repo sync

content/admin/configuration/configuring-your-enterprise/command-line-utilities.md

@@ -237,7 +237,7 @@ ghe-motd
 
 ### ghe-nwo
 
-This utility returns a repository's name and owner based on the repository ID.  
+This utility returns a repository's name and owner based on the repository ID.
 
 ```shell
 ghe-nwo REPOSITORY_ID
@@ -511,7 +511,7 @@ ghe-ssl-ca-certificate-install -c CERTIFICATE_PATH
 
 ### ghe-ssl-certificate-setup
 
-This utility allows you to update an SSL certificate for {% data variables.location.product_location %}. 
+This utility allows you to update an SSL certificate for {% data variables.location.product_location %}.
 
 For more information about this command or for additional options, use the `-h` flag.
 
@@ -613,16 +613,6 @@ To send a bundle to {% data variables.contact.github_support %} and associate th
 $ ssh -p 122 admin@HOSTNAME -- 'ghe-cluster-support-bundle -t TICKET_ID'
 ```
 
-{% ifversion ghes %}
-### ghe-cluster-failover
-
-Fail over from active cluster nodes to passive cluster nodes. For more information, see "[Initiating a failover to your replica cluster](/enterprise/admin/enterprise-management/initiating-a-failover-to-your-replica-cluster)."
-
-```shell
-ghe-cluster-failover
-```
-{% endif %}
-
 ### ghe-dpages
 
 This utility allows you to manage the distributed {% data variables.product.prodname_pages %} server.

content/admin/enterprise-management/configuring-clustering/about-clustering.md

@@ -7,6 +7,12 @@ redirect_from:
   - /enterprise/admin/clustering/clustering-overview
   - /enterprise/admin/enterprise-management/about-clustering
   - /admin/enterprise-management/about-clustering
+  - /enterprise/admin/enterprise-management/configuring-high-availability-replication-for-a-cluster
+  - /admin/enterprise-management/configuring-high-availability-replication-for-a-cluster
+  - /admin/enterprise-management/configuring-clustering/configuring-high-availability-replication-for-a-cluster
+  - /enterprise/admin/enterprise-management/initiating-a-failover-to-your-replica-cluster
+  - /admin/enterprise-management/initiating-a-failover-to-your-replica-cluster
+  - /admin/enterprise-management/configuring-clustering/initiating-a-failover-to-your-replica-cluster
 versions:
   ghes: '*'
 type: overview

content/admin/enterprise-management/configuring-clustering/index.md

@@ -20,7 +20,4 @@ children:
   - /monitoring-cluster-nodes
   - /replacing-a-cluster-node
   - /evacuating-a-cluster-node
-  - /configuring-high-availability-replication-for-a-cluster
-  - /initiating-a-failover-to-your-replica-cluster
 ---
-

content/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise.md

@@ -41,13 +41,17 @@ By default, each member must create a personal account on {% data variables.loca
 
 If you configure additional SAML access restriction, each member must create and manage a personal account on {% data variables.location.product_location %}. You grant access to your enterprise, and the member can access your enterprise's resources after both signing into the account on {% data variables.location.product_location %} and successfully authenticating with your SAML identity provider (IdP). The member can contribute to other enterprises, organizations, and repositories on {% data variables.location.product_location %} using their personal account. For more information about requiring SAML authentication for all access your enterprise's resources, see "[About SAML for enterprise IAM](/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam)."
 
-#### Considerations for enabling SAML for an enterprise or organization
+You can choose between configuring SAML at the enterprise level, which applies the same SAML configuration to all organizations within the enterprise, and configuring SAML separately for individual organizations.
 
-You can configure SAML authentication for every organization in your enterprise, or for individual organizations. If you use a standalone organization with {% data variables.product.product_name %}, or if you don't want to use SAML authentication for every organization in your enterprise, you may want to configure SAML for an individual organization instead of your enterprise. For more information, see "[About identity and access management with SAML single sign-on](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on)."
+#### Deciding whether to configure SAML at the enterprise level or the organization level
 
-If some groups within your enterprise must use different SAML authentication providers to grant access to your resources on {% data variables.location.product_location %}, you can configure SAML for individual organizations. You can implement SAML for your organizations over time by allowing users to gradually authenticate using SAML. Alternatively, you can require SAML authentication by a certain date. Organization members who do not authenticate using SAML by this date will be removed.
+If some groups within your enterprise must use different SAML authentication providers to grant access to your resources on {% data variables.location.product_location %}, you can configure SAML for individual organizations. You can implement SAML for your organizations over time by allowing users to gradually authenticate using SAML. Alternatively, you can require SAML authentication by a certain date. Organization members who do not authenticate using SAML by this date will be removed. For more information about organization-level SAML, see "[About identity and access management with SAML single sign-on](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on)."
 
-If you need to enforce a consistent authentication experience for every organization in your enterprise, you can configure SAML authentication for your enterprise account. The SAML configuration for your enterprise overrides any SAML configuration for individual organizations, and organizations cannot override the enterprise configuration. After you configure SAML for your enterprise, organization members must authenticate with SAML before accessing organization resources. SCIM is not available for enterprise accounts. Team synchronization is only available for SAML at the enterprise level if you use Azure AD as an IdP. For more information, see "[Managing team synchronization for organizations in your enterprise](/admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise)."
+If you configure SAML at the organization level, members are not required to authenticate via SAML to access internal repositories. For more information about internal repositories, see "[About repositories](/repositories/creating-and-managing-repositories/about-repositories#about-internal-repositories),"
+
+If you need to protect internal repositories or enforce a consistent authentication experience for every organization in your enterprise, you can configure SAML authentication for your enterprise account instead. The SAML configuration for your enterprise overrides any SAML configuration for individual organizations, and organizations cannot override the enterprise configuration. After you configure SAML for your enterprise, organization members must authenticate with SAML before accessing organization resources, including internal repositories.
+
+SCIM is not available for enterprise accounts, and team synchronization is only available for SAML at the enterprise level if you use Azure AD as an IdP. For more information, see "[Managing team synchronization for organizations in your enterprise](/admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise)."
 
 Regardless of the SAML implementation you choose, you cannot add external collaborators to organizations or teams. You can only add external collaborators to individual repositories.
 

content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap.md

@@ -131,10 +131,10 @@ After you enable LDAP sync, a synchronization job will run at the specified time
 - If one or more restricted user groups are configured on the instance, the corresponding LDAP entry is in one of these groups, and _Reactivate suspended users_ is enabled in the Admin Center, unsuspend the user.
 - If the corresponding LDAP entry includes a `name` attribute, update the user's profile name.
 - If the corresponding LDAP entry is in the Administrators group, promote the user to site administrator.
-- If the corresponding LDAP entry is not in the Administrators group, demote the user to a normal account.
+- If the corresponding LDAP entry is not in the Administrators group, demote the user to a normal account, unless the account is suspended. Suspended administrators will not be demoted and will remain listed on the "Site admins" and "Enterprise owners" pages.
 - If an LDAP User field is defined for emails, synchronize the user's email settings with the LDAP entry. Set the first LDAP `mail` entry as the primary email.
-- If an LDAP User field is defined for SSH public keys, synchronize the user's public SSH keys with the LDAP entry.  
-- If an LDAP User field is defined for GPG keys, synchronize the user's GPG keys with the LDAP entry.  
+- If an LDAP User field is defined for SSH public keys, synchronize the user's public SSH keys with the LDAP entry.
+- If an LDAP User field is defined for GPG keys, synchronize the user's GPG keys with the LDAP entry.
 
 {% note %}
 

content/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam.md

@@ -75,6 +75,8 @@ Your IdP does not communicate with {% data variables.product.product_name %} aut
 
 {% data reusables.enterprise_user_management.external_auth_disables_2fa %}
 
+After you configure SAML, people who use {% data variables.location.product_location %} must use a {% data variables.product.pat_generic %} to authenticate API requests. For more information, see "[Creating a {% data variables.product.pat_generic %}](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."
+
 {% data reusables.enterprise_user_management.built-in-authentication %}
 
 {% endif %}