Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Repo sync #35374

Merged
merged 4 commits into from
Nov 21, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/actions/warmup-remotejson-cache/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ runs:
- name: Run script
if: ${{ inputs.restore-only == '' }}
shell: bash
run: node src/archives/scripts/warmup-remotejson.js
run: npm run warmup-remotejson

- name: Cache .remotejson-cache (save)
if: ${{ inputs.restore-only == '' }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/purge-old-workflow-runs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ name: Purge old workflow runs
on:
workflow_dispatch:
schedule:
- cron: '20 */2 * * *' # Run every 2 hours at 20 minutes past the hour
- cron: '20 * * * *' # Run every hour at 20 minutes past the hour

permissions:
contents: write
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/validate-asset-images.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: Validate asset images

# **What it does**: Run ./src/assets/scripts/validate-asset-images.js on all images in assets/
# **What it does**: Run ./src/assets/scripts/validate-asset-images.ts on all images in assets/
# **Why we have it**: To protect from innocent and potentially malicious bad image assets
# **Who does it impact**: Docs content.

Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified assets/images/help/2fa/filter-org-members-by-2fa.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ You can enforce policies to control the security settings for organizations owne

Before you can require two-factor authentication for all organizations owned by your enterprise, you must enable 2FA for your own account. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa)."

Before you require use of two-factor authentication, we recommend notifying organization members, outside collaborators, and billing managers and asking them to set up 2FA for their accounts. Organization owners can see if members and outside collaborators already use 2FA on each organization's People page. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/viewing-whether-users-in-your-organization-have-2fa-enabled)."
Before you require use of two-factor authentication, we recommend notifying organization members, outside collaborators, and billing managers and asking them to set up 2FA for their accounts. Organization owners can see if members and outside collaborators already use 2FA on each organization's "People" page. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/viewing-whether-users-in-your-organization-have-2fa-enabled)."

{% data reusables.two_fa.ghes_ntp %}

Expand All @@ -58,10 +58,23 @@ Before you require use of two-factor authentication, we recommend notifying orga
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.security-tab %}
1. Under "Two-factor authentication", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
1. Under "Two-factor authentication", select **Require two-factor authentication for all organizations in your business**, then click **Save**.
1. Under "Two-factor authentication", select **Require two-factor authentication for the enterprise and all of its organizations**, then click **Save**.
1. If prompted, read the information about how user access to organization resources will be affected by a 2FA requirement. To confirm the change, click **Confirm**.
1. Optionally, if any outside collaborators are removed from the organizations owned by your enterprise, we recommend sending them an invitation to reinstate their former privileges and access to your organization. Each person must enable two-factor authentication before they can accept your invitation.
1. Optionally, if any outside collaborators are removed from the organizations owned by your enterprise, we recommend sending them an invitation to reinstate their former privileges and access to your organization. Each person must enable 2FA before they can accept your invitation.

{% ifversion fpt or ghec %}

### Requiring secure methods of two-factor authentication for organizations in your enterprise

Alongside requiring two-factor authentication, enterprise owners can require that organization members, billing managers, and outside collaborators in all organizations owned by an enterprise use secure methods of 2FA. Secure two-factor methods are passkeys, security keys, authenticator apps, and the GitHub mobile app. Users who do not have a secure method of 2FA configured, or who have any insecure method configured, will be prevented from accessing resources within any organizations owned by an enterprise. {% ifversion ghec %} This policy is not available for enterprises with managed users.{% endif %}

Before you require secure methods of two-factor authentication, we recommend notifying organization members, outside collaborators, and billing managers and asking them to set up secure 2FA for their accounts. Organization owners can see if members and outside collaborators already use secure methods of 2FA on each organization's "People" page. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/viewing-whether-users-in-your-organization-have-2fa-enabled)."

{% data reusables.enterprise.secure_two_factor_authentication %}
{% data reusables.organizations.secure_two_factor_authentication_confirm %}
1. Optionally, if any outside collaborators are removed from the organizations owned by your enterprise, we recommend sending them an invitation to reinstate their former privileges and access to your organization. Each person must enable 2FA with a secure method before they can accept your invitation.

{% endif %}
{% endif %}

## Managing SSH certificate authorities for your enterprise
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@

After you add an existing organization to your enterprise, the organization's resources remain accessible to members at the same URLs, and the following changes will apply.

* **Two-factor authentication (2FA):** If required by the enterprise, members without 2FA will be removed.
* **Two-factor authentication (2FA):** If required by the enterprise, members without 2FA, or with insecure 2FA, will be unable to access organization resources until they configure 2FA that meets the enterprise's 2FA security requirements.
* **Enterprise licenses:** Members become part of the enterprise, and usage is billed to the enterprise account. You must ensure that the enterprise account has enough licenses to accommodate any new members. See "[AUTOTITLE](/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise)."
* **Enterprise role management:** Enterprise owners can manage their roles within the organization. See "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)."
* **Enterprise policies:** Any policies applied to the enterprise will apply to the organization. {% data reusables.actions.org-to-enterprise-actions-permissions %}
Expand Down Expand Up @@ -110,7 +110,7 @@
{%- endif %}
1. Next to the organization you want to transfer, select the {% octicon "kebab-horizontal" width="16" aria-label="Organization settings" %} dropdown menu, then click **Transfer organization**.

![Screenshot of an organization in the organization list. A dropdown menu, labeled with the kebab icon, is expanded and the "Transfer organization" option is highlighted with an orange outline.](/assets/images/help/business-accounts/transfer-organization.png)

Check warning on line 113 in content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise.md

View workflow job for this annotation

GitHub Actions / lint-content

Images alternate text should be between 40-150 characters

Image alternate text is 191 characters long.

1. Select the **Select enterprise** dropdown menu, start typing the name of the destination enterprise, and click the enterprise you want to transfer the organization to.
1. Click **Review transfer**.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,9 @@ Before you require use of two-factor authentication, we recommend notifying orga
{% data reusables.two_fa.ghes_ntp %}

> [!WARNING]
> * When you require two-factor authentication, members who do not use 2FA will not be able to access your enterprise resources until they enable 2FA on their account. They will retain membership even without 2FA, including occupying seats in your enterprise and organizations.
> * When your require two-factor authentication, outside collaborators (including bot accounts) who do not use 2FA will be removed from the enterprise and its organization and lose access to repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can [reinstate their access privileges and settings](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
> * When two-factor authentication is required, outside collaborators who disable 2FA will automatically be removed from the enterprise and its organizations. {% ifversion fpt or ghec %}Members and billing managers{% else %}Members{% endif %} who disable 2FA will not be able to access your enterprise and organization resources until they re-enable it.
> * If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required 2FA for the organization.
> * When you require two-factor authentication, members and outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can reinstate their access privileges and settings, see [AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
> * When 2FA is required, organization members or outside collaborators who disable 2FA will automatically be removed from the organization.
> * If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization.

## Requiring two-factor authentication for an organization

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ The membership information report includes the following information.
> You can only export the datetime of the user's last activity at the organization level. For more information, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization/exporting-member-information-for-your-organization#about-export-of-membership-information)."

* Username and display name details
* Whether the user has two-factor authentication enabled {% ifversion mandatory-2fa-required-overview %}or is required to enable it{% endif %}
* Whether the user has two-factor authentication enabled and how secure their 2FA configuration is
* Whether the user is an organization owner or member
* Organizations with pending invitations
* Optionally, additional information that depends on the enterprise's configuration:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@

![Screenshot of the tabs above an organization name. The "People" tab is highlighted with an orange outline.](/assets/images/help/enterprises/emu-organization-people-tab.png)
1. Above the list of members, click **Type**, then select the type of members you want to view.
![Screenshot of the list of members. A dropdown menu labeled "Type" is outlined in orange, and an expanded dropdown shows options for "All members," "Managed by IdP groups," and "Managed directly."](/assets/images/help/enterprises/filter-by-member-type.png)

Check warning on line 199 in content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md

View workflow job for this annotation

GitHub Actions / lint-content

Images alternate text should be between 40-150 characters

Image alternate text is 195 characters long.

{% endif %}

Expand Down Expand Up @@ -230,6 +230,18 @@

## Viewing whether members in your enterprise have 2FA enabled

{% ifversion fpt or ghec %}

You can see which people in your enterprise have enabled two-factor authentication.

{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.people-tab %}
1. To view the two-factor authentication security levels of enterprise members, on the right, select **Two-factor authentication**, then click **Secure**, **Insecure**, or **Disabled**.

![Screenshot of the list of enterprise members. A dropdown menu, labeled "Two-factor authentication", is expanded and outlined in orange.](/assets/images/help/2fa/filter-enterprise-members-by-2fa.png)

{% else %}

You can see which people in your enterprise have enabled two-factor authentication{% ifversion mandatory-2fa-required-overview %} or are required to do so{% endif %}.

{% ifversion mandatory-2fa-required-overview %}
Expand All @@ -238,9 +250,11 @@

{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.people-tab %}
1. To view enterprise members who have enabled or disabled two-factor authentication, on the right, select **2FA**, then click **Enabled** or **Disabled**. {% ifversion mandatory-2fa-required-overview %}Additionally, you can view which members are required to enable two-factor authentication by clicking **Required**.
1. To view enterprise members who have enabled or disabled two-factor authentication, on the right, select **2FA**, then click **Enabled** or **Disabled**.

![Screenshot of the list of organization members. A dropdown menu, labeled "2FA", is expanded and outlined in orange.](/assets/images/help/2fa/filter-org-members-by-2fa-required.png){% endif %}
![Screenshot of the list of organization members. A dropdown menu, labeled "2FA", is expanded and outlined in orange.](/assets/images/help/2fa/legacy-filter-org-members-by-2fa.png)

{% endif %}

## Further reading

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@
> * If you're a member{% ifversion fpt or ghec %} or billing manager{% endif %} of an organization that requires 2FA, you will be unable to access that organization's resources while you have 2FA disabled.
> * If you disable 2FA, you will automatically lose access to the organization. To regain access to the organization, if you're a member{% ifversion fpt or ghec %} or billing manager{% endif %}, you must re-enable 2FA. If you're an outside collaborator, you will also lose access to any private forks you have of the organization's private repositories after disabling 2FA, and must re-enable 2FA and contact an organization owner to have access restored.

{% ifversion 2fa-reconfiguration-inline-update %}

Check warning on line 44 in content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md

View workflow job for this annotation

GitHub Actions / lint-content

Liquid `ifversion` (and `elsif`) should not always be true

The Liquid ifversion condition '2fa-reconfiguration-inline-update' includes all possible versions and will always be true.

> [!NOTE]
> You can reconfigure your 2FA settings without disabling 2FA entirely, allowing you to keep both your recovery codes and your membership in organizations that require 2FA.
Expand Down Expand Up @@ -74,6 +74,7 @@
If you're unable to configure a TOTP app, you can also register your phone number to receive SMS messages.

{% data reusables.two_fa.sms-warning %}
{% data reusables.two_fa.sms-cap-note %}

{% data reusables.user-settings.access_settings %}
{% data reusables.user-settings.security %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,13 @@ shortTitle: Disable 2FA
{% data reusables.two_fa.mandatory-2fa-contributors-2023 %}
{% endif %}

{% ifversion fpt or ghec %}
> [!WARNING]
> If you're a member{% ifversion fpt or ghec %}, billing manager,{% endif %} or outside collaborator to a public repository of an organization that requires two-factor authentication and you disable 2FA, you'll be automatically removed from the organization, and you'll lose your access to their repositories. To regain access to the organization, re-enable two-factor authentication and contact an organization owner.
> If you're a member{% ifversion fpt or ghec %} or billing manager{% endif %} to a repository of an organization that requires two-factor authentication and you disable 2FA, you'll lose your access to their repositories. To regain access to the organization, re-enable two-factor authentication.
{% else %}
> [!WARNING]
> If you're a member{% ifversion fpt or ghec %}, billing manager,{% endif %} or outside collaborator to a repository of an organization that requires two-factor authentication and you disable 2FA, you'll be automatically removed from the organization, and you'll lose your access to their repositories. To regain access to the organization, re-enable two-factor authentication and contact an organization owner.
{% endif %}

We strongly recommend using two-factor authentication (2FA) to secure your account. If you need to disable 2FA, we recommend re-enabling it as soon as possible.

Expand All @@ -29,11 +34,15 @@ If you are part of the group that {% data variables.product.prodname_dotcom %} i
You can modify your existing 2FA configuration instead of disabling it entirely. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-two-factor-authentication-method)."
{% endif %}

If your organization requires two-factor authentication and you're a member, owner, or an outside collaborator on a private repository of your organization, you must first leave your organization before you can disable two-factor authentication.
{% ifversion fpt or ghec %}
If your organization requires two-factor authentication and you're an outside collaborator on a repository of your organization, you must first leave the organization before you can disable two-factor authentication. To remove yourself from your organization, visit your Organizations settings page and select "Leave", or ask an organization owner or repository administrator to remove you from the organization's repositories. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/viewing-peoples-roles-in-an-organization)" and "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-outside-collaborators/removing-an-outside-collaborator-from-an-organization-repository)."
{% else %}
If your organization requires two-factor authentication and you're a member, owner, or an outside collaborator on a repository of your organization, you must first leave your organization before you can disable two-factor authentication.

To remove yourself from your organization:
* As an organization member or owner, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization)."
* As an outside collaborator, ask an organization owner or repository administrator to remove you from the organization's repositories. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/viewing-peoples-roles-in-an-organization)" and "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-outside-collaborators/removing-an-outside-collaborator-from-an-organization-repository)."
{% endif %}

{% data reusables.user-settings.access_settings %}
{% data reusables.user-settings.security %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,15 +14,23 @@ topics:
- Teams
shortTitle: Prepare to require 2FA
---
{% ifversion fpt or ghec %}
When requiring 2FA in your organization, consider if you also want to enforce usage of only secure methods among your users (secure two-factor methods are passkeys, security keys, authenticator apps, and the GitHub mobile app).
{% endif %}

We recommend that you notify {% ifversion fpt or ghec %}organization members, outside collaborators, and billing managers{% else %}organization members and outside collaborators{% endif %} at least one week before you require 2FA in your organization.

When you require use of two-factor authentication for your organization, outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories.
Members and billing managers will retain membership but not be able to access your organization resources until they enable 2FA.
When you require use of two-factor authentication for your organization, outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories.{% ifversion fpt or ghec %} If you require secure methods of 2FA, outside collaborators who have SMS 2FA configured will be removed. {% endif %} They will also lose access to their forks of the organization's private repositories.
Members and billing managers will retain membership but not be able to access your organization resources until they meet your 2FA requirement{% ifversion fpt or ghec %} and 2FA security level{% endif %}.

Before requiring 2FA in your organization, we recommend that you:

* Enable 2FA on your personal account. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa)."
* Ask the people in your organization to set up 2FA for their accounts
* Enable 2FA on your personal account{% ifversion fpt or ghec %} with a secure method {% endif %}. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa)."
* Ask the people in your organization to set up 2FA for their accounts{% ifversion fpt or ghec %} with secure methods{% endif %}.
{% ifversion fpt or ghec %}
* View the 2FA security levels of users in your organization, to judge the impact of adding a 2FA requirement. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/viewing-whether-users-in-your-organization-have-2fa-enabled)."
{% else %}
* See whether users in your organization have 2FA enabled. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/viewing-whether-users-in-your-organization-have-2fa-enabled)."
{% endif %}
* Enable 2FA for unattended or shared access accounts, such as bots and service accounts. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/managing-bots-and-service-accounts-with-two-factor-authentication)."
* Warn users that once 2FA is enabled, outside collaborators without 2FA are automatically removed from the organization, and members and billing managers will not be able to access your organization resources until they enable 2FA.
Loading
Loading