diff --git a/assets/images/help/business-accounts/transfer-organization.png b/assets/images/help/business-accounts/transfer-organization.png new file mode 100644 index 0000000000..df377e27a6 Binary files /dev/null and b/assets/images/help/business-accounts/transfer-organization.png differ diff --git a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise.md index 22389616ac..fa35b9342e 100644 --- a/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise.md @@ -1,6 +1,6 @@ --- title: Adding organizations to your enterprise -intro: 'You can add organizations to manage within your enterprise by creating a new organization, inviting an existing organization, or transferring an organization from a different enterprise account.' +intro: 'Learn how to add organizations to your enterprise using three different methods.' redirect_from: - /github/setting-up-and-managing-your-enterprise/managing-organizations-in-your-enterprise-account/adding-organizations-to-your-enterprise-account - /articles/adding-organizations-to-your-enterprise-account @@ -15,43 +15,49 @@ topics: - Enterprise - Organizations shortTitle: Add organizations -permissions: Enterprise owners can add organizations to an enterprise. +permissions: Enterprise owners --- -## About addition of organizations to your enterprise account +There are three ways to add organizations to your enterprise. -Your enterprise account can own organizations. Members of your enterprise can collaborate across related projects within an organization. For more information, see "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/about-organizations)." +* **Create** a new organization in your enterprise. +* **Invite** an existing organization to join your enterprise. +* **Transfer** an existing organization between enterprise accounts. -You can add new organizations to your enterprise account. If you do not use {% data variables.product.prodname_emus %}, you can add existing organizations on {% data variables.location.product_location %} to your enterprise. You cannot add an existing organization from an {% data variables.enterprise.prodname_emu_enterprise %} to a different enterprise. +{% data reusables.enterprise.create-an-enterprise-account %} See "[AUTOTITLE](/admin/managing-your-enterprise-account/creating-an-enterprise-account)." -{% data reusables.enterprise.create-an-enterprise-account %} For more information, see "[AUTOTITLE](/admin/managing-your-enterprise-account/creating-an-enterprise-account)." +## Limitations if you use {% data variables.product.prodname_emus %} + +* Adding existing organizations to your enterprise is not possible if you use {% data variables.product.prodname_emus %}. +* Existing organizations from an enterprise with managed users cannot be added to a different enterprise. + +## Changes when adding an existing organization After you add an existing organization to your enterprise, the organization's resources remain accessible to members at the same URLs, and the following changes will apply. -* If two-factor authentication (2FA) is required by the enterprise, organization members who do not use 2FA will be removed from the organization. -* The organization's members will become members of the enterprise, and {% data variables.product.company_short %} will bill the enterprise account for the organization's usage. You must ensure that the enterprise account has enough licenses to accommodate any new members. For more information, see "[AUTOTITLE](/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise)." -* Enterprise owners can manage their role within the organization. For more information, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)." -* Any policies applied to the enterprise will apply to the organization. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/about-enterprise-policies)." - {% note %} +* **Two-factor authentication (2FA):** If required by the enterprise, members without 2FA will be removed. +* **Enterprise licenses:** Members become part of the enterprise, and usage is billed to the enterprise account. You must ensure that the enterprise account has enough licenses to accommodate any new members. See "[AUTOTITLE](/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise)." +* **Enterprise role management:** Enterprise owners can manage their roles within the organization. See "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)." +* **Enterprise policies:** Any policies applied to the enterprise will apply to the organization. {% data reusables.actions.org-to-enterprise-actions-permissions %} - **Note:** {% data reusables.actions.org-to-enterprise-actions-permissions %} +* **SAML SSO Configuration:** - {% endnote %} -* If SAML SSO is configured for the enterprise account, the enterprise's SAML configuration will apply to the organization. If the organization used SAML SSO, the enterprise account's configuration will replace the organization's configuration. SCIM is not available for enterprise accounts, so SCIM will be disabled for the organization. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)" and "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account)." -* If SAML SSO was configured for the organization, members' existing {% data variables.product.pat_generic %} or SSH keys that were authorized to access the organization's resources will be authorized to access the same resources. To access additional organizations owned by the enterprise, members must authorize the {% data variables.product.pat_generic %} or key. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)" and "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on)." -* If you add an organization to a trial enterprise, certain features in the organization may be disabled. For more information, see "[AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud#features-not-included-in-the-trial)." -* If the organization was connected to {% data variables.product.prodname_ghe_server %} using {% data variables.product.prodname_github_connect %}, adding the organization to an enterprise will not update the connection. {% data variables.product.prodname_github_connect %} features will no longer function for the organization. To continue using {% data variables.product.prodname_github_connect %}, you must disable and re-enable the feature. For more information, see "[AUTOTITLE](/enterprise-server@latest/admin/configuration/configuring-github-connect/managing-github-connect)" in the {% data variables.product.prodname_ghe_server %} documentation. -* If the organization uses billed {% data variables.product.prodname_marketplace %} apps, the organization can continue to use the apps, but usage will be billable to the enterprise. - * If your enterprise is billed via invoice, you must contact the vendor of the app and pay them directly. - * If your enterprise is billed via credit card or PayPal, billing for the app will continue automatically via your preferred payment method. -* If your organization was sponsoring any accounts, the sponsorships will be cancelled. -* Any coupons will be removed from the organization. To reapply the coupon, [contact our sales team](https://github.com/enterprise/contact). + * If SAML SSO is configured **for the enterprise**, the enterprise's SAML configuration will apply to the organization. If the organization used SAML SSO, the enterprise account's configuration will replace the organization's configuration. SCIM is not available for enterprise accounts, so SCIM will be disabled for the organization. See "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise)" and "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account)." + * If SAML SSO was configured **for the organization**, members' existing {% data variables.product.pat_generic %} or SSH keys that were authorized to access the organization's resources will be authorized to access the same resources. To access additional organizations owned by the enterprise, members must authorize the {% data variables.product.pat_generic %} or key. See "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)" and "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-an-ssh-key-for-use-with-saml-single-sign-on)." -## Creating an organization in your enterprise account +* **Trial enterprise:** Certain features may be disabled if added to a trial enterprise. See "[AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud#features-not-included-in-the-trial)." +* **{% data variables.product.prodname_github_connect %}:** If the organization was connected to {% data variables.product.prodname_ghe_server %} using {% data variables.product.prodname_github_connect %}, adding the organization to an enterprise will not update the connection. {% data variables.product.prodname_github_connect %} features will no longer function for the organization. To continue using {% data variables.product.prodname_github_connect %}, you must disable and re-enable the feature. See "[AUTOTITLE](/enterprise-server@latest/admin/configuration/configuring-github-connect/managing-github-connect)" in the {% data variables.product.prodname_ghe_server %} documentation. +* **{% data variables.product.prodname_marketplace %} apps:** If the organization uses billed {% data variables.product.prodname_marketplace %} apps, the organization can continue to use the apps, but usage will be billable to the enterprise. + * If your enterprise is billed via invoice, contact the app vendor and pay directly. + * If your enterprise is billed via credit card or PayPal, billing continues automatically. +* **Sponsorships:** Any sponsorships by the organization will be canceled. +* **Coupons:** Any coupons will be removed from the organization. To reapply the coupon, [contact our sales team](https://github.com/enterprise/contact). + +## Creating a new organization New organizations you create within your enterprise account settings are included in your enterprise account's {% data variables.product.prodname_ghe_cloud %} subscription. -Enterprise owners who create an organization owned by the enterprise account automatically become organization owners. For more information about organization owners, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization)." +Enterprise owners who create an organization owned by the enterprise account automatically become organization owners. See "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization)." During a trial of {% data variables.product.prodname_ghe_cloud %}, you can create up to three new organizations in your enterprise. @@ -59,48 +65,45 @@ During a trial of {% data variables.product.prodname_ghe_cloud %}, you can creat {%- ifversion enterprise-readme %} 1. In the left sidebar, click **Organizations**. {%- endif %} -1. On the "Organizations" tab, above the list of organizations, click **New organization**. +1. Above the list of organizations, click **New organization**. 1. Under "Organization name", type a name for your organization. 1. Click **Create organization**. 1. Optionally, under "Invite owners", type the username of a person you'd like to invite to become an organization owner, then click **Invite**. 1. Click **Finish**. -## Inviting an organization to join your enterprise account +## Inviting an existing organization Enterprise owners can invite existing organizations to join their enterprise account. -During a trial of {% data variables.product.prodname_ghe_cloud %}, you can invite organizations to join your trial enterprise. You can invite organizations that are not currently owned by another enterprise. If an organization you want to invite is already owned by another enterprise, you must be an owner of both enterprise accounts and initiate an organization transfer. For more information, see "[Transferring an organization between enterprise accounts](#transferring-an-organization-between-enterprise-accounts)." +During a trial of {% data variables.product.prodname_ghe_cloud %}, you can invite organizations to join your trial enterprise. You can invite organizations that are not currently owned by another enterprise. If an organization you want to invite is already owned by another enterprise, you must be an owner of both enterprise accounts and initiate an organization transfer. See "[Transferring an existing organization](#transferring-an-existing-organization)." -When you invite an organization to join your enterprise account, at least one owner needs to accept the invitation. Then, you must give a final approval for the transfer. After you invite the organization, and before an owner approves the invitation, you can cancel or resend the invitation at any time. +After you invite the organization, and before an owner approves the invitation, you can cancel or resend the invitation at any time. {% data reusables.enterprise-accounts.access-enterprise %} {%- ifversion enterprise-readme %} {% data reusables.enterprise-accounts.click-organizations-tab %} {%- endif %} -1. On the "Organizations" tab, above the list of organizations, click **Invite organization**. +1. Above the list of organizations, click **Invite organization**. 1. Under "Organization name", start typing the name of the organization you want to invite and select it when it appears in the dropdown list. 1. Click **Invite organization**. The organization owners will receive an email inviting them to join the enterprise. 1. After an organization owner has approved the invitation, navigate back to the **Organizations** tab of the enterprise settings. 1. Under "Organizations", click **X pending**. 1. To complete the transfer, next to the organization name, click **Approve**. -## Transferring an organization between enterprise accounts +## Transferring an existing organization Enterprise owners can transfer existing organizations between enterprise accounts. You must be an enterprise owner of both enterprise accounts. -{% note %} - -**Note:** You cannot transfer an existing organization to or from an {% data variables.enterprise.prodname_emu_enterprise %} or an enterprise account that is currently enrolled in a trial of {% data variables.product.prodname_ghe_cloud %}. - -{% endnote %} +You cannot transfer an existing organization to or from an {% data variables.enterprise.prodname_emu_enterprise %} or an enterprise account that is currently enrolled in a trial of {% data variables.product.prodname_ghe_cloud %}. {% data reusables.enterprise-accounts.access-enterprise %} {%- ifversion enterprise-readme %} {% data reusables.enterprise-accounts.click-organizations-tab %} {%- endif %} -1. Next to the organization you want to transfer, select the {% octicon "gear" width="16" aria-label="Organization settings" %} dropdown menu, then click **Transfer organization**. +1. Next to the organization you want to transfer, select the {% octicon "kebab-horizontal" width="16" aria-label="Organization settings" %} dropdown menu, then click **Transfer organization**. + + ![Screenshot of an organization in the organization list. A dropdown menu, labeled with the kebab icon, is expanded and the "Transfer organization" option is highlighted with an orange outline.](/assets/images/help/business-accounts/transfer-organization.png) - {% data reusables.enterprise-accounts.organization-settings-dropdown %} 1. Select the **Select enterprise** dropdown menu, start typing the name of the destination enterprise, and click the enterprise you want to transfer the organization to. 1. Click **Review transfer**. 1. To confirm the transfer, click **Transfer organization**. diff --git a/content/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey.md b/content/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey.md index b100153b5a..09606aab94 100644 --- a/content/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey.md +++ b/content/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey.md @@ -12,9 +12,9 @@ shortTitle: Sign in with a passkey You must first add a passkey to your account before you can use the passkey to sign in to {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/authentication/authenticating-with-a-passkey/managing-your-passkeys)." -Once you have added a passkey to your account, you can use the passkey to sign in safely and securely to {% data variables.product.prodname_dotcom_the_website %} without having to enter your password or perform two-factor authentication (2FA). Once you have added a synced passkey on one device, the passkey is available to use across multiple devices. These devices must use the same passkey provider (such as iCloud). +Once you have added a passkey to your account, you can use the passkey to sign in safely and securely to {% data variables.product.prodname_dotcom_the_website %} without having to enter your password, perform two-factor authentication (2FA), or verify a new device. Once you have added a synced passkey on one device, the passkey is available to use across multiple devices. These devices must use the same passkey provider (such as iCloud). -Some authenticators allow passkeys to be used with nearby devices. For example, perhaps you want to sign in to {% data variables.product.prodname_dotcom_the_website %} using a bluetooth-enabled laptop that's not set up with a passkey. If you have registered a passkey on your phone, you might opt to scan a QR code, or trigger a push notification to your phone, in order to complete the sign in securely. For more information, see "[Signing in with a passkey using a nearby device](#signing-in-with-a-passkey-using-a-nearby-device)." +Some authenticators allow passkeys to be used with nearby devices. For example, perhaps you want to sign in to {% data variables.product.prodname_dotcom_the_website %} using a Bluetooth-enabled laptop that's not set up with a passkey. If you have registered a passkey on your phone, you might opt to scan a QR code, or trigger a push notification to your phone, in order to complete the sign in securely. For more information, see "[Signing in with a passkey using a nearby device](#signing-in-with-a-passkey-using-a-nearby-device)." ## Signing in with a passkey linked to your primary device @@ -26,9 +26,9 @@ Some authenticators allow passkeys to be used with nearby devices. For example, 1. Navigate to the login page for {% data variables.product.prodname_dotcom_the_website %} at [https://github.com/login?passkey=true](https://github.com/login?passkey=true). 1. Click **{% octicon "passkey-fill" aria-hidden="true" %} Sign in with a passkey**. -1. Follow the prompts on your browser or platform to select a passkey that's accessible as a nearby device (such as a phone or a tablet). +1. Follow the prompts on your browser or platform to select a passkey that is accessible as a nearby device (such as a phone or a tablet). 1. Continue to follow the prompts to start the authentication process. For example, you might choose to scan a QR code, or trigger a push notification to the nearby device. -1. On your nearby device, follow the prompts to complete the authentication process. For example, if you are using an iPhone, you might perform FaceID or enter your passcode. +1. On your nearby device, follow the prompts to complete the authentication process. For example, if you are using an iPhone, you might perform Face ID or enter your passcode. ## Further reading diff --git a/content/authentication/keeping-your-account-and-data-secure/verifying-new-devices-when-signing-in.md b/content/authentication/keeping-your-account-and-data-secure/verifying-new-devices-when-signing-in.md index 681e0f24f6..5266f0c19a 100644 --- a/content/authentication/keeping-your-account-and-data-secure/verifying-new-devices-when-signing-in.md +++ b/content/authentication/keeping-your-account-and-data-secure/verifying-new-devices-when-signing-in.md @@ -16,7 +16,7 @@ To keep your account secure when two-factor authentication (2FA) is not enabled, You will only need to verify a new device once. If you clear your cookies, or use a different browser on the same device, {% data variables.product.prodname_dotcom %} may ask you to verify your device again. -{% data variables.product.prodname_dotcom %} will not ask you to perform device verification when you have 2FA enabled. +{% data variables.product.prodname_dotcom %} will not ask you to perform device verification when you have 2FA enabled, or when you sign in using a passkey. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey)." ## Verifying your sign-in attempt @@ -40,3 +40,5 @@ If you receive a verification code from {% data variables.product.prodname_dotco ## Disabling device verification You can disable the requirement to verify new devices via email by enabling 2FA. It is not possible to opt-out of device verification entirely without enabling 2FA. See "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)." + +You can sign in using a passkey to skip the device verification prompt. See "[AUTOTITLE](/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey)." diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md index 66b9a481c7..b7180be0f8 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md @@ -42,6 +42,10 @@ You can also configure additional recovery methods in case you lose access to yo We **strongly** urge you to enable 2FA for the safety of your account, not only on {% data variables.product.product_name %}, but on other websites and apps that support 2FA. You can enable 2FA to access {% data variables.product.product_name %} and {% data variables.product.prodname_desktop %}. +{% ifversion fpt or ghec %} +If you don't enable 2FA, {% data variables.product.product_name %} may ask for additional verification to confirm that it is you when you sign in for the first time from a new or unrecognized device. See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/verifying-new-devices-when-signing-in)." +{% endif %} + For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication)." ## Two-factor authentication recovery codes diff --git a/data/reusables/passkeys/about-passkeys.md b/data/reusables/passkeys/about-passkeys.md index b314834225..ed2a7fcf84 100644 --- a/data/reusables/passkeys/about-passkeys.md +++ b/data/reusables/passkeys/about-passkeys.md @@ -1 +1,3 @@ -Passkeys allow you to sign in securely to {% data variables.product.prodname_dotcom %}, without having to input your password. If you use two-factor authentication (2FA), passkeys satisfy both password and 2FA requirements, so you can complete your sign in with a single step. You can also use passkeys for sudo mode and resetting your password. +Passkeys allow you to sign in securely to {% data variables.product.prodname_dotcom %}, without having to input your password. + +If you use two-factor authentication (2FA), passkeys satisfy both password and 2FA requirements, so you can complete your sign in with a single step. If you don't use 2FA, using a passkey will skip the requirement to verify a new device via email. You can also use passkeys for sudo mode and resetting your password.