Document how to filter EMUs org membership types (#30628)

Co-authored-by: github-actions <github-actions@github.com> Co-authored-by: Jules Parker <19994093+jules-p@users.noreply.github.com> Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com> Co-authored-by: Stacy Carter <stacycarter@users.noreply.github.com>
2022-10-25 15:03:16 -06:00 · 2022-10-25 15:03:16 -06:00 · 5faea8de85
--- a/assets/images/help/enterprises/emu-organization-people-tab.png
+++ b/assets/images/help/enterprises/emu-organization-people-tab.png
--- a/assets/images/help/enterprises/filter-by-member-type.png
+++ b/assets/images/help/enterprises/filter-by-member-type.png
--- a/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users.md
+++ b/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users.md
@ -1,5 +1,5 @@
 ---
-title: About Enterprise Managed Users
+title: About {% data variables.product.prodname_emus %}
 shortTitle: About managed users
 intro: 'You can centrally manage identity and access for your enterprise members on {% data variables.product.prodname_dotcom %} from your identity provider.'
 redirect_from:
@ -16,6 +16,7 @@ topics:
  - Authentication
  - Enterprise
  - SSO
+allowTitleToDifferFromFilename: true
 ---

 ## About {% data variables.product.prodname_emus %}
@ -24,8 +25,6 @@ With {% data variables.product.prodname_emus %}, you can control the user accoun

 In your IdP, you can give each {% data variables.enterprise.prodname_managed_user %} the role of user, enterprise owner, or billing manager. {% data variables.enterprise.prodname_managed_users_caps %} can own organizations within your enterprise and can add other {% data variables.enterprise.prodname_managed_users %} to the organizations and teams within. For more information, see "[Roles in an enterprise](/github/setting-up-and-managing-your-enterprise/managing-users-in-your-enterprise/roles-in-an-enterprise)" and "[About organizations](/organizations/collaborating-with-groups-in-organizations/about-organizations)."

-Organization membership can be managed manually, or you can update membership automatically as {% data variables.enterprise.prodname_managed_users %} are added to IdP groups that are connected to teams within the organization. When a {% data variables.enterprise.prodname_managed_user %} is manually added to an organization, unassigning them from the {% data variables.product.prodname_emu_idp_application %} application on your IdP will suspend the user but not remove them from the organization. For more information about managing organization and team membership automatically, see "[Managing team memberships with identity provider groups](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups)."
-
 {% ifversion oidc-for-emu %}

 {% data reusables.enterprise-accounts.emu-cap-validates %} For more information, see "[About support for your IdP's Conditional Access Policy](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy)."
@ -46,6 +45,17 @@ To use {% data variables.product.prodname_emus %}, you need a separate type of e

 {% endnote %}

+## About organization membership management
+
+Organization memberships can be managed manually, or you can update memberships automatically using IdP groups. To manage organization memberships through your IdP, the members must be added to an IdP group, and the IdP group must be connected to a team within the organization. For more information about managing organization and team memberships automatically, see "[Managing team memberships with identity provider groups](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups)."
+
+The way a member is added to an organization owned by your enterprise (through IdP groups or manually) determines how they must be removed from an organization. 
+
+- If a member was added to an organization manually, you must remove them manually. Unassigning them from the {% data variables.product.prodname_emu_idp_application %} application on your IdP will suspend the user but not remove them from the organization.
+- If a user became a member of an organization because they were added to IdP groups mapped to one or more teams in the organization, removing them from _all_ of the mapped IdP groups associated with the organization will remove them from the organization.
+
+To discover how a member was added to an organization, you can filter the member list by type. For more information, see "[Viewing people in your enterprise](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#filtering-by-member-type-in-an-enterprise-with-managed-users)."
+
 ## Identity provider support

 {% data variables.product.prodname_emus %} supports the following IdPs{% ifversion oidc-for-emu %} and authentication methods:
--- a/content/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md
+++ b/content/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md
@ -116,7 +116,7 @@ If you use {% data variables.product.prodname_vss_ghe %}, the list of pending in

 ## Viewing suspended members in an {% data variables.enterprise.prodname_emu_enterprise %}

-If your enterprise uses {% data variables.product.prodname_emus %}, you can also view suspended users. Suspended users are members who have been deprovisioned after being unassigned from the {% data variables.product.prodname_emu_idp_application %} application or deleted from the identity provider. For more information, see "[About Enterprise Managed Users](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/about-enterprise-managed-users)."
+If your enterprise uses {% data variables.product.prodname_emus %}, you can view suspended users. Suspended users are members who have been deprovisioned after being unassigned from the {% data variables.product.prodname_emu_idp_application %} application or deleted from the identity provider. For more information, see "[About {% data variables.product.prodname_emus %}](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/about-enterprise-managed-users)."

 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.people-tab %}
@ -129,6 +129,21 @@ If your enterprise uses {% data variables.product.prodname_emus %}, you can also

 You can view a list of all dormant users {% ifversion ghes or ghae %} who have not been suspended and {% endif %}who are not site administrators. {% data reusables.enterprise-accounts.dormant-user-activity-threshold %} For more information, see "[Managing dormant users](/admin/user-management/managing-users-in-your-enterprise/managing-dormant-users)."

+{% ifversion filter-by-enterprise-member-type %}
+## Filtering by member type{% ifversion ghec %} in an {% data variables.enterprise.prodname_emu_enterprise %}{% endif %}
+
+{% ifversion ghec %}If your enterprise uses {% data variables.product.prodname_emus %}, you{% elsif ghes or ghae %}You{% endif %} can filter the member list of an organization by type to determine if memberships are managed through an IdP or managed directly. Memberships managed through an IdP were added through an IdP group, and the IdP group was connected to a team within the organization. Memberships managed directly were added to the organization manually. The way a membership is mananaged in an organization determines how it must be removed. You can use this filter to determine how members were added to an organization, so you know how to remove them.{% ifversion ghec %} For more information, see "[About {% data variables.product.prodname_emus %}](/enterprise-cloud@latest/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/about-enterprise-managed-users#about-organization-membership-management)."{% endif %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+1. Under "Organizations," in the search bar, begin typing the organization's name until the organization appears in the search results, then click the name of the organization.
+   ![Screenshot of the search field for organizations](/assets/images/help/enterprises/organization-search.png)
+1. Under the organization name, click {% octicon "person" aria-label="The Person icon" %} **People**.
+   ![Screenshot of the People tab](/assets/images/help/enterprises/emu-organization-people-tab.png)
+1. Above the list of members, click **Type**, then select the type of members you want to view.
+   ![Screenshot of the "Type" button](/assets/images/help/enterprises/filter-by-member-type.png)
+
+{% endif %}
+
 {% ifversion ghec or ghes %}
 ## Viewing members without an email address from a verified domain

--- a/data/features/filter-by-enterprise-member-type.yml
+++ b/data/features/filter-by-enterprise-member-type.yml
@ -0,0 +1,6 @@
+# Reference: Issue #6151 in docs-content
+# Documentation about the "Type" dropdown filter for EMU organization membership lists
+versions:
+  ghes: '>3.7'
+  ghae: '>3.7'
+  ghec: '*'