diff --git a/content/admin/github-actions/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md b/content/admin/github-actions/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md index 4a3a5ad2260d..34a77ab196c4 100644 --- a/content/admin/github-actions/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md +++ b/content/admin/github-actions/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md @@ -12,7 +12,7 @@ topics: redirect_from: - /admin/github-actions/using-the-latest-version-of-the-official-bundled-actions shortTitle: Use the latest bundled actions ---- +--- {% data reusables.actions.enterprise-github-hosted-runners %} Your enterprise instance includes a number of built-in actions that you can use in your workflows. For more information about the bundled actions, see "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/about-using-actions-in-your-enterprise#official-actions-bundled-with-your-enterprise-instance)." @@ -30,7 +30,7 @@ You can use {% data variables.product.prodname_github_connect %} to allow {% dat Once {% data variables.product.prodname_github_connect %} is configured, you can use the latest version of an action by deleting its local repository in the `actions` organization on your instance. For example, if your enterprise instance is using `v1` of the `actions/checkout` action, and you need to use `{% data reusables.actions.action-checkout %}` which isn't available on your enterprise instance, perform the following steps to be able to use the latest `checkout` action from {% data variables.product.prodname_dotcom_the_website %}: 1. From an enterprise owner account on {% data variables.product.product_name %}, navigate to the repository you want to delete from the *actions* organization (in this example `checkout`). -1. By default, site administrators are not owners of the bundled *actions* organization. To get the access required to delete the `checkout` repository, you must use the site admin tools. Click {% octicon "rocket" aria-hidden="true" %} in the upper-right corner of any page in that repository. +1. By default, site administrators are not owners of the bundled *actions* organization. To get the access required to delete the `checkout` repository, you must use the site admin tools. Click {% octicon "rocket" aria-label="Site admin" %} in the upper-right corner of any page in that repository. 1. Click {% octicon "shield-lock" aria-hidden="true" %} **Security** to see an overview of the security for the repository. ![Screenshot of the site admin details for a repository. The "Security" link is highlighted with an orange outline.](/assets/images/enterprise/site-admin-settings/access-repo-security-info.png) diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams.md b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams.md index 494d82a84fe9..9e7964cda028 100644 --- a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams.md +++ b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/mapping-okta-groups-to-teams.md @@ -65,7 +65,7 @@ You can map a team in your enterprise to an Okta group you previously pushed to Enterprise owners can use the site admin dashboard to check how Okta groups are mapped to teams on {% data variables.product.prodname_ghe_managed %}. -1. To access the dashboard, in the upper-right corner of any page, click {% octicon "rocket" aria-hidden="true" %}. +1. To access the dashboard, in the upper-right corner of any page, click {% octicon "rocket" aria-label="Site admin" %}. 1. In the left pane, click **External groups**. 1. To view more details about a group, in the list of external groups, click on a group. 1. The group's details includes the name of the Okta group, a list of the Okta users that are members of the group, and the corresponding mapped team on {% data variables.product.prodname_ghe_managed %}. diff --git a/content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/viewing-push-logs.md b/content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/viewing-push-logs.md index 36422b500e00..fb442b1d038d 100644 --- a/content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/viewing-push-logs.md +++ b/content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/viewing-push-logs.md @@ -31,7 +31,7 @@ Push log entries show: 1. Sign into {% data variables.product.prodname_ghe_server %} as a site administrator. 1. Navigate to a repository. -1. In the upper-right corner of the repository's page, click {% octicon "rocket" aria-hidden="true" %}. +1. In the upper-right corner of the repository's page, click {% octicon "rocket" aria-label="Site admin" %}. {% data reusables.enterprise_site_admin_settings.security-tab %} 1. In the left sidebar, click **Push Log**. diff --git a/content/organizations/organizing-members-into-teams/adding-organization-members-to-a-team.md b/content/organizations/organizing-members-into-teams/adding-organization-members-to-a-team.md index 7f79bdaef773..4e09c8c46c78 100644 --- a/content/organizations/organizing-members-into-teams/adding-organization-members-to-a-team.md +++ b/content/organizations/organizing-members-into-teams/adding-organization-members-to-a-team.md @@ -24,6 +24,12 @@ shortTitle: Add members to a team {% data reusables.organizations.team-synchronization %} +{% ifversion ghes %} + +## Adding organization members to a team + +{% endif %} + {% data reusables.profile.access_org %} {% data reusables.user-settings.access_org %} {% data reusables.organizations.specific_team %} @@ -34,7 +40,16 @@ shortTitle: Add members to a team {% ifversion fpt or ghec %}{% data reusables.organizations.cancel_org_invite %}{% endif %} +{% ifversion ghes %} + +## Mapping teams to LDAP groups (for instances using LDAP Sync for user authentication) + +A team that's [synced to an LDAP group](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync) is indicated with a special LDAP badge. The member list for an LDAP synced team can only be managed from the LDAP group it's mapped to. + +To add a new member to a team synced to an LDAP group, add the user as a member of the LDAP group, or contact your LDAP administrator. + +{% endif %} + ## Further reading -- "[AUTOTITLE](/organizations/organizing-members-into-teams/about-teams)" - "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository)" diff --git a/content/organizations/organizing-members-into-teams/creating-a-team.md b/content/organizations/organizing-members-into-teams/creating-a-team.md index 0e282bbd1340..b7cc54b05248 100644 --- a/content/organizations/organizing-members-into-teams/creating-a-team.md +++ b/content/organizations/organizing-members-into-teams/creating-a-team.md @@ -22,6 +22,12 @@ Only organization owners and maintainers of a parent team can create a new child {% data reusables.organizations.team-synchronization %} +{% ifversion ghes %} + +## Creating a team + +{% endif %} + {% data reusables.profile.access_org %} {% data reusables.user-settings.access_org %} {% data reusables.organizations.new_team %} @@ -38,8 +44,34 @@ Only organization owners and maintainers of a parent team can create a new child {% data reusables.organizations.create_team %} 1. Optionally, [give the team access to organization repositories](/organizations/managing-user-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository). -## Further reading +{% ifversion ghes %} + +## Creating teams with LDAP Sync enabled + +Instances using LDAP for user authentication can use LDAP Sync to manage a team's members. Setting the group's **Distinguished Name** (DN) in the **LDAP group** field will map a team to an LDAP group on your LDAP server. If you use LDAP Sync to manage a team's members, you won't be able to manage your team within {% data variables.location.product_location %}. The mapped team will sync its members in the background and periodically at the interval configured when LDAP Sync is enabled. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync)." + +You must be a site admin and an organization owner to create a team with LDAP sync enabled. + +{% data reusables.enterprise_user_management.ldap-sync-nested-teams %} + +{% warning %} + +**Notes:** +- LDAP Sync only manages the team's member list. You must manage the team's repositories and permissions from within {% data variables.product.prodname_ghe_server %}. +- If an LDAP group mapping to a DN is removed, such as if the LDAP group is deleted, then every member is removed from the synced {% data variables.product.prodname_ghe_server %} team. To fix this, map the team to a new DN, add the team members back, and [manually sync the mapping](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#manually-syncing-ldap-accounts). +- When LDAP Sync is enabled, if a person is removed from a repository, they will lose access but their forks will not be deleted. If the person is added to a team with access to the original organization repository within three months, their access to the forks will be automatically restored on the next sync. + +{% endwarning %} -- "[AUTOTITLE](/organizations/organizing-members-into-teams/about-teams)" -- "[AUTOTITLE](/organizations/organizing-members-into-teams/changing-team-visibility)" -- "[AUTOTITLE](/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy)" +1. Ensure that [LDAP Sync is enabled](/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap#enabling-ldap-sync). +{% data reusables.profile.access_org %} +{% data reusables.user-settings.access_org %} +{% data reusables.organizations.new_team %} +{% data reusables.organizations.team_name %} +6. Under "LDAP group", search for an LDAP group's DN to map the team to. If you don't know the DN, type the LDAP group's name. {% data variables.product.prodname_ghe_server %} will search for and autocomplete any matches. +{% data reusables.organizations.team_description %} +{% data reusables.organizations.team_visibility %} +{% data reusables.organizations.create-team-choose-parent %} +{% data reusables.organizations.create_team %} + +{% endif %}