ability to access highly-private data.
Actions#
Github Actions can not be used if it touches private-highly restricted data.
For more information about using GitHub Actions see Actions Runners.