User Management#
User Accounts#
Accounts for Github Enterprise Cloud (GHEC) are github.com accounts. Whichever github.com account you use must be tied to your internetid@umn.edu email account. It is recommended to use your University account for the enterprise separately to keep personal and professional projects separated. However, any github account may be used as long as your UofM email is added to your profile settings. There are no superuser accounts for Github.com.
Accounts are invited to the University of Minnesota github.com Enterprise organizations, generally organized by ITAC/CESI groups. Access to GHEC is controlled by Grouper under OIT Identity and Access Management (IAM)'s main "app" stem. If your unit already has a group in Grouper they'd like to leverage for GitHub Enterprise Cloud, feel free to communicate this to DevEx so we can enable your group to manage its users easier.
Roles and Privileges#
A user can belong to multiple organizations in the Enterprise just as they can belong to multiple ITAC units. GitHub Enterprise Cloud is structured with three levels of privilege:
Organization Members#
- Organization Members have...
- Access to repositories in the organization(s) they are added to according to the permission sets configured by organization owners
- University of Minnesota accounts
- Organization owners will need to request new members be added to their organization by sending an email to
devex@umn.eduso they can be added in Grouper - In order to be a full member, the user must already exist in Entra ID (Azure AD)
- Organization owners will need to request new members be added to their organization by sending an email to
Organization Owners#
Organization Owners are members with permissions to manage the organization's settings and add or remove members of the organization.
- Organization Owners will...
- Manage memberships to teams, repos
- Maintain their teams or delegation of team maintenance
- Determine appropriate visibility of repos (private/public)
- Initiate request process for outside collaborators
- Be initial contact for user support in Org
- Manage Org Settings/policies where defined as owned by the organization (not overridden by Enterprise)
- Policy: Awareness of public view of Organization information
- Policy: For Actions, see GitHub's Security Hardening guide
Outside Collaborators#
Anyone added to a repository directly will be added as an "outside collaborator". These users consume Enterprise licenses on github.com but do not have the ability to navigate outside of the permissions set they are allocated to the repository in which they are added. They cannot view other repositories in the Enterprise unless they have been added to them.
- Outside Collaborators can...
- be added to specific repositories by adding a member
Removing users#
Users will be removed from organizations and their access will be revoked when they leave the University.
Organization Owners are responsible for making sure org membership is current and will receive emails once a year to remind them to review it.
Outside collaborators will only lose access to the repositories they are added to when an Owner removes them. It is important that Org Owners limit and track who they have added to repositories as outside collaborators.
Please email devex@umn.edu with requests to remove a UMN account from your org.
Once deprovisioned, UMN account users will no longer have access to non-public repositories they did, unless they retain access as an "Outside Collaborator".