From 3c73ae273442eec7345e31cfabd46f7586cd8f0f Mon Sep 17 00:00:00 2001 From: Vanessa Date: Thu, 7 Nov 2024 09:38:36 +1000 Subject: [PATCH] Revert "Docs update for retaining membership to orgs without 2FA" (#53005) --- ...our-email-address-from-a-locked-account.md | 4 ++++ ...ctor-authentication-for-an-organization.md | 13 ++++++------ ...g-your-two-factor-authentication-method.md | 4 +--- ...-factor-authentication-recovery-methods.md | 2 +- .../configuring-two-factor-authentication.md | 8 +++---- ...uthentication-for-your-personal-account.md | 5 ++++- ...tor-authentication-in-your-organization.md | 6 ++---- ...tor-authentication-in-your-organization.md | 21 ++++++++++--------- data/reusables/two_fa/show-recovery-codes.md | 4 ++++ 9 files changed, 37 insertions(+), 30 deletions(-) diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/unlinking-your-email-address-from-a-locked-account.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/unlinking-your-email-address-from-a-locked-account.md index bba2d6d5a5..e1ecad1ed3 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/unlinking-your-email-address-from-a-locked-account.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/unlinking-your-email-address-from-a-locked-account.md @@ -37,7 +37,11 @@ Since an email address can only be associated with a single {% data variables.pr 1. Navigate to [https://github.com/login](https://github.com/login). 1. To prompt two-factor authentication, type your username and password, then click **Sign in**. 1. Under "Unable to verify with your security key?", click **Use a recovery code or request a reset**. +{% ifversion 2fa-reconfiguration-inline-update %} 1. Under "Locked out?", click **Recover your account or unlink an email address**. +{% else %} +1. On the "Two-factor recovery" screen, click **Try recovering your account**. +{% endif %} 1. In the modal that appears, click **I understand, get started**. 1. To send an email containing a one-time password to each email address associated with your account, click **Send one-time password**. 1. To verify your identity, type the one-time password from your email in the "One-time password" text field, then click **Verify email address**. diff --git a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization.md b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization.md index 98a4d7cb1f..c2731968b2 100644 --- a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization.md +++ b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization.md @@ -34,10 +34,9 @@ Before you require use of two-factor authentication, we recommend notifying orga **Warnings:** -* When you require two-factor authentication, members who do not use 2FA will not be able to access your enterprise resources until they enable 2FA on their account. They will retain membership even without 2FA, including occupying seats in your enterprise and organizations. -* When your require two-factor authentication, outside collaborators (including bot accounts) who do not use 2FA will be removed from the enterprise and its organization and lose access to repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can [reinstate their access privileges and settings](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization). -* When two-factor authentication is required, outside collaborators who disable 2FA will automatically be removed from the enterprise and its organizations. {% ifversion fpt or ghec %}Members and billing managers{% else %}Members{% endif %} who disable 2FA will not be able to access your enterprise and organization resources until they re-enable it. -* If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required 2FA for the organization. +* When your require two-factor authentication, members and outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can [reinstate their access privileges and settings](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization). +* When 2FA is required, organization members or outside collaborators who disable 2FA will automatically be removed from the organization. +* If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization. {% endwarning %} @@ -56,17 +55,17 @@ To view people who were automatically removed from your organization for non-com {% data reusables.audit_log.octicon_icon %} {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.audit_log.audit_log_sidebar_for_site_admins %} - 1. Enter your search query using `reason:two_factor_requirement_non_compliance`. To narrow your search for: + * Organizations members removed, enter `action:org.remove_member AND reason:two_factor_requirement_non_compliance` * Outside collaborators removed, enter `action:org.remove_outside_collaborator AND reason:two_factor_requirement_non_compliance` You can also view people removed from a particular organization by using the organization name in your search: * `org:octo-org AND reason:two_factor_requirement_non_compliance` 1. Click **Search**. -## Helping removed outside collaborators rejoin your organization +## Helping removed members and outside collaborators rejoin your organization -If any outside collaborators are removed from the organization when you enable required use of two-factor authentication, they'll receive an email notifying them that they've been removed. They should then enable 2FA for their personal account, and contact an organization owner to request access to your organization. +If any members or outside collaborators are removed from the organization when you enable required use of two-factor authentication, they'll receive an email notifying them that they've been removed. They should then enable 2FA for their personal account, and contact an organization owner to request access to your organization. ## Further reading diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-two-factor-authentication-method.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-two-factor-authentication-method.md index e8920b09a7..722044e9fe 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-two-factor-authentication-method.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-two-factor-authentication-method.md @@ -9,9 +9,7 @@ redirect_from: - /authentication/securing-your-account-with-two-factor-authentication-2fa/changing-two-factor-authentication-delivery-methods-for-your-mobile-device - /authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-preferred-two-factor-authentication-method versions: - fpt: '*' - ghes: '*' - ghec: '*' + feature: 2fa-reconfiguration-inline-update topics: - 2FA shortTitle: Change 2FA method diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods.md index 09434e3b8b..fb686152c9 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods.md @@ -26,7 +26,7 @@ In addition to securely storing your two-factor authentication (2FA) recovery co To keep your account secure, don't share or distribute your recovery codes. We recommend saving them with a secure password manager. -If you generate new recovery codes or disable and re-enable 2FA, the recovery codes in your security settings automatically update. Reconfiguring your 2FA settings without disabling 2FA will not change your recovery codes. +If you generate new recovery codes or disable and re-enable 2FA, the recovery codes in your security settings automatically update.{% ifversion 2fa-reconfiguration-inline-update %} Reconfiguring your 2FA settings without disabling 2FA will not change your recovery codes.{% endif %} {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security %} diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md index 1a75722bb9..9331c16cf5 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md @@ -39,18 +39,18 @@ If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %} {% warning %} **Warning:** - -* If you're an outside collaborator to a private repository of an organization that requires 2FA, you must leave the organization before you can disable 2FA. -* If you're a member{% ifversion fpt or ghec %} or billing manager{% endif %} of an organization that requires 2FA, you will be unable to access that organization's resources while you have 2FA disabled. -* If you disable 2FA, you will automatically lose access to the organization. To regain access to the organization, if you're a member{% ifversion fpt or ghec %} or billing manager{% endif %}, you must re-enable 2FA. If you're an outside collaborator, you will also lose access to any private forks you have of the organization's private repositories after disabling 2FA, and must re-enable 2FA and contact an organization owner to have access restored. +* If you're a member{% ifversion fpt or ghec %}, billing manager,{% endif %} or outside collaborator to a private repository of an organization that requires two-factor authentication, you must leave the organization before you can disable 2FA. +* If you disable 2FA, you will automatically lose access to the organization and any private forks you have of the organization's private repositories. To regain access to the organization and your forks, re-enable two-factor authentication and contact an organization owner. {% endwarning %} +{% ifversion 2fa-reconfiguration-inline-update %} {% note %} **Note:** You can reconfigure your 2FA settings without disabling 2FA entirely, allowing you to keep both your recovery codes and your membership in organizations that require 2FA. {% endnote %} +{% endif %} ## Configuring two-factor authentication using a TOTP app diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account.md index 9e87a0d2a2..00bf0a6e41 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account.md @@ -40,12 +40,15 @@ To remove yourself from your organization: {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security %} - +{% ifversion 2fa-reconfiguration-inline-update %} 1. Hover over **Enabled**, then click **Disable**. ![Screenshot of an account's 2FA settings. A green button labeled "Enabled" is outlined in orange.](/assets/images/help/2fa/disable-two-factor-authentication.png) 1. If necessary, enter your password or perform 2FA once more to disable 2FA for your {% data variables.product.prodname_dotcom %} account. +{% else %} +1. Click **Disable**. +{% endif %} ## Further reading diff --git a/content/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/preparing-to-require-two-factor-authentication-in-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/preparing-to-require-two-factor-authentication-in-your-organization.md index aaa891f027..f34e994f0f 100644 --- a/content/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/preparing-to-require-two-factor-authentication-in-your-organization.md +++ b/content/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/preparing-to-require-two-factor-authentication-in-your-organization.md @@ -16,13 +16,11 @@ shortTitle: Prepare to require 2FA --- We recommend that you notify {% ifversion fpt or ghec %}organization members, outside collaborators, and billing managers{% else %}organization members and outside collaborators{% endif %} at least one week before you require 2FA in your organization. -When you require use of two-factor authentication for your organization, outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. -Members and billing managers will retain membership but not be able to access your organization resources until they enable 2FA. +When you require use of two-factor authentication for your organization, members, outside collaborators, and billing managers (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. Before requiring 2FA in your organization, we recommend that you: - * Enable 2FA on your personal account. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa)." * Ask the people in your organization to set up 2FA for their accounts * See whether users in your organization have 2FA enabled. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/viewing-whether-users-in-your-organization-have-2fa-enabled)." * Enable 2FA for unattended or shared access accounts, such as bots and service accounts. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/managing-bots-and-service-accounts-with-two-factor-authentication)." -* Warn users that once 2FA is enabled, outside collaborators without 2FA are automatically removed from the organization, and members and billing managers will not be able to access your organization resources until they enable 2FA. +* Warn users that once 2FA is enabled, those without 2FA are automatically removed from the organization. diff --git a/content/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization.md index 22aacd0a7c..d84d26eb08 100644 --- a/content/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization.md +++ b/content/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization.md @@ -40,11 +40,10 @@ You can also require two-factor authentication for organizations in an enterpris **Warnings:** -* When you require use of two-factor authentication for your organization, {% ifversion fpt or ghec %}members and billing managers{% else %}members{% endif %} who do not use 2FA will not be able to access your organization's resources until they enable 2FA on their account. They will retain membership even without 2FA, including occupying seats in your organization. -* When you require use of two-factor authentication for your organization, outside collaborators who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable 2FA for their personal account within three months of their removal from your organization. For more information, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization)." -* You will also need to enable two-factor authentication for unattended or shared access accounts that are outside collaborators, such as bots and service accounts. If you do not configure 2FA for these unattended outside collaborator accounts after you've enabled required 2FA, the accounts will be removed from the organization and lose access to their repositories. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/managing-bots-and-service-accounts-with-two-factor-authentication)." -* If an outside collaborator disables two-factor authentication for their personal account after you've enabled required 2FA, they will automatically be removed from the organization. -* If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required 2FA for the organization. +* When you require use of two-factor authentication for your organization, {% ifversion fpt or ghec %}members, outside collaborators, and billing managers{% else %}members and outside collaborators{% endif %} who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable two-factor authentication for their personal account within three months of their removal from your organization. For more information, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization)." +* You will also need to enable 2FA for unattended or shared access accounts, such as bots and service accounts. If you do not configure 2FA for these unattended accounts after you've enabled required two-factor authentication, the accounts will be removed from the organization and lose access to their repositories. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/managing-bots-and-service-accounts-with-two-factor-authentication)." +* If an organization owner, member,{% ifversion fpt or ghec %} billing manager,{% endif %} or outside collaborator disables 2FA for their personal account after you've enabled required two-factor authentication, they will automatically be removed from the organization. +* If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization. {% endwarning %} @@ -52,7 +51,7 @@ You can also require two-factor authentication for organizations in an enterpris ## Prerequisites -Before you can require {% ifversion fpt or ghec %}organization members, outside collaborators, and billing managers{% else %}organization members and outside collaborators{% endif %} to use two-factor authentication, you must enable 2FA for your account on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa)." +Before you can require {% ifversion fpt or ghec %}organization members, outside collaborators, and billing managers{% else %}organization members and outside collaborators{% endif %} to use two-factor authentication, you must enable two-factor authentication for your account on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa)." Before you require use of two-factor authentication, we recommend notifying {% ifversion fpt or ghec %}organization members, outside collaborators, and billing managers{% else %}organization members and outside collaborators{% endif %} and asking them to set up 2FA for their accounts. You can see if members and outside collaborators already use 2FA. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/viewing-whether-users-in-your-organization-have-2fa-enabled)." @@ -64,7 +63,7 @@ Before you require use of two-factor authentication, we recommend notifying {% i {% data reusables.organizations.require_two_factor_authentication %} {% data reusables.organizations.removed_outside_collaborators %} {% ifversion fpt or ghec %} -1. If any outside collaborators are removed from the organization, we recommend sending them an invitation that can reinstate their former privileges and access to your organization. They must enable two-factor authentication before they can accept your invitation. +1. If any members or outside collaborators are removed from the organization, we recommend sending them an invitation that can reinstate their former privileges and access to your organization. They must enable two-factor authentication before they can accept your invitation. {% endif %} ## Viewing people who were removed from your organization @@ -75,13 +74,15 @@ To view people who were automatically removed from your organization for non-com {% data reusables.profile.org_settings %} {% data reusables.audit_log.audit_log_sidebar_for_org_admins %} 1. Enter your search query. To search for: - * Outside collaborators removed, use `action:org.remove_outside_collaborator` in your search query + * Organization members removed, use `action:org.remove_member` in your search query + * Outside collaborators removed, use `action:org.remove_outside_collaborator` in your search query{% ifversion fpt or ghec %} + * Billing managers removed, use `action:org.remove_billing_manager`in your search query{% endif %} You can also view people who were removed from your organization by using a [time frame](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#search-based-on-time-of-action) in your search. -## Helping removed outside collaborators rejoin your organization +## Helping removed members and outside collaborators rejoin your organization -If any outside collaborators are removed from the organization when you enable required use of two-factor authentication, they'll receive an email notifying them that they've been removed. They should then enable 2FA for their personal account, and contact an organization owner to request access to your organization. +If any members or outside collaborators are removed from the organization when you enable required use of two-factor authentication, they'll receive an email notifying them that they've been removed. They should then enable 2FA for their personal account, and contact an organization owner to request access to your organization. ## Further reading diff --git a/data/reusables/two_fa/show-recovery-codes.md b/data/reusables/two_fa/show-recovery-codes.md index 93b0e0abae..90003c4d1e 100644 --- a/data/reusables/two_fa/show-recovery-codes.md +++ b/data/reusables/two_fa/show-recovery-codes.md @@ -1,3 +1,7 @@ +{% ifversion 2fa-reconfiguration-inline-update %} 1. Next to "Recovery codes," click **View**. ![Screenshot of the recovery options in the 2FA settings. A gray button, labeled "View", is outlined in orange.](/assets/images/help/2fa/view-recovery-codes-button.png) +{% else %} +1. Next to "Recovery codes," click **Show**. +{% endif %}