Encouraging secure collaboration, admins can leverage Enterprise Server’s built-in authentication for users outside your identity provider. These integrations allow GitHub Enterprise admins to fine-tune control of GitHub Enterprise, provision user accounts and access, and add another important layer of security to GitHub authentication.Īlong with securing your instance, these tools provide GitHub Enterprise admins the ability to manage the number of licensed seats in use at any given time. Our next best practice is becoming more and more common with GitHub Enterprise admins: integrating a GHE-S deployment with SAML, CAS, or LDAP.
Additional methods of authentication using SAML, CAS, or LDAP
Even though adding 2FA to the login process seems minor, it’s a very significant upgrade when it comes to securing accounts. We also highly recommend setting up recovery methods for 2FA, in the event that you lose access to your 2FA credentials. The initial setup for TOTP is straightforward, requiring a TOTP app like 1Password, Authy, or LassPass Authenticator.
While services can differ in their mechanism for “something you have”, many services, including GitHub, use a time-based one-time password (TOTP). It’s often referred to as using “something you know” and “something you have.” Initially, you begin by first entering your password-something you know-followed by an additional key or pin that’s generated by something that you have, which is most likely to be your phone. Two-factor authentication adds a second step to the standard sign-in process. This is why we highly recommend that admins require two-factor authentication (2FA) for your organizations. Ideally, everyone follows the same guidelines for password creation and storage, but unfortunately, outside of GitHub’s minimum password requirements, Enterprise admins may have little control over this.
It may not seem like it needs to be stated, but once you’ve created your password never share it with others, even if they’re potential collaborators. Both applications provide functionality to help with our second suggestion, which is generating a unique password with a combination of characters, numbers, and symbols. Our first recommendation is to use a password manager, like LastPass or 1Password, to generate and store your passwords. With GitHub, certain password conditions must be met, and we also put together a quick guide on password best practices. Enforcing password guidelines can be difficult for admins, but we can help. Weak passwords are the equivalent of cheap locks protecting your team’s most important assets. Like many things in technology, security begins at log in. And by working alongside our services team, your organization can make sure you are maximizing the security of your GitHub Enterprise Server instance. By following certain practices and using advanced features with limited setup, GitHub Enterprise admins can easily set up a secure development environment without inhibiting collaboration. With this in mind, we’re focused on expanding Enterprise Server security features to promote secure collaboration, while freeing up your admin’s time.Īs important as it is, security is rarely the primary focus of developers and other contributors. Whether it’s at the network, transport, application layer, or any of the other layers, security has become the top priority for many organizations.