From 1623e9bae16544890aaa34a7bc22f50c049a5c53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lukas=20Spie=C3=9F?= Date: Mon, 13 Oct 2025 15:31:04 +0200 Subject: [PATCH 1/3] Fix documentation of search filters for issues and pull requests (#57936) Co-authored-by: Jules <19994093+jules-p@users.noreply.github.com> --- ...-and-searching-issues-and-pull-requests.md | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/content/issues/tracking-your-work-with-issues/using-issues/filtering-and-searching-issues-and-pull-requests.md b/content/issues/tracking-your-work-with-issues/using-issues/filtering-and-searching-issues-and-pull-requests.md index f01de416776f..62a9775778b2 100644 --- a/content/issues/tracking-your-work-with-issues/using-issues/filtering-and-searching-issues-and-pull-requests.md +++ b/content/issues/tracking-your-work-with-issues/using-issues/filtering-and-searching-issues-and-pull-requests.md @@ -209,11 +209,11 @@ gh pr list --search "team:octo-org/octo-team" With issue and pull request search terms, you can: -* Filter issues and pull requests by author: `state:open type:issue author:octocat` -* Filter issues and pull requests that involve, but don't necessarily [**@mention**](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#mentioning-people-and-teams), certain people: `state:open type:issue involves:octocat` -* Filter issues and pull requests by assignee: `state:open type:issue assignee:octocat` -* Filter issues and pull requests by label: `state:open type:issue label:"bug"` -* Filter out search terms by using `-` before the term: `state:open type:issue -author:octocat` +* Filter issues and pull requests by author: `state:open is:issue author:octocat` +* Filter issues and pull requests that involve, but don't necessarily [**@mention**](/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#mentioning-people-and-teams), certain people: `state:open is:issue involves:octocat` +* Filter issues and pull requests by assignee: `state:open is:issue assignee:octocat` +* Filter issues and pull requests by label: `state:open is:issue label:"bug"` +* Filter out search terms by using `-` before the term: `state:open is:issue -author:octocat` > [!TIP] > You can filter issues by label using logical OR or using logical AND. @@ -227,19 +227,19 @@ For issues, you can also use search to: {% ifversion issue-types %}* Filter for issues with a particular type: `is:open type:"Bug"`{% endif %}{% ifversion issues-advanced-search %} * Filter for issues that have metadata: `has:label` * Filter for issues that are missing metadata: `no:project` -* Filter for issues from repositories [**owned**](/search-github/searching-on-github/searching-issues-and-pull-requests#search-within-a-users-or-organizations-repositories) by a certain user or organization, limited to up to 16 `user` and `org` qualifiers with no limit on `repo` qualifiers: `state:open type:issue org:github OR user:octocat`{% endif %} +* Filter for issues from repositories [**owned**](/search-github/searching-on-github/searching-issues-and-pull-requests#search-within-a-users-or-organizations-repositories) by a certain user or organization, limited to up to 16 `user` and `org` qualifiers with no limit on `repo` qualifiers: `state:open is:issue org:github OR user:octocat`{% endif %} For pull requests, you can also use search to: * Filter [draft](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests#draft-pull-requests) pull requests: `is:draft` -* Filter pull requests that haven't been [reviewed](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews) yet: `state:open type:pr review:none` -* Filter pull requests that [require a review](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging) before they can be merged: `state:open type:pr review:required` -* Filter pull requests that a reviewer has approved: `state:open type:pr review:approved` -* Filter pull requests in which a reviewer has asked for changes: `state:open type:pr review:changes_requested` -* Filter pull requests by [reviewer](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews): `state:open type:pr reviewed-by:octocat` -* Filter pull requests by the specific user [requested for review](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review): `state:open type:pr review-requested:octocat` -* Filter pull requests that someone has asked you directly to review: `state:open type:pr user-review-requested:@me` -* Filter pull requests by the team requested for review: `state:open type:pr team-review-requested:github/docs` +* Filter pull requests that haven't been [reviewed](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews) yet: `state:open is:pr review:none` +* Filter pull requests that [require a review](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging) before they can be merged: `state:open is:pr review:required` +* Filter pull requests that a reviewer has approved: `state:open is:pr review:approved` +* Filter pull requests in which a reviewer has asked for changes: `state:open is:pr review:changes_requested` +* Filter pull requests by [reviewer](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews): `state:open is:pr reviewed-by:octocat` +* Filter pull requests by the specific user [requested for review](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review): `state:open is:pr review-requested:octocat` +* Filter pull requests that someone has asked you directly to review: `state:open is:pr user-review-requested:@me` +* Filter pull requests by the team requested for review: `state:open is:pr team-review-requested:github/docs` * Filter for pull requests that are linked to an issue that the pull request may close: `linked:issue` * Filter pull requests by state of [merging](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges): `is:merged` or `is:unmerged` @@ -274,7 +274,7 @@ You can send the URL that issues generates to any user, and they'll be able to s For example, if you filter on issues assigned to Hubot, and sort on the oldest open issues, your URL would update to something like the following: ```text -/issues?q=state:open+type:issue+assignee:hubot+sort:created-asc +/issues?q=state:open+is:issue+assignee:hubot+sort:created-asc ``` ## Further reading From 204810460f7cff15619d8a4c888e15363558a4c1 Mon Sep 17 00:00:00 2001 From: mc <42146119+mchammer01@users.noreply.github.com> Date: Mon, 13 Oct 2025 15:21:05 +0100 Subject: [PATCH 2/3] [Now] Create concepts category for enterprise admin docs (#57847) Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> --- .../best-practices-for-enterprises.md | 5 ++-- .../enterprise-accounts.md} | 9 ++++---- .../concepts/enterprise-fundamentals/index.md | 15 ++++++++++++ .../roles-in-an-enterprise.md} | 12 ++++++---- .../teams-in-an-enterprise.md} | 12 +++++++--- .../enterprise-managed-users.md} | 23 +++++++++++-------- ...ity-and-access-management-fundamentals.md} | 17 +++++++------- .../identity-and-access-management/index.md | 14 +++++++++++ content/admin/concepts/index.md | 16 +++++++++++++ .../audit-log-for-an-enterprise.md} | 11 +++++---- .../enterprise-policies.md} | 10 +++++--- .../concepts/security-and-compliance/index.md | 14 +++++++++++ .../index.md | 2 +- content/admin/guides.md | 6 ++--- content/admin/index.md | 6 ++--- .../index.md | 2 -- .../managing-your-enterprise-account/index.md | 1 - .../index.md | 2 +- content/admin/overview/index.md | 5 +--- ...ng-started-with-github-enterprise-cloud.md | 2 +- data/learning-tracks/admin.yml | 4 ++-- 21 files changed, 129 insertions(+), 59 deletions(-) rename content/admin/{overview => concepts}/best-practices-for-enterprises.md (96%) rename content/admin/{managing-your-enterprise-account/about-enterprise-accounts.md => concepts/enterprise-fundamentals/enterprise-accounts.md} (92%) create mode 100644 content/admin/concepts/enterprise-fundamentals/index.md rename content/admin/{overview/about-roles.md => concepts/enterprise-fundamentals/roles-in-an-enterprise.md} (89%) rename content/admin/{overview/about-teams.md => concepts/enterprise-fundamentals/teams-in-an-enterprise.md} (95%) rename content/admin/{managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users.md => concepts/identity-and-access-management/enterprise-managed-users.md} (90%) rename content/admin/{managing-iam/understanding-iam-for-enterprises/about-identity-and-access-management.md => concepts/identity-and-access-management/identity-and-access-management-fundamentals.md} (94%) create mode 100644 content/admin/concepts/identity-and-access-management/index.md create mode 100644 content/admin/concepts/index.md rename content/admin/{monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md => concepts/security-and-compliance/audit-log-for-an-enterprise.md} (95%) rename content/admin/{enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies.md => concepts/security-and-compliance/enterprise-policies.md} (87%) create mode 100644 content/admin/concepts/security-and-compliance/index.md diff --git a/content/admin/overview/best-practices-for-enterprises.md b/content/admin/concepts/best-practices-for-enterprises.md similarity index 96% rename from content/admin/overview/best-practices-for-enterprises.md rename to content/admin/concepts/best-practices-for-enterprises.md index a3d9f9dfca05..502f2c4f1c48 100644 --- a/content/admin/overview/best-practices-for-enterprises.md +++ b/content/admin/concepts/best-practices-for-enterprises.md @@ -5,11 +5,13 @@ intro: 'Learn {% data variables.product.company_short %}-recommended practices f versions: ghec: '*' ghes: '*' -type: overview +contentType: concepts topics: - Accounts - Enterprise - Fundamentals +redirect_from: + - /admin/overview/best-practices-for-enterprises --- {% ifversion ghec %} @@ -62,5 +64,4 @@ Organizations can have more than one organization owner to avoid lapses in owner ## Further reading -* [AUTOTITLE](/repositories/creating-and-managing-repositories/best-practices-for-repositories) * [AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/best-practices-for-organizations) diff --git a/content/admin/managing-your-enterprise-account/about-enterprise-accounts.md b/content/admin/concepts/enterprise-fundamentals/enterprise-accounts.md similarity index 92% rename from content/admin/managing-your-enterprise-account/about-enterprise-accounts.md rename to content/admin/concepts/enterprise-fundamentals/enterprise-accounts.md index d531a3848087..0debb939c823 100644 --- a/content/admin/managing-your-enterprise-account/about-enterprise-accounts.md +++ b/content/admin/concepts/enterprise-fundamentals/enterprise-accounts.md @@ -1,6 +1,6 @@ --- -title: About enterprise accounts -intro: Learn how enterprise accounts enable scalability by simplifying administration and billing across multiple organizations. +title: Enterprise accounts +intro: 'Learn how enterprise accounts enable scalability by simplifying administration and billing across multiple organizations.' redirect_from: - /articles/about-github-business-accounts - /articles/about-enterprise-accounts @@ -10,10 +10,11 @@ redirect_from: - /github/setting-up-and-managing-your-enterprise/about-enterprise-accounts - /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-account/about-enterprise-accounts - /admin/overview/about-enterprise-accounts + - /admin/managing-your-enterprise-account/about-enterprise-accounts versions: ghec: '*' ghes: '*' -type: overview +contentType: concepts topics: - Accounts - Enterprise @@ -52,7 +53,7 @@ Administrators for the enterprise account can: ## What if I use multiple deployment options? -If you use both {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_ghe_server %}, you'll have an enterprise account for each. +If you use both {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_ghe_server %}, you'll have **an enterprise account for each.** For the most part, you will manage each enterprise account separately. For example, you will configure the policies and settings for your {% data variables.product.prodname_ghe_server %} instance using the enterprise account on {% data variables.product.prodname_ghe_server %}. diff --git a/content/admin/concepts/enterprise-fundamentals/index.md b/content/admin/concepts/enterprise-fundamentals/index.md new file mode 100644 index 000000000000..ee403e87f598 --- /dev/null +++ b/content/admin/concepts/enterprise-fundamentals/index.md @@ -0,0 +1,15 @@ +--- +title: Enterprise fundamentals +shortTitle: Fundamentals +intro: 'Learn the fundamental concepts that you''ll need to understand {% data variables.location.product_location %}, including fundamentals, identity and access management, security and compliance, and best practices.' +versions: + ghes: '*' + ghec: '*' +topics: + - Enterprise +children: + - /enterprise-accounts + - /teams-in-an-enterprise + - /roles-in-an-enterprise +contentType: concepts +--- diff --git a/content/admin/overview/about-roles.md b/content/admin/concepts/enterprise-fundamentals/roles-in-an-enterprise.md similarity index 89% rename from content/admin/overview/about-roles.md rename to content/admin/concepts/enterprise-fundamentals/roles-in-an-enterprise.md index affcb2738c12..ef9d201595a3 100644 --- a/content/admin/overview/about-roles.md +++ b/content/admin/concepts/enterprise-fundamentals/roles-in-an-enterprise.md @@ -1,19 +1,21 @@ --- -title: About roles in an enterprise +title: Roles in an enterprise intro: 'Learn how roles allow you to control people''s access to your enterprise''s settings and resources.' versions: ghec: '*' ghes: '*' -shortTitle: About roles -type: overview +shortTitle: Roles topics: - Enterprise - Fundamentals +redirect_from: + - /admin/overview/about-roles +contentType: concepts --- ## What are roles? -A role is a set of permissions that you can assign to individuals or teams. A permission is the ability to perform a specific action, such as changing billing settings. +A role is a **set of permissions** that you can assign to individuals or teams. A permission is the ability to perform a specific action, such as changing billing settings. A user in an enterprise has a role for both the enterprise account itself and for each individual organization in the enterprise. @@ -35,7 +37,7 @@ Enterprise roles are assigned when a user is invited to the enterprise (personal Organization administrators can grant organization roles and create custom organization roles, but can't affect roles at the enterprise level. -## Next steps +## Further reading Review the predefined roles and fine-grained permissions available with custom organization roles, and plan out what roles will be required for your teams to do their jobs on {% data variables.product.github %}. diff --git a/content/admin/overview/about-teams.md b/content/admin/concepts/enterprise-fundamentals/teams-in-an-enterprise.md similarity index 95% rename from content/admin/overview/about-teams.md rename to content/admin/concepts/enterprise-fundamentals/teams-in-an-enterprise.md index f5b9280f3800..2dc8451c4b5d 100644 --- a/content/admin/overview/about-teams.md +++ b/content/admin/concepts/enterprise-fundamentals/teams-in-an-enterprise.md @@ -1,13 +1,15 @@ --- -title: About teams in an enterprise +title: Teams in an enterprise intro: 'Learn how teams simplify administration of user access, licensing, and communication.' versions: ghec: '*' -shortTitle: About teams -type: overview +shortTitle: Teams topics: - Enterprise - Fundamentals +redirect_from: + - /admin/overview/about-teams +contentType: concepts --- ## What are teams? @@ -54,3 +56,7 @@ Unlike organization teams, enterprise teams currently do **not** support: In addition, enterprise teams are currently limited to 50 teams for a single enterprise and 500 users to each team. For more information about the capabilities of organization teams, see [AUTOTITLE](/organizations/organizing-members-into-teams/about-teams). + +## Further reading + +* [AUTOTITLE](/organizations/organizing-members-into-teams/about-teams) diff --git a/content/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users.md b/content/admin/concepts/identity-and-access-management/enterprise-managed-users.md similarity index 90% rename from content/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users.md rename to content/admin/concepts/identity-and-access-management/enterprise-managed-users.md index 0375d7200a2c..6719c3fffc64 100644 --- a/content/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users.md +++ b/content/admin/concepts/identity-and-access-management/enterprise-managed-users.md @@ -1,6 +1,6 @@ --- -title: 'About {% data variables.product.prodname_emus %}' -shortTitle: About managed users +title: About {% data variables.product.prodname_emus %} +shortTitle: Enterprise Managed Users intro: 'Learn how your enterprise can manage the lifecycle and authentication of users on {% data variables.product.prodname_dotcom %} from your identity provider (IdP).' redirect_from: - /early-access/github/articles/get-started-with-managed-users-for-your-enterprise @@ -16,9 +16,10 @@ redirect_from: - /admin/identity-and-access-management/using-enterprise-managed-users-for-iam - /admin/identity-and-access-management/managing-iam-for-your-enterprise/about-enterprise-managed-users - /admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users + - /admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users versions: ghec: '*' -type: overview +contentType: concepts topics: - Accounts - Authentication @@ -27,7 +28,9 @@ topics: allowTitleToDifferFromFilename: true --- -With {% data variables.product.prodname_emus %}, you manage the lifecycle and authentication of your users on {% data variables.product.prodname_dotcom_the_website %} or {% data variables.enterprise.data_residency_site %} from an external identity management system, or IdP: +## What are Enterprise Managed Users in {% data variables.product.github %}? + +With {% data variables.product.prodname_emus %}, you manage the lifecycle and authentication of your users on {% data variables.product.prodname_dotcom_the_website %} or {% data variables.enterprise.data_residency_site %} **from an external identity management system, or IdP**: * Your IdP **provisions new user accounts** on {% data variables.product.prodname_dotcom %}, with access to your enterprise. * Users must **authenticate on your IdP** to access your enterprise's resources on {% data variables.product.prodname_dotcom %}. @@ -37,11 +40,11 @@ With {% data variables.product.prodname_emus %}, you manage the lifecycle and au > [!NOTE] {% data variables.product.prodname_emus %} is not the best solution for every customer. To determine whether it's right for your enterprise, see [AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud). -## Identity management systems +## How does EMUs integrate with identity management systems? {% data reusables.enterprise_user_management.emu-paved-path-iam-integrations %} -### Partner identity providers +### What are partner identity providers? Partner IdPs provide authentication using SAML or OIDC, and provide provisioning with System for Cross-domain Identity Management (SCIM). @@ -57,7 +60,7 @@ Partner IdPs provide authentication using SAML or OIDC, and provide provisioning When you use a single partner IdP for both authentication and provisioning, {% data variables.product.company_short %} provides support for the application on the partner IdP and the IdP's integration with {% data variables.product.prodname_dotcom %}. -### Other identity management systems +### Can I use identity management systems other than the supported partners? If you cannot use a single partner IdP for both authentication and provisioning, you can use another identity management system or combination of systems. The system must: @@ -67,7 +70,7 @@ If you cannot use a single partner IdP for both authentication and provisioning, {% data reusables.emus.mixed-systems-note %} -## Usernames and profile information +## How are usernames and profile information managed for EMUs? {% data variables.product.prodname_dotcom %} automatically creates a username for each developer by normalizing an identifier provided by your IdP. If the unique parts of the identifier are removed during normalization, a conflict may occur. See [AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication#resolving-username-problems). @@ -76,13 +79,13 @@ The profile name and email address of a {% data variables.enterprise.prodname_ma * The IdP can only provide one email address. * Changing a user's email address in your IdP will unlink the user from the contribution history associated with the old email address. -## Managing roles and access +## How are roles and access managed for EMUs? In your IdP, you can give each {% data variables.enterprise.prodname_managed_user %} a **role in your enterprise**, such as member, owner, or guest collaborator. See [AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise). Organization memberships (and repository access) can be managed manually, or you can **update memberships automatically using IdP groups**. See [AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups). -## Authentication for {% data variables.enterprise.prodname_managed_users %} +## How do {% data variables.enterprise.prodname_managed_users %} authenticate to {% data variables.product.prodname_dotcom %}? The locations where {% data variables.enterprise.prodname_managed_users %} can authenticate to {% data variables.product.prodname_dotcom %} depends on how you configure authentication (SAML or OIDC). See [AUTOTITLE](/authentication/authenticating-with-single-sign-on/authenticating-with-a-managed-user-account). diff --git a/content/admin/managing-iam/understanding-iam-for-enterprises/about-identity-and-access-management.md b/content/admin/concepts/identity-and-access-management/identity-and-access-management-fundamentals.md similarity index 94% rename from content/admin/managing-iam/understanding-iam-for-enterprises/about-identity-and-access-management.md rename to content/admin/concepts/identity-and-access-management/identity-and-access-management-fundamentals.md index 404a57168297..212a45a9ece8 100644 --- a/content/admin/managing-iam/understanding-iam-for-enterprises/about-identity-and-access-management.md +++ b/content/admin/concepts/identity-and-access-management/identity-and-access-management-fundamentals.md @@ -1,15 +1,16 @@ --- -title: About identity and access management -shortTitle: About IAM +title: Identity and access management fundamentals +shortTitle: Fundamentals intro: 'Administrators must decide how users will access the enterprise''s resources on {% data variables.product.github %}.' versions: ghec: '*' ghes: '*' -type: overview +contentType: concepts redirect_from: - /admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise - /admin/identity-and-access-management/managing-iam-for-your-enterprise/about-identity-and-access-management - /admin/identity-and-access-management/understanding-iam-for-enterprises/about-identity-and-access-management + - /admin/managing-iam/understanding-iam-for-enterprises/about-identity-and-access-management topics: - Accounts - Authentication @@ -18,7 +19,7 @@ topics: - SSO --- -## About IAM for {% data variables.product.github %} +## What is IAM for {% data variables.product.github %}? {% ifversion ghec %} @@ -32,7 +33,7 @@ Administrators who configure a {% data variables.product.prodname_ghe_server %} {% endif %} -## Authentication methods +## Which authentication method are available to me? {% ifversion ghec %} @@ -81,7 +82,7 @@ If you choose to use external authentication, you can also configure fallback au {% endif %} -## About provisioning +## How does provisioning work? {% ifversion ghec %} @@ -97,7 +98,7 @@ If you configure built-in authentication, CAS, LDAP, or SAML, {% data variables. {% ifversion emu-public-scim-schema %} -## About supported IdPs +## Which IdPs are supported? {% data reusables.enterprise_user_management.ghec-supported-idps %} @@ -105,9 +106,7 @@ If you configure built-in authentication, CAS, LDAP, or SAML, {% data variables. ## Further reading -* [AUTOTITLE](/get-started/learning-about-github/types-of-github-accounts) * [AUTOTITLE](/admin/overview/about-enterprise-accounts) {%- ifversion ghec %} * [AUTOTITLE](/organizations/managing-membership-in-your-organization/can-i-create-accounts-for-people-in-my-organization) -* [AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account) {%- endif %} diff --git a/content/admin/concepts/identity-and-access-management/index.md b/content/admin/concepts/identity-and-access-management/index.md new file mode 100644 index 000000000000..16015e703b97 --- /dev/null +++ b/content/admin/concepts/identity-and-access-management/index.md @@ -0,0 +1,14 @@ +--- +title: Identity and access management +shortTitle: Identity and access management +intro: 'Learn the concepts around identity and access management (IAM) for {% data variables.location.product_location %}, including authentication, authorization, {% ifversion ghec %}Enterprise Managed Users, {% endif %}and user management.' +versions: + ghes: '*' + ghec: '*' +topics: + - Enterprise +children: + - /identity-and-access-management-fundamentals + - /enterprise-managed-users +contentType: concepts +--- diff --git a/content/admin/concepts/index.md b/content/admin/concepts/index.md new file mode 100644 index 000000000000..6f0b486ca6ec --- /dev/null +++ b/content/admin/concepts/index.md @@ -0,0 +1,16 @@ +--- +title: Concepts for enterprises +shortTitle: Concepts +intro: 'Learn the core concepts that you''ll need to understand {% data variables.location.product_location %}.' +versions: + ghes: '*' + ghec: '*' +topics: + - Enterprise +children: + - /enterprise-fundamentals + - /identity-and-access-management + - /security-and-compliance + - /best-practices-for-enterprises +contentType: concepts +--- diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md b/content/admin/concepts/security-and-compliance/audit-log-for-an-enterprise.md similarity index 95% rename from content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md rename to content/admin/concepts/security-and-compliance/audit-log-for-an-enterprise.md index 30547cf7e7d0..0f656cde5a98 100644 --- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md +++ b/content/admin/concepts/security-and-compliance/audit-log-for-an-enterprise.md @@ -1,7 +1,7 @@ --- -title: About the audit log for your enterprise +title: Audit log for an enterprise intro: 'To support debugging and internal and external compliance, {% data variables.product.github %} provides logs of audited{% ifversion ghes %} system,{% endif %} user, organization, and repository events.' -shortTitle: About audit logs +shortTitle: Audit logs redirect_from: - /enterprise/admin/articles/audit-logging - /enterprise/admin/installation/audit-logging @@ -11,10 +11,11 @@ redirect_from: - /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/auditing-activity-in-your-enterprise - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/auditing-activity-in-your-enterprise - /admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/auditing-activity-in-your-enterprise + - /admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise versions: ghes: '*' ghec: '*' -type: overview +contentType: concepts topics: - Auditing - Enterprise @@ -22,7 +23,7 @@ topics: - Security --- -## About audit logs +## What are audit logs? > [!NOTE] > {% data reusables.webhooks.webhooks-as-audit-log-alternative %} @@ -38,7 +39,7 @@ topics: In addition to viewing your audit log, you can monitor activity in your enterprise in other ways, such as {% ifversion ghes %}viewing push logs and {% endif %}managing global webhooks. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity). You can also use the audit log, and other tools, to monitor the actions taken in response to security alerts. For more information, see [AUTOTITLE](/code-security/getting-started/auditing-security-alerts). -## Using your audit logs +## How to use audit logs As an enterprise owner{% ifversion ghes %} or site administrator{% endif %}, you can interact with the audit log data for your enterprise in several ways: * You can view the audit log for your enterprise. For more information, see [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise). diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies.md b/content/admin/concepts/security-and-compliance/enterprise-policies.md similarity index 87% rename from content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies.md rename to content/admin/concepts/security-and-compliance/enterprise-policies.md index 326cfe20fee5..cd5b0b47fcad 100644 --- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies.md +++ b/content/admin/concepts/security-and-compliance/enterprise-policies.md @@ -1,24 +1,28 @@ --- -title: About enterprise policies +title: Enterprise policies intro: 'With enterprise policies, you can manage the policies for all the organizations owned by your enterprise.' versions: ghec: '*' ghes: '*' -type: overview +shortTitle: Policies +contentType: concepts topics: - Enterprise - Policies redirect_from: - /admin/policies/enforcing-policies-for-your-enterprise/about-enterprise-policies + - /admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies --- +## What are enterprise policies and why are they important? + To help you enforce business rules and regulatory compliance, policies provide a single point of management for all the organizations owned by an enterprise account. {% data reusables.enterprise.about-policies %} For example, with the "Base permissions" policy, you can allow organization owners to configure the "Base permissions" policy for their organization, or you can enforce a specific base permissions level, such as "Read", for all organizations within the enterprise. -## Enforcing policies +## What are the steps to enforce enterprise policies? By default, no enterprise policies are enforced. To identify policies that should be enforced to meet the unique requirements of your business, we recommend reviewing all the available policies in your enterprise account, starting with repository management policies. diff --git a/content/admin/concepts/security-and-compliance/index.md b/content/admin/concepts/security-and-compliance/index.md new file mode 100644 index 000000000000..466fff1c76ab --- /dev/null +++ b/content/admin/concepts/security-and-compliance/index.md @@ -0,0 +1,14 @@ +--- +title: Security and compliance +shortTitle: Security and compliance +intro: 'Learn the key concepts around enterprise governance and compliance, including policy enforcement and audit logging.' +versions: + ghes: '*' + ghec: '*' +topics: + - Enterprise +children: + - /enterprise-policies + - /audit-log-for-an-enterprise +contentType: concepts +--- diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/index.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/index.md index 28d101c03c88..b838fd07e390 100644 --- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/index.md +++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/index.md @@ -14,7 +14,6 @@ topics: - Enterprise - Policies children: - - /about-enterprise-policies - /enforcing-repository-management-policies-in-your-enterprise - /enforcing-policies-for-projects-in-your-enterprise - /restricting-email-notifications-for-your-enterprise @@ -29,3 +28,4 @@ children: - /managing-policies-for-code-governance shortTitle: Enforce policies --- + diff --git a/content/admin/guides.md b/content/admin/guides.md index bca7cb304e38..35ef18eae152 100644 --- a/content/admin/guides.md +++ b/content/admin/guides.md @@ -27,7 +27,7 @@ includeGuides: - /admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise-using-okta - /admin/managing-iam/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise - /admin/managing-iam/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account - - /admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users + - /admin/concepts/identity-and-access-management/enterprise-managed-users - /admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users - /admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users - /admin/identity-and-access-management/provisioning-user-accounts-with-scim/configuring-scim-provisioning-using-okta @@ -85,7 +85,7 @@ includeGuides: - /admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/high-availability-for-github-actions - /admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment - /admin/overview/about-data-residency - - /admin/managing-your-enterprise-account/about-enterprise-accounts + - /admin/concepts/enterprise-fundamentals/enterprise-accounts - /admin/getting-started-with-enterprise/about-upgrades-to-new-releases - /admin/configuring-packages/configuring-package-ecosystem-support-for-your-enterprise - /admin/enforcing-policies/enforcing-policy-with-pre-receive-hooks/about-pre-receive-hooks @@ -103,7 +103,7 @@ includeGuides: - /admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/configuring-visibility-for-organization-membership - /admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/disabling-git-ssh-access-on-your-enterprise - /admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-dormant-users - - /admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise + - /admin/concepts/security-and-compliance/audit-log-for-an-enterprise - /admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise - /admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise - /admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise diff --git a/content/admin/index.md b/content/admin/index.md index bf1beff208a8..25b73e750296 100644 --- a/content/admin/index.md +++ b/content/admin/index.md @@ -72,7 +72,7 @@ changelog: featuredLinks: startHere: - '{% ifversion ghec %}/admin/managing-iam/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud{% endif %}' - - /admin/managing-iam/understanding-iam-for-enterprises/about-identity-and-access-management + - '/admin/concepts/identity-and-access-management\identity-and-access-management-fundamentals' - '{% ifversion ghec %}/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/abilities-of-roles{% endif %}' - /admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/best-practices-for-structuring-organizations-in-your-enterprise - '{% ifversion ghes %}/admin/getting-started-with-enterprise/about-upgrades-to-new-releases{% endif %}' @@ -89,7 +89,7 @@ featuredLinks: - '{% ifversion ghes %}/admin/getting-started-with-enterprise/setting-up-a-trial-of-github-enterprise-server{% endif %}' - '{% ifversion ghes %}/admin/installing-your-enterprise-server{% endif %}' - '{% ifversion ghec %}/admin/configuring-settings/configuring-user-applications-for-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise{% endif %}' - - /admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise + - '/admin/concepts/security-and-compliance/audit-log-for-an-enterprise' - '{% ifversion ghec %}/admin/monitoring-activity-in-your-enterprise/exploring-user-activity-in-your-enterprise/managing-global-webhooks{% endif %}' - '{% ifversion ghec %}/billing/how-tos/set-up-payment/set-up-vs-subscription{% endif %}' - /support/learning-about-github-support/about-github-support @@ -100,6 +100,7 @@ versions: ghes: '*' children: - /overview + - concepts - /data-residency - /managing-your-enterprise-account - /installing-your-enterprise-server @@ -121,4 +122,3 @@ children: - /release-notes - /all-releases --- - diff --git a/content/admin/managing-iam/understanding-iam-for-enterprises/index.md b/content/admin/managing-iam/understanding-iam-for-enterprises/index.md index 54f8fb446d79..4545b22bec6b 100644 --- a/content/admin/managing-iam/understanding-iam-for-enterprises/index.md +++ b/content/admin/managing-iam/understanding-iam-for-enterprises/index.md @@ -25,9 +25,7 @@ topics: - Enterprise - Identity children: - - /about-identity-and-access-management - /about-saml-for-enterprise-iam - - /about-enterprise-managed-users - /abilities-and-restrictions-of-managed-user-accounts - /choosing-an-enterprise-type-for-github-enterprise-cloud - /getting-started-with-enterprise-managed-users diff --git a/content/admin/managing-your-enterprise-account/index.md b/content/admin/managing-your-enterprise-account/index.md index c06013f9236b..51cb1178acad 100644 --- a/content/admin/managing-your-enterprise-account/index.md +++ b/content/admin/managing-your-enterprise-account/index.md @@ -5,7 +5,6 @@ versions: ghec: '*' ghes: '*' children: - - /about-enterprise-accounts - /creating-an-enterprise-account - /creating-a-readme-for-an-enterprise - /deleting-an-enterprise-account diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/index.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/index.md index 04025994cd5f..aed0d3258dd6 100644 --- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/index.md +++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/index.md @@ -8,7 +8,6 @@ versions: topics: - Enterprise children: - - /about-the-audit-log-for-your-enterprise - /accessing-the-audit-log-for-your-enterprise - /configuring-the-audit-log-for-your-enterprise - /displaying-ip-addresses-in-the-audit-log-for-your-enterprise @@ -19,3 +18,4 @@ children: - /using-the-audit-log-api-for-your-enterprise - /audit-log-events-for-your-enterprise --- + diff --git a/content/admin/overview/index.md b/content/admin/overview/index.md index 5816b87387e4..2a8904d7e957 100644 --- a/content/admin/overview/index.md +++ b/content/admin/overview/index.md @@ -1,6 +1,6 @@ --- title: Overview -intro: 'Learn about {% data variables.product.prodname_enterprise %} products and manage{% ifversion ghes %} accounts and access, licenses, and{% endif %} billing.' +intro: Learn about {% data variables.product.prodname_enterprise %} products and manage{% ifversion ghes %} accounts and access, licenses, and{% endif %} billing. redirect_from: - /enterprise/admin/overview versions: @@ -16,11 +16,8 @@ children: - /about-upgrades-to-new-releases - /system-overview - /about-the-github-enterprise-api - - /best-practices-for-enterprises - /establishing-a-governance-framework-for-your-enterprise - /accessing-compliance-reports-for-your-enterprise - - /about-teams - - /about-roles --- For more information, or to purchase {% data variables.product.prodname_enterprise %}, see [{% data variables.product.prodname_enterprise %}](https://github.com/enterprise). diff --git a/content/get-started/onboarding/getting-started-with-github-enterprise-cloud.md b/content/get-started/onboarding/getting-started-with-github-enterprise-cloud.md index 9bf74b15b280..02c339f4dac7 100644 --- a/content/get-started/onboarding/getting-started-with-github-enterprise-cloud.md +++ b/content/get-started/onboarding/getting-started-with-github-enterprise-cloud.md @@ -27,7 +27,7 @@ To get started with {% data variables.product.prodname_ghe_cloud %}, decide whic ### 2. About enterprise accounts -An enterprise account allows you to centrally manage policy and settings for multiple {% data variables.product.github %} organizations, including member access, billing and usage and security. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/managing-your-enterprise-account/about-enterprise-accounts). +An enterprise account allows you to centrally manage policy and settings for multiple {% data variables.product.github %} organizations, including member access, billing and usage and security. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/concepts/enterprise-fundamentals/enterprise-accounts). ### 3. Creating an enterprise account diff --git a/data/learning-tracks/admin.yml b/data/learning-tracks/admin.yml index d976578dc555..f774338aa215 100644 --- a/data/learning-tracks/admin.yml +++ b/data/learning-tracks/admin.yml @@ -176,7 +176,7 @@ get_started_with_your_enterprise_account: ghes: '*' ghec: '*' guides: - - /admin/managing-your-enterprise-account/about-enterprise-accounts + - /admin/concepts/enterprise-fundamentals/enterprise-accounts - /billing/concepts/enterprise-billing/billing-for-enterprises - >- /admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise @@ -185,4 +185,4 @@ get_started_with_your_enterprise_account: - >- /admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise - >- - /admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies + /admin/concepts/security-and-compliance/enterprise-policies From 9101e42aced4a5f3ed397e8e3871c315fb30efbb Mon Sep 17 00:00:00 2001 From: Tingluo Huang Date: Mon, 13 Oct 2025 10:25:59 -0400 Subject: [PATCH 3/3] Doc new escaping rule for OIDC sub claim. (#57290) --- content/actions/reference/security/oidc.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/content/actions/reference/security/oidc.md b/content/actions/reference/security/oidc.md index bb50714991fa..115bf8d33760 100644 --- a/content/actions/reference/security/oidc.md +++ b/content/actions/reference/security/oidc.md @@ -143,6 +143,19 @@ You can create a subject that filters for specific tag. In this example, the wor * Syntax: `repo:ORG-NAME/REPO-NAME:ref:refs/tags/TAG-NAME` * Example: `repo:octo-org/octo-repo:ref:refs/tags/demo-tag` +{% ifversion fpt or ghec or ghes > 3.18 %} + +### Filtering for metadata containing `:` + +Any `:` within the metadata values will be replaced with `%3A` in the subject claim. + +You can configure a subject that includes metadata containing colons. In this example, the workflow run must have originated from a job that has an environment named `Production:V1`, in a repository named `octo-repo` that is owned by the `octo-org` organization: + +* Syntax: `repo:ORG-NAME/REPO-NAME:environment:ENVIRONMENT-NAME` +* Example: `repo:octo-org/octo-repo:environment:Production%3AV1` + +{% endif %} + ## Configuring the subject in your cloud provider To configure the subject in your cloud provider's trust relationship, you must add the subject string to its trust configuration. The following examples demonstrate how various cloud providers can accept the same `repo:octo-org/octo-repo:ref:refs/heads/demo-branch` subject in different ways: