Merge branch 'main' into patch-2

content/actions/guides/about-continuous-integration.md

@@ -14,7 +14,7 @@ versions:
 
 {% data reusables.actions.enterprise-beta %}
 {% data reusables.actions.enterprise-github-hosted-runners %}
-
+ 
 ### About continuous integration
 
 Continuous integration (CI) is a software practice that requires frequently committing code to a shared repository. Committing code more often detects errors sooner and reduces the amount of code a developer needs to debug when finding the source of an error. Frequent code updates also make it easier to merge changes from different members of a software development team. This is great for developers, who can spend more time writing code and less time debugging errors or resolving merge conflicts.

content/actions/hosting-your-own-runners/about-self-hosted-runners.md

@@ -113,7 +113,7 @@ api.github.com
 *.actions.githubusercontent.com
 ```
 
-If you use an IP address allow list for your {% data variables.product.prodname_dotcom %} organization or enterprise account, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)" or "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise-account/enforcing-security-settings-in-your-enterprise-account#using-github-actions-with-an-ip-allow-list)".
+If you use an IP address allow list for your {% data variables.product.prodname_dotcom %} organization or enterprise account, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)" or "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account#using-github-actions-with-an-ip-allow-list)".
 
 {% else %}
 

content/actions/hosting-your-own-runners/adding-self-hosted-runners.md

@@ -50,16 +50,11 @@ You can add self-hosted runners to an enterprise, where they can be assigned to
 
 {% if currentVersion == "free-pro-team@latest" %}
 To add a self-hosted runner to an enterprise account, you must be an enterprise owner.
-{% else if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
+{% elsif enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
 To add a self-hosted runner at the enterprise level of {% data variables.product.product_location %}, you must be a site administrator.
 {% endif %}
 
-{% if currentVersion == "free-pro-team@latest" %}
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% else if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.business %}
-{% endif %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.actions-tab %}
 1. Click the **Self-hosted runners** tab.

content/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups.md

@@ -54,12 +54,7 @@ Self-hosted runners are automatically assigned to the default group when created
 
 When creating a group, you must choose a policy that grants access to all organizations in the enterprise or choose specific organizations.
 
-{% if currentVersion == "free-pro-team@latest" %}
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% else if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.business %}
-{% endif %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.actions-tab %}
 1. Click the **Self-hosted runners** tab.

content/actions/hosting-your-own-runners/removing-self-hosted-runners.md

@@ -62,18 +62,14 @@ To remove a self-hosted runner from an organization, you must be an organization
 
 {% if currentVersion == "free-pro-team@latest" %}
 To remove a self-hosted runner from an enterprise account, you must be an enterprise owner. We recommend that you also have access to the self-hosted runner machine.
-{% else if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
+{% elsif enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
 To remove a self-hosted runner at the enterprise level of {% data variables.product.product_location %}, you must be a site administrator. We recommend that you also have access to the self-hosted runner machine.
 {% endif %}
 
 {% data reusables.github-actions.self-hosted-runner-reusing %}
 
-{% if currentVersion == "free-pro-team@latest" %}
+
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% else if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.business %}
-{% endif %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.actions-tab %}
 {% data reusables.github-actions.self-hosted-runner-removing-a-runner %}

content/actions/reference/usage-limits-billing-and-administration.md

@@ -64,7 +64,7 @@ For more information, see:
 
 - [Configuring the retention period for {% data variables.product.prodname_actions %} for artifacts and logs in your repository](/github/administering-a-repository/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository)
 - [Configuring the retention period for {% data variables.product.prodname_actions %} for artifacts and logs in your organization](/github/setting-up-and-managing-organizations-and-teams/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization)
-- [Configuring the retention period for {% data variables.product.prodname_actions %} for artifacts and logs in your enterprise](/github/setting-up-and-managing-your-enterprise-account/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account)
+- [Configuring the retention period for {% data variables.product.prodname_actions %} for artifacts and logs in your enterprise](/github/setting-up-and-managing-your-enterprise/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account)
 {% endif %}
 
 ### Disabling or limiting {% data variables.product.prodname_actions %} for your repository or organization
@@ -74,7 +74,7 @@ For more information, see:
 For more information, see:
 - "[Disabling or limiting {% data variables.product.prodname_actions %} for a repository](/github/administering-a-repository/disabling-or-limiting-github-actions-for-a-repository)"
 - "[Disabling or limiting {% data variables.product.prodname_actions %} for your organization](/github/setting-up-and-managing-organizations-and-teams/disabling-or-limiting-github-actions-for-your-organization)"{% if currentVersion == "free-pro-team@latest" %}
-- "[Enforcing {% data variables.product.prodname_actions %} policies in your enterprise account](/github/setting-up-and-managing-your-enterprise-account/enforcing-github-actions-policies-in-your-enterprise-account)" for {% data variables.product.prodname_ghe_cloud %}{% endif %}
+- "[Enforcing {% data variables.product.prodname_actions %} policies in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-github-actions-policies-in-your-enterprise-account)" for {% data variables.product.prodname_ghe_cloud %}{% endif %}
 
 ### Disabling and enabling workflows
 

content/admin/authentication/about-identity-and-access-management-for-your-enterprise.md

@@ -0,0 +1,27 @@
+---
+title: About identity and access management for your enterprise
+shortTitle: About identity and access management
+intro: 'You can use {% if enterpriseServerVersions contains currentVersion %}{% data variables.product.prodname_ghe_server %}''s built-in authentication, or choose between CAS, LDAP, or SAML{% else %}SAML single sign-on (SSO) and System for Cross-domain Identity Management (SCIM){% endif %} to centrally manage access {% if currentVersion == "free-pro-team@latest" %}to organizations owned by your enterprise on {% data variables.product.prodname_dotcom_the_website %}{% endif %}{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}to {% data variables.product.product_location %}{% endif %}.'
+product: '{% data reusables.gated-features.saml-sso %}'
+versions:
+  github-ae: '*'
+---
+
+### About identity and access management for your enterprise
+
+{% if currentVersion == "github-ae@latest" %}
+
+{% data reusables.saml.ae-uses-saml-sso %} {% data reusables.saml.ae-enable-saml-sso-during-bootstrapping %}
+
+After you configure the application for {% data variables.product.product_name %} on your IdP, you can grant access to {% data variables.product.product_location %} by assigning the application to users on your IdP. For more information about SAML SSO for {% data variables.product.product_name %}, see "[Configuring SAML single sign-on for your enterprise](/admin/authentication/configuring-saml-single-sign-on-for-your-enterprise)."
+
+{% data reusables.scim.after-you-configure-saml %} For more information, see "[Configuring user provisioning for your enterprise](/admin/authentication/configuring-user-provisioning-for-your-enterprise)."
+
+To learn how to configure both authentication and user provisioning for {% data variables.product.product_location %} with your specific IdP, see "[Configuring authentication and provisioning with your identity provider](/admin/authentication/configuring-authentication-and-provisioning-with-your-identity-provider)."
+
+{% endif %}
+
+### Further reading
+
+- [SAML Wiki](https://wiki.oasis-open.org/security) on the OASIS website
+- [System for Cross-domain Identity Management: Protocol (RFC 7644)](https://tools.ietf.org/html/rfc7644) on the IETF website

content/admin/authentication/authenticating-users-for-your-github-enterprise-server-instance.md

@@ -1,6 +1,6 @@
 ---
 title: Authenticating users for your GitHub Enterprise Server instance
-intro: 'You can use {% data variables.product.prodname_ghe_server %}''s built-in authentication, or choose between CAS, LDAP, or SAML to integrate your existing accounts and centrally manage user access to {% data variables.product.product_location_enterprise %}.'
+intro: 'You can use {% data variables.product.prodname_ghe_server %}''s built-in authentication, or choose between CAS, LDAP, or SAML to integrate your existing accounts and centrally manage user access to {% data variables.product.product_location %}.'
 redirect_from:
   - /enterprise/admin/categories/authentication/
   - /enterprise/admin/guides/installation/user-authentication/

content/admin/authentication/changing-authentication-methods.md

@@ -7,7 +7,7 @@ redirect_from:
 versions:
   enterprise-server: '*'
 ---
-User accounts on {% data variables.product.product_location_enterprise %} are preserved when you change the authentication method and users will continue to log into the same account as long as their username doesn't change.
+User accounts on {% data variables.product.product_location %} are preserved when you change the authentication method and users will continue to log into the same account as long as their username doesn't change.
 
 If the new method of authentication changes usernames, new accounts will be created. As an administrator, you can rename users through the site admin settings or by using [the User Administration API](/enterprise/{{currentVersion}}/v3/enterprise-admin/users/#rename-an-existing-user).
 
@@ -29,4 +29,4 @@ Other issues you should take into consideration include:
 
 * **Two-factor authentication:** {% data reusables.enterprise_user_management.external_auth_disables_2fa %}
 
-* **Built-in authentication for users outside your identity provider:** You can invite users to authenticate to {% data variables.product.product_location_enterprise %} without adding them to your identity provider. For more information, see "[Allowing built-in authentication for users outside your identity provider](/enterprise/{{ currentVersion }}/admin/guides/user-management/allowing-built-in-authentication-for-users-outside-your-identity-provider)."
+* **Built-in authentication for users outside your identity provider:** You can invite users to authenticate to {% data variables.product.product_location %} without adding them to your identity provider. For more information, see "[Allowing built-in authentication for users outside your identity provider](/enterprise/{{ currentVersion }}/admin/guides/user-management/allowing-built-in-authentication-for-users-outside-your-identity-provider)."

content/admin/authentication/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad.md

@@ -0,0 +1,47 @@
+---
+title: Configuring authentication and provisioning for your enterprise using Azure AD
+shortTitle: Configuring with Azure AD
+intro: You can use a tenant in Azure Active Directory (Azure AD) as an identity provider (IdP) to centrally manage authentication and user provisioning for {% data variables.product.product_location %}.
+permissions: Enterprise owners can configure authentication and provisioning for an enterprise on {% data variables.product.product_name %}.
+product: '{% data reusables.gated-features.saml-sso %}'
+versions:
+  github-ae: '*'
+---
+
+### About authentication and user provisioning with Azure AD
+
+Azure Active Directory (Azure AD) is a service from Microsoft that allows you to centrally manage user accounts and access to web applications. For more information, see [What is Azure Active Directory?](https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis) in the Microsoft Docs.
+
+To manage identity and access for {% data variables.product.product_name %}, you can use an Azure AD tenant as a SAML IdP for authentication. You can also configure Azure AD to automatically provision accounts and access with SCIM. This configuration allows you to assign or unassign the {% data variables.product.prodname_ghe_managed %} application for a user account in your Azure AD tenant to automatically create, grant access to, or deactivate a corresponding user account on {% data variables.product.product_name %}.
+
+For more information about managing identity and access for your enterprise on {% data variables.product.product_location %}, see "[Managing identity and access for your enterprise](/admin/authentication/managing-identity-and-access-for-your-enterprise)."
+
+### Prerequisites
+
+To configure authentication and user provisioning for {% data variables.product.product_name %} using Azure AD, you must have an Azure AD account and tenant. For more information, see the [Azure AD website](https://azure.microsoft.com/en-us/free/active-directory) and [Quickstart: Create an Azure Active Directory tenant](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant) in the Microsoft Docs.
+
+{% data reusables.saml.assert-the-administrator-attribute %} For more information about including the `administrator` attribute in the SAML claim from Azure AD, see [How to: customize claims issued in the SAML token for enterprise applications](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization) in the Microsoft Docs.
+
+{% data reusables.saml.create-a-machine-user %}
+
+### Configuring authentication and user provisioning with Azure AD
+
+{% if currentVersion == "github-ae@latest" %}
+
+1. In Azure AD, add {% data variables.product.ae_azure_ad_app_link %} to your tenant and configure single sign-on.
+
+    | Value in Azure AD | Value from {% data variables.product.prodname_ghe_managed %} |
+    | :- | :- |
+    | Identifier (Entity ID) | <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em><code> |
+    | Reply URL | <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em>/saml/consume</code> |
+    | Sign on URL | <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em>/sso</code> |
+
+1. In {% data variables.product.prodname_ghe_managed %}, enter the details for your Azure AD tenant.
+
+    - {% data reusables.saml.ae-enable-saml-sso-during-bootstrapping %}
+
+    - If you've already configured SAML SSO for {% data variables.product.product_location %} using another IdP and you want to use Azure AD instead, you can edit your configuration. For more information, see "[Configuring SAML single sign-on for your enterprise](/admin/authentication/configuring-saml-single-sign-on-for-your-enterprise#editing-the-saml-sso-configuration)."
+
+1. Enable user provisioning in {% data variables.product.product_name %} and configure user provisioning in Azure AD. For more information, see "[Configuring user provisioning for your enterprise](/admin/authentication/configuring-user-provisioning-for-your-enterprise#enabling-user-provisioning-for-your-enterprise)."
+
+{% endif %}

content/admin/authentication/configuring-authentication-and-provisioning-with-your-identity-provider.md

@@ -0,0 +1,8 @@
+---
+title: Configuring authentication and provisioning with your identity provider
+intro: You can use an identity provider (IdP) that supports both SAML single sign-on (SSO) and System for Cross-domain Identity Management (SCIM) to configure authentication and user provisioning for {% data variables.product.product_location %}.
+mapTopic: true
+versions:
+  github-ae: '*'
+---
+

content/admin/authentication/configuring-saml-single-sign-on-for-your-enterprise.md

@@ -0,0 +1,105 @@
+---
+title: Configuring SAML single sign-on for your enterprise
+shortTitle: Configuring SAML SSO
+intro: You can configure SAML single sign-on (SSO) for your enterprise, which allows you to centrally control authentication for {% data variables.product.product_location %} using your identity provider (IdP).
+product: '{% data reusables.gated-features.saml-sso %}'
+permissions: Enterprise owners can configure SAML SSO for an enterprise on {% data variables.product.product_name %}.
+versions:
+  github-ae: '*'
+---
+
+### About SAML SSO
+
+{% if currentVersion == "github-ae@latest" %}
+
+SAML SSO allows you to centrally control and secure access to {% data variables.product.product_location %} from your SAML IdP. When an unauthenticated user visits {% data variables.product.product_location %} in a browser, {% data variables.product.product_name %} will redirect the user to your SAML IdP to authenticate. After the user successfully authenticates with an account on the IdP, the IdP redirects the user back to {% data variables.product.product_location %}. {% data variables.product.product_name %} validates the response from your IdP, then grants access to the user.
+
+After a user successfully authenticates on your IdP, the user's SAML session for {% data variables.product.product_location %} is active in the browser for 24 hours. After 24 hours, the user must authenticate again with your IdP.
+
+{% data reusables.saml.assert-the-administrator-attribute %}
+
+{% data reusables.scim.after-you-configure-saml %} For more information, see "[Configuring user provisioning for your enterprise](/admin/authentication/configuring-user-provisioning-for-your-enterprise)."
+
+{% endif %}
+
+### Supported identity providers
+
+{% data variables.product.product_name %} supports SAML SSO with IdPs that implement the SAML 2.0 standard. For more information, see the [SAML Wiki](https://wiki.oasis-open.org/security) on the OASIS website.
+
+{% data variables.product.company_short %} has tested SAML SSO for {% data variables.product.product_name %} with the following IdPs.
+
+{% if currentVersion == "github-ae@latest" %}
+- Azure AD
+{% endif %}
+
+### Enabling SAML SSO
+
+{% if currentVersion == "github-ae@latest" %}
+
+{% data reusables.saml.ae-enable-saml-sso-during-bootstrapping %}
+
+During initialization for {% data variables.product.product_name %}, you must configure {% data variables.product.product_name %} as a SAML Service Provider (SP) on your IdP. You must enter several unique values on your IdP to configure {% data variables.product.product_name %} as a valid SP.
+
+| Value | Other names | Description | Example |
+| :- | :- | :- | :- |
+| SP Entity ID | SP URL | Your top-level URL for {% data variables.product.prodname_ghe_managed %} | <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em></code>
+| SP Assertion Consumer Service (ACS) URL | Reply URL | URL where IdP sends SAML responses | <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em>/saml/consume</code> |
+| SP Single Sign-On (SSO) URL | | URL where IdP begins SSO |  <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em>/sso</code> |
+
+{% endif %}
+
+### Editing the SAML SSO configuration
+
+If the details for your IdP change, you'll need to edit the SAML SSO configuration for {% data variables.product.product_location %}. For example, if the certificate for your IdP expires, you can edit the value for the public certificate.
+
+{% if currentVersion == "github-ae@latest" %}
+
+{% note %}
+
+**Note**: {% data reusables.saml.contact-support-if-your-idp-is-unavailable %}
+
+{% endnote %} 
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.security-tab %}
+1. Under "SAML single sign-on", type the new details for your IdP.
+  ![Text entry fields with IdP details for SAML SSO configuration for an enterprise](/assets/images/help/saml/ae-edit-idp-details.png)
+1. Optionally, click {% octicon "pencil" aria-label="The edit icon" %} to configure a new signature or digest method.
+  ![Edit icon for changing signature and digest method](/assets/images/help/saml/ae-edit-idp-details-edit-signature-and-digest.png)
+
+    - Use the drop-down menus and choose the new signature or digest method.
+      ![Drop-down menus for choosing a new signature or digest method](/assets/images/help/saml/ae-edit-idp-details-edit-signature-and-digest-drop-down-menus.png)
+1. To ensure that the information you've entered is correct, click **Test SAML configuration**.
+  !["Test SAML configuration" button](/assets/images/help/saml/ae-edit-idp-details-test-saml-configuration.png)
+1. Click **Save**.
+    !["Save" button for SAML SSO configuration](/assets/images/help/saml/ae-edit-idp-details-save.png)
+1. Optionally, to automatically provision and deprovision user accounts for {% data variables.product.product_location %}, reconfigure user provisioning with SCIM. For more information, see "[Configuring user provisioning for your enterprise](/admin/authentication/configuring-user-provisioning-for-your-enterprise)."
+
+{% endif %}
+
+### Disabling SAML SSO
+
+{% if currentVersion == "github-ae@latest" %}
+
+{% warning %}
+
+**Warning**: If you disable SAML SSO for {% data variables.product.product_location %}, users without existing SAML SSO sessions cannot sign into {% data variables.product.product_location %}. SAML SSO sessions on {% data variables.product.product_location %} end after 24 hours.
+
+{% endwarning %}
+
+{% note %}
+
+**Note**: {% data reusables.saml.contact-support-if-your-idp-is-unavailable %}
+
+{% endnote %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.security-tab %}
+1. Under "SAML single sign-on", unselect **Enable SAML authentication**.
+  ![Checkbox for "Enable SAML authentication"](/assets/images/help/saml/ae-saml-disabled.png)
+1. To disable SAML SSO and require signing in with the built-in user account you created during initialization, click **Save**.
+    !["Save" button for SAML SSO configuration](/assets/images/help/saml/ae-saml-disabled-save.png)
+
+{% endif %}

content/admin/authentication/configuring-user-provisioning-for-your-enterprise.md

@@ -0,0 +1,72 @@
+---
+title: Configuring user provisioning for your enterprise
+shortTitle: Configuring user provisioning
+intro: You can configure System for Cross-domain Identity Management (SCIM) for your enterprise, which automatically provisions user accounts on {% data variables.product.product_location %} when you assign the application for {% data variables.product.product_location %} to a user on your identity provider (IdP).
+permissions: Enterprise owners can configure user provisioning for an enterprise on {% data variables.product.product_name %}.
+product: '{% data reusables.gated-features.saml-sso %}'
+versions:
+  github-ae: '*'
+---
+
+### About user provisioning for your enterprise
+
+{% data reusables.saml.ae-uses-saml-sso %} For more information, see "[Configuring SAML single sign-on for your enterprise](/admin/authentication/configuring-saml-single-sign-on-for-your-enterprise)."
+
+{% data reusables.scim.after-you-configure-saml %} For more information about SCIM, see [System for Cross-domain Identity Management: Protocol (RFC 7644)](https://tools.ietf.org/html/rfc7644) on the IETF website.
+
+{% if currentVersion == "github-ae@latest" %}
+
+Configuring provisioning allows your IdP to communicate with {% data variables.product.product_location %} when you assign or unassign the application for {% data variables.product.product_name %} to a user on your IdP. When you assign the application, your IdP will prompt {% data variables.product.product_location %} to create an account and send an onboarding email to the user. When you unassign the application, your IdP will communicate with {% data variables.product.product_name %} to invalidate any SAML sessions and disable the member's account.
+
+To configure provisioning for your enterprise, you must enable provisioning on {% data variables.product.product_name %}, then install and configure a provisioning application on your IdP.
+
+The provisioning application on your IdP communicates with {% data variables.product.product_name %} via our SCIM API for enterprises. For more information, see "[GitHub Enterprise administration](/rest/reference/enterprise-admin#scim)" in the {% data variables.product.prodname_dotcom %} REST API documentation.
+
+{% endif %}
+
+### Supported identity providers
+
+{% data reusables.scim.supported-idps %}
+
+### Prerequisites
+
+{% if currentVersion == "github-ae@latest" %}
+
+To automatically provision and deprovision access to {% data variables.product.product_location %} from your IdP, you must first configure SAML SSO when you initialize {% data variables.product.product_name %}. For more information, see "[Initializing {% data variables.product.prodname_ghe_managed %}](/admin/configuration/initializing-github-ae)."
+
+You must have administrative access on your IdP to configure the application for user provisioning for {% data variables.product.product_name %}.
+
+{% endif %}
+
+### Enabling user provisioning for your enterprise
+
+{% if currentVersion == "github-ae@latest" %}
+
+1. While signed into {% data variables.product.product_location %} as an enterprise owner, create a personal access token with **admin:enterprise** scope. For more information, see "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)."
+  {% note %}
+
+  **Notes**:
+    - To create the personal access token, we recommend using the account for the first enterprise owner that you created during initialization. For more information, see "[Initializing {% data variables.product.prodname_ghe_managed %}](/admin/configuration/initializing-github-ae)."
+    - You'll need this personal access token to configure the application for SCIM on your IdP. Store the token securely in a password manager until you need the token again later in these instructions.
+
+  {% endnote %}
+  {% warning %}
+
+  **Warning**: If the user account for the enterprise owner who creates the personal access token is deactivated or deprovisioned, your IdP will no longer provision and deprovision user accounts for your enterprise automatically. Another enterprise owner must create a new personal access token and reconfigure provisioning on the IdP.
+
+  {% endwarning %}
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.security-tab %}
+1. Under "SCIM User Provisioning", select **Require SCIM user provisioning**.
+  ![Checkbox for "Require SCIM user provisioning" within enterprise security settings](/assets/images/help/enterprises/settings-require-scim-user-provisioning.png)
+1. Click **Save**.
+  ![Save button under "Require SCIM user provisioning" within enterprise security settings](/assets/images/help/enterprises/settings-scim-save.png)
+1. Configure user provisioning in the application for {% data variables.product.product_name %} on your IdP. The application on your IdP requires two values to provision or deprovision user accounts on {% data variables.product.product_location %}.
+
+  | Value | Other names | Description | Example |
+  | :- | :- | :- | :- |
+  | URL | Tenant URL | URL to the SCIM provisioning API for your enterprise on {% data variables.product.prodname_ghe_managed %} | <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em>/scim/v2</code> |
+  | Shared secret | Personal access token, secret token | Token for application on your IdP to perform provisioning tasks on behalf of an enterprise owner | Personal access token you created in step 1 |
+
+{% endif %}

content/admin/authentication/index.md

@@ -1,10 +1,11 @@
 ---
 title: Authentication
-intro: 'You can use {% data variables.product.prodname_ghe_server %}''s built-in authentication, or choose between CAS, LDAP, or SAML to integrate your existing accounts and centrally manage user access to {% data variables.product.product_location_enterprise %}.'
+intro: You can configure how users sign into {% data variables.product.product_name %}.
 redirect_from:
   - /enterprise/admin/authentication
 versions:
   enterprise-server: '*'
+  github-ae: '*'
 ---
 
 
@@ -18,5 +19,9 @@ versions:
     {% link_in_list /using-ldap %}
     {% link_in_list /allowing-built-in-authentication-for-users-outside-your-identity-provider %}
     {% link_in_list /changing-authentication-methods %}
-
-
+{% topic_link_in_list /managing-identity-and-access-for-your-enterprise %}
+    {% link_in_list /about-identity-and-access-management-for-your-enterprise %}
+    {% link_in_list /configuring-saml-single-sign-on-for-your-enterprise %}
+    {% link_in_list /configuring-user-provisioning-for-your-enterprise %}
+{% topic_link_in_list /configuring-authentication-and-provisioning-with-your-identity-provider %}
+    {% link_in_list /configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad %}

content/admin/authentication/managing-identity-and-access-for-your-enterprise.md

@@ -0,0 +1,9 @@
+---
+title: Managing identity and access for your enterprise
+shortTitle: Managing identity and access
+intro: You can centrally manage accounts and access to {% data variables.product.product_location %}.
+mapTopic: true
+versions:
+  github-ae: '*'
+---
+

content/admin/authentication/using-built-in-authentication.md

@@ -1,6 +1,6 @@
 ---
 title: Using built-in authentication
-intro: 'When you use the default authentication method, all authentication details are stored within {% data variables.product.product_location_enterprise %}. Built-in authentication is the default method if you don’t already have an established authentication provider, such as LDAP, SAML, or CAS.'
+intro: 'When you use the default authentication method, all authentication details are stored within {% data variables.product.product_location %}. Built-in authentication is the default method if you don’t already have an established authentication provider, such as LDAP, SAML, or CAS.'
 redirect_from:
   - /enterprise/admin/user-management/using-built-in-authentication
   - /enterprise/admin/authentication/using-built-in-authentication

content/admin/authentication/using-cas.md

@@ -32,7 +32,7 @@ The following attributes are available.
 ### Configuring CAS
 {% warning %}
 
-**Warning:** Before configuring CAS on {% data variables.product.product_location_enterprise %}, note that users will not be able to use their CAS usernames and passwords to authenticate API requests or Git operations over HTTP/HTTPS. Instead, they will need to [create an access token](/enterprise/{{ currentVersion }}/user/articles/creating-an-access-token-for-command-line-use).
+**Warning:** Before configuring CAS on {% data variables.product.product_location %}, note that users will not be able to use their CAS usernames and passwords to authenticate API requests or Git operations over HTTP/HTTPS. Instead, they will need to [create an access token](/enterprise/{{ currentVersion }}/user/articles/creating-an-access-token-for-command-line-use).
 
 {% endwarning %}
 

content/admin/authentication/using-ldap.md

@@ -35,7 +35,7 @@ versions:
 {% data reusables.enterprise_user_management.two_factor_auth_header %}
 {% data reusables.enterprise_user_management.2fa_is_available %}
 
-### Configuring LDAP with {% data variables.product.product_location_enterprise %}
+### Configuring LDAP with {% data variables.product.product_location %}
 
 After you configure LDAP, users will be able to sign into your instance with their LDAP credentials. When users sign in for the first time, their profile names, email addresses, and SSH keys will be set with the LDAP attributes from your directory.
 
@@ -43,7 +43,7 @@ When you configure LDAP access for users via the {% data variables.enterprise.ma
 
 {% warning %}
 
-**Warning:** Before configuring LDAP on {% data variables.product.product_location_enterprise %}, make sure that your LDAP service supports paged results.
+**Warning:** Before configuring LDAP on {% data variables.product.product_location %}, make sure that your LDAP service supports paged results.
 
 {% endwarning %}
 
@@ -56,11 +56,11 @@ When you configure LDAP access for users via the {% data variables.enterprise.ma
 5. Add your configuration settings.
 
 ### LDAP attributes
-Use these attributes to finish configuring LDAP for {% data variables.product.product_location_enterprise %}.
+Use these attributes to finish configuring LDAP for {% data variables.product.product_location %}.
 
 | Attribute name           | Type     | Description |
 |--------------------------|----------|-------------|
-| `Host`                   | Required | The LDAP host, e.g. `ldap.example.com` or `10.0.0.30`. If the hostname is only available from your internal network, you may need to configure {% data variables.product.product_location_enterprise %}'s DNS first so it can resolve the hostname using your internal nameservers. |
+| `Host`                   | Required | The LDAP host, e.g. `ldap.example.com` or `10.0.0.30`. If the hostname is only available from your internal network, you may need to configure {% data variables.product.product_location %}'s DNS first so it can resolve the hostname using your internal nameservers. |
 | `Port`                   | Required | The port the host's LDAP services are listening on. Examples include: 389 and 636 (for LDAPS). |
 | `Encryption`             | Required | The encryption method used to secure communications to the LDAP server. Examples include plain (no encryption), SSL/LDAPS (encrypted from the start), and StartTLS (upgrade to encrypted communication once connected). |
 | `Domain search user`     | Optional | The LDAP user that performs user lookups to authenticate other users when they sign in. This is typically a service account created specifically for third-party integrations. Use a fully qualified name, such as `cn=Administrator,cn=Users,dc=Example,dc=com`. With Active Directory, you can also use the `[DOMAIN]\[USERNAME]` syntax (e.g. `WINDOWS\Administrator`) for the domain search user with Active Directory. |
@@ -194,7 +194,7 @@ Unless [LDAP Sync is enabled](#enabling-ldap-sync), changes to LDAP accounts are
 
 You can also [use the API to trigger a manual sync](/enterprise/{{ currentVersion }}/user/rest/reference/enterprise-admin#ldap).
 
-### Revoking access to {% data variables.product.product_location_enterprise %}
+### Revoking access to {% data variables.product.product_location %}
 
 If [LDAP Sync is enabled](#enabling-ldap-sync), removing a user's LDAP credentials will suspend their account after the next synchronization run.
 

content/admin/authentication/using-saml.md

@@ -81,13 +81,13 @@ These attributes are available. You can change the attribute names in the [manag
 
   {% endtip %}
 
-5. Select **Disable administrator demotion/promotion** if you **do not** want your SAML provider to determine administrator rights for users on {% data variables.product.product_location_enterprise %}.
+5. Select **Disable administrator demotion/promotion** if you **do not** want your SAML provider to determine administrator rights for users on {% data variables.product.product_location %}.
 ![SAML disable admin config](/assets/images/enterprise/management-console/disable-admin-demotion-promotion.png)
-6. In the **Single sign-on URL** field, type the HTTP or HTTPS endpoint on your IdP for single sign-on requests. This value is provided by your IdP configuration. If the host is only available from your internal network, you may need to [configure {% data variables.product.product_location_enterprise %} to use internal nameservers](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-dns-nameservers/).
+6. In the **Single sign-on URL** field, type the HTTP or HTTPS endpoint on your IdP for single sign-on requests. This value is provided by your IdP configuration. If the host is only available from your internal network, you may need to [configure {% data variables.product.product_location %} to use internal nameservers](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-dns-nameservers/).
 ![SAML authentication](/assets/images/enterprise/management-console/saml-single-sign-url.png)
-7. Optionally, in the **Issuer** field, type your SAML issuer's name. This verifies the authenticity of messages sent to {% data variables.product.product_location_enterprise %}.
+7. Optionally, in the **Issuer** field, type your SAML issuer's name. This verifies the authenticity of messages sent to {% data variables.product.product_location %}.
 ![SAML issuer](/assets/images/enterprise/management-console/saml-issuer.png)
-8. In the **Signature Method** and **Digest Method** drop-down menus, choose the hashing algorithm used by your SAML issuer to verify the integrity of the requests from {% data variables.product.product_location_enterprise %}. Specify the format with the **Name Identifier Format** drop-down menu.
+8. In the **Signature Method** and **Digest Method** drop-down menus, choose the hashing algorithm used by your SAML issuer to verify the integrity of the requests from {% data variables.product.product_location %}. Specify the format with the **Name Identifier Format** drop-down menu.
 ![SAML method](/assets/images/enterprise/management-console/saml-method.png)
 9. Under **Verification certificate**, click **Choose File** and choose a certificate to validate SAML responses from the IdP.
 ![SAML authentication](/assets/images/enterprise/management-console/saml-verification-cert.png)
@@ -113,7 +113,7 @@ These attributes are available. You can change the attribute names in the [manag
 
 {% endif %}
 
-### Revoking access to {% data variables.product.product_location_enterprise %}
+### Revoking access to {% data variables.product.product_location %}
 
 If you remove a user from your identity provider, you must also manually suspend them. Otherwise, they'll continue to be able to authenticate using access tokens or SSH keys. For more information, see "[Suspending and unsuspending users](/enterprise/admin/guides/user-management/suspending-and-unsuspending-users)".
 

content/admin/configuration/about-enterprise-configuration.md

@@ -0,0 +1,30 @@
+---
+title: About enterprise configuration
+intro: 'You can use the site admin dashboard{% if enterpriseServerVersions contains currentVersion %}, {% data variables.enterprise.management_console %}, and administrative shell (SSH) {% elsif currentVersion == "github-ae@latest" %} and enterprise settings or contact support{% endif %} to manage your enterprise.'
+versions:
+  enterprise-server: '*'
+  github-ae: '*'
+---
+
+{% if enterpriseServerVersions contains currentVersion %}
+{% data reusables.enterprise_site_admin_settings.about-the-site-admin-dashboard %} For more information, see "[Site admin dashboard](/admin/configuration/site-admin-dashboard)."
+
+{% data reusables.enterprise_site_admin_settings.about-the-management-console %} For more information, see "[Accessing the management console](/admin/configuration/accessing-the-management-console)."
+
+{% data reusables.enterprise_site_admin_settings.about-ssh-access %} For more information, see "[Accessing the administrative shell (SSH)](/admin/configuration/accessing-the-administrative-shell-ssh)."
+{% endif %}
+
+{% if currentVersion == "github-ae@latest" %}
+The first time you access your enterprise, you will complete an initial configuration to get {% data variables.product.product_name %} ready to use. The initial configuration includes connecting your enterprise with an idP, authenticating with SAML SSO, and configuring policies for repositories and organizations in your enterprise. For more information, see "[Initializing {% data variables.product.prodname_ghe_managed %}](/admin/configuration/initializing-github-ae)."
+
+For users to receive any emails from {% data variables.product.product_name %} after the initial configuration, you must ask {% data variables.contact.github_support %} to configure outbound email support with your SMTP server. For more information, see "[Configuring email for notifications](/admin/configuration/configuring-email-for-notifications)."
+
+Later, you can use the site admin dashboard and enterprise settings to further configure your enterprise, manage users, organizations and repositories, and set policies that reduce risk and increase quality. 
+
+All enterprises are configured with subdomain isolation and support for TLS 1.2 and higher for encrypted traffic only.
+{% endif %}
+
+### Further reading
+
+- "[Managing users, organizations, and repositories](/admin/user-management)"
+- "[Setting policies for your enterprise](/admin/policies)"

content/admin/configuration/accessing-the-administrative-shell-ssh.md

@@ -10,7 +10,7 @@ redirect_from:
   - /enterprise/admin/2.15/articles/troubleshooting-ssh-permission-denied-publickey/
   - /enterprise/admin/installation/accessing-the-administrative-shell-ssh
   - /enterprise/admin/configuration/accessing-the-administrative-shell-ssh
-intro: 'SSH access allows you to run the {% data variables.product.prodname_ghe_server %} command line utilities and is useful for troubleshooting, running backups, and configuring replication.'
+intro: '{% data reusables.enterprise_site_admin_settings.about-ssh-access %}'
 versions:
   enterprise-server: '*'
 ---
@@ -47,7 +47,7 @@ admin@github-example-com:~$ █
 
 #### Troubleshooting SSH connection problems
 
-If you encounter the `Permission denied (publickey)` error when you try to connect to {% data variables.product.product_location_enterprise %} via SSH, confirm that you are connecting over port 122. You may need to explicitly specify which private SSH key to use.
+If you encounter the `Permission denied (publickey)` error when you try to connect to {% data variables.product.product_location %} via SSH, confirm that you are connecting over port 122. You may need to explicitly specify which private SSH key to use.
 
 To specify a private SSH key using the command line, run `ssh` with the `-i` argument.
 

content/admin/configuration/accessing-the-management-console.md

@@ -1,6 +1,6 @@
 ---
 title: Accessing the management console
-intro: 'Use the {% data variables.enterprise.management_console %} to set up and configure {% data variables.product.product_location %}, schedule maintenance windows, troubleshoot issues, and manage your license.'
+intro: '{% data reusables.enterprise_site_admin_settings.about-the-management-console %}'
 redirect_from:
   - /enterprise/admin/articles/about-the-management-console/
   - /enterprise/admin/articles/management-console-for-emergency-recovery/
@@ -17,15 +17,15 @@ versions:
 ### About the {% data variables.enterprise.management_console %}
 
 Use the {% data variables.enterprise.management_console %} for basic administrative activities:
-- **Initial setup**: Walk through the initial setup process when first launching {% data variables.product.product_location_enterprise %} by visiting {% data variables.product.product_location_enterprise %}'s IP address in your browser.
+- **Initial setup**: Walk through the initial setup process when first launching {% data variables.product.product_location %} by visiting {% data variables.product.product_location %}'s IP address in your browser.
 - **Configuring basic settings for your instance**: Configure DNS, hostname, SSL, user authentication, email, monitoring services, and log forwarding on the Settings page.
-- **Scheduling maintenance windows**: Take your {% data variables.product.product_location_enterprise %} offline while performing maintenance using the {% data variables.enterprise.management_console %} or administrative shell.
+- **Scheduling maintenance windows**: Take your {% data variables.product.product_location %} offline while performing maintenance using the {% data variables.enterprise.management_console %} or administrative shell.
 - **Troubleshooting**: Generate a support bundle or view high level diagnostic information.
 - **License management**: View or update your {% data variables.product.prodname_enterprise %} license.
 
-You can always reach the {% data variables.enterprise.management_console %} using {% data variables.product.product_location_enterprise %}'s IP address, even when the instance is in maintenance mode, or there is a critical application failure or hostname or SSL misconfiguration.
+You can always reach the {% data variables.enterprise.management_console %} using {% data variables.product.product_location %}'s IP address, even when the instance is in maintenance mode, or there is a critical application failure or hostname or SSL misconfiguration.
 
-To access the {% data variables.enterprise.management_console %}, you must use the administrator password established during initial setup of {% data variables.product.product_location_enterprise %}. You must also be able to connect to the virtual machine host on port 8443. If you're having trouble reaching the {% data variables.enterprise.management_console %}, please check intermediate firewall and security group configurations.
+To access the {% data variables.enterprise.management_console %}, you must use the administrator password established during initial setup of {% data variables.product.product_location %}. You must also be able to connect to the virtual machine host on port 8443. If you're having trouble reaching the {% data variables.enterprise.management_console %}, please check intermediate firewall and security group configurations.
 
 ### Accessing the {% data variables.enterprise.management_console %} as a site administrator
 

content/admin/configuration/command-line-utilities.md

@@ -62,7 +62,7 @@ ghe-cleanup-settings
 
 #### ghe-config
 
-With this utility, you can both retrieve and modify the configuration settings of {% data variables.product.product_location_enterprise %}.
+With this utility, you can both retrieve and modify the configuration settings of {% data variables.product.product_location %}.
 
 ```shell
 $ ghe-config <em>core.github-hostname</em>
@@ -393,7 +393,7 @@ This utility allows you to install a custom root CA certificate on your {% data
 
 Run this utility to add a certificate chain for S/MIME commit signature verification. For more information, see "[About commit signature verification](/enterprise/{{ currentVersion }}/user/articles/about-commit-signature-verification/)."
 
-Run this utility when {% data variables.product.product_location_enterprise %} is unable to connect to another server because the latter is using a self-signed SSL certificate or an SSL certificate for which it doesn't provide the necessary CA bundle. One way to confirm this is to run `openssl s_client -connect host:port -verify 0 -CApath /etc/ssl/certs` from {% data variables.product.product_location_enterprise %}. If the remote server's SSL certificate can be verified, your `SSL-Session` should have a return code of 0, as shown below.
+Run this utility when {% data variables.product.product_location %} is unable to connect to another server because the latter is using a self-signed SSL certificate or an SSL certificate for which it doesn't provide the necessary CA bundle. One way to confirm this is to run `openssl s_client -connect host:port -verify 0 -CApath /etc/ssl/certs` from {% data variables.product.product_location %}. If the remote server's SSL certificate can be verified, your `SSL-Session` should have a return code of 0, as shown below.
 
 ```
 SSL-Session:
@@ -451,7 +451,7 @@ $ ghe-storage-extend
 
 #### ghe-version
 
-This utility prints the version, platform, and build of {% data variables.product.product_location_enterprise %}.
+This utility prints the version, platform, and build of {% data variables.product.product_location %}.
 
 ```shell
 $ ghe-version

content/admin/configuration/configuring-a-hostname.md

@@ -9,7 +9,7 @@ versions:
   enterprise-server: '*'
 ---
 
-If you configure a hostname instead of a hard-coded IP address, you will be able to change the physical hardware that {% data variables.product.product_location_enterprise %} runs on without affecting users or client software.
+If you configure a hostname instead of a hard-coded IP address, you will be able to change the physical hardware that {% data variables.product.product_location %} runs on without affecting users or client software.
 
 The hostname setting in the {% data variables.enterprise.management_console %} should be set to an appropriate fully qualified domain name (FQDN) which is resolvable on the internet or within your internal network. For example, your hostname setting could be `github.companyname.com.` We also recommend enabling subdomain isolation for the chosen hostname to mitigate several cross-site scripting style vulnerabilities. For more information on hostname settings, see [Section 2.1 of the HTTP RFC](https://tools.ietf.org/html/rfc1123#section-2).
 
@@ -18,11 +18,11 @@ The hostname setting in the {% data variables.enterprise.management_console %} s
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
 {% data reusables.enterprise_management_console.hostname-menu-item %}
-4. Type the hostname you'd like to set for {% data variables.product.product_location_enterprise %}.
+4. Type the hostname you'd like to set for {% data variables.product.product_location %}.
   ![Field for setting a hostname](/assets/images/enterprise/management-console/hostname-field.png)
 5. To test the DNS and SSL settings for the new hostname, click **Test domain settings**.
   ![Test domain settings button](/assets/images/enterprise/management-console/test-domain-settings.png)
 {% data reusables.enterprise_management_console.test-domain-settings-failure %}
 {% data reusables.enterprise_management_console.save-settings %}
 
-After you configure a hostname, we recommend that you enable subdomain isolation for {% data variables.product.product_location_enterprise %}. For more information, see "[Enabling subdomain isolation](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-subdomain-isolation/)."
+After you configure a hostname, we recommend that you enable subdomain isolation for {% data variables.product.product_location %}. For more information, see "[Enabling subdomain isolation](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-subdomain-isolation/)."

content/admin/configuration/configuring-an-outbound-web-proxy-server.md

@@ -1,6 +1,6 @@
 ---
 title: Configuring an outbound web proxy server
-intro: 'A proxy server provides an additional level of security for {% data variables.product.product_location_enterprise %}.'
+intro: 'A proxy server provides an additional level of security for {% data variables.product.product_location %}.'
 redirect_from:
   - /enterprise/admin/guides/installation/configuring-a-proxy-server/
   - /enterprise/admin/installation/configuring-an-outbound-web-proxy-server
@@ -8,11 +8,11 @@ redirect_from:
 versions:
   enterprise-server: '*'
 ---
-When a proxy server is enabled for {% data variables.product.product_location_enterprise %}, outbound messages sent by {% data variables.product.prodname_ghe_server %} are first sent through the proxy server, unless the destination host is added as an HTTP proxy exclusion. Types of outbound messages include outgoing webhooks, uploading bundles, and fetching legacy avatars. The proxy server's URL is the protocol, domain or IP address, plus the port number, for example `http://127.0.0.1:8123`.
+When a proxy server is enabled for {% data variables.product.product_location %}, outbound messages sent by {% data variables.product.prodname_ghe_server %} are first sent through the proxy server, unless the destination host is added as an HTTP proxy exclusion. Types of outbound messages include outgoing webhooks, uploading bundles, and fetching legacy avatars. The proxy server's URL is the protocol, domain or IP address, plus the port number, for example `http://127.0.0.1:8123`.
 
 {% note %}
 
-**Note:**  To connect {% data variables.product.product_location_enterprise %} to {% data variables.product.prodname_dotcom_the_website %}, your proxy configuration must allow connectivity to `github.com` and `api.github.com`. For more information, see "[Connecting {% data variables.product.prodname_ghe_server %} to {% data variables.product.prodname_dotcom_the_website %}](/enterprise/{{ currentVersion }}/admin/guides/developer-workflow/connecting-github-enterprise-server-to-github-com)."
+**Note:**  To connect {% data variables.product.product_location %} to {% data variables.product.prodname_dotcom_the_website %}, your proxy configuration must allow connectivity to `github.com` and `api.github.com`. For more information, see "[Connecting {% data variables.product.prodname_ghe_server %} to {% data variables.product.prodname_dotcom_the_website %}](/enterprise/{{ currentVersion }}/admin/guides/developer-workflow/connecting-github-enterprise-server-to-github-com)."
 
 {% endnote %}
 

content/admin/configuration/configuring-applications.md

@@ -1,6 +1,6 @@
 ---
 title: Configuring applications
-intro: 'You can configure internal application settings for {% data variables.product.product_location_enterprise %}.'
+intro: 'You can configure internal application settings for {% data variables.product.product_location %}.'
 redirect_from:
   - /enterprise/admin/installation/configuring-applications
   - /enterprise/admin/configuration/configuring-applications
@@ -10,12 +10,12 @@ versions:
 
 ### Adjusting image caching
 
-You can choose the amount of time that {% data variables.product.product_location_enterprise %} caches avatars. When you increase the cache time, you increase the amount of time a user's avatar will take to load. Configuring the cache time with too low a value can overload {% data variables.product.product_location_enterprise %} work processes. 
+You can choose the amount of time that {% data variables.product.product_location %} caches avatars. When you increase the cache time, you increase the amount of time a user's avatar will take to load. Configuring the cache time with too low a value can overload {% data variables.product.product_location %} work processes. 
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
 3. In the left sidebar, click **Applications**.
 ![Applications tab in the settings sidebar](/assets/images/enterprise/management-console/sidebar-applications.png)
-4. Under "Avatar image cache time (seconds)", type the number of seconds that you would like {% data variables.product.product_location_enterprise %} to cache avatar images.
+4. Under "Avatar image cache time (seconds)", type the number of seconds that you would like {% data variables.product.product_location %} to cache avatar images.
 ![Avatar image caching form field](/assets/images/enterprise/management-console/add-image-caching-value-field.png)
 {% data reusables.enterprise_management_console.save-settings %}

content/admin/configuration/configuring-backups-on-your-appliance.md

@@ -12,14 +12,14 @@ redirect_from:
   - /enterprise/admin/guides/installation/backups-and-disaster-recovery/
   - /enterprise/admin/installation/configuring-backups-on-your-appliance
   - /enterprise/admin/configuration/configuring-backups-on-your-appliance
-intro: 'As part of a disaster recovery plan, you can protect production data on {% data variables.product.product_location_enterprise %} by configuring automated backups.'
+intro: 'As part of a disaster recovery plan, you can protect production data on {% data variables.product.product_location %} by configuring automated backups.'
 versions:
   enterprise-server: '*'
 ---
 
 ### About {% data variables.product.prodname_enterprise_backup_utilities %}
 
-{% data variables.product.prodname_enterprise_backup_utilities %} is a backup system you install on a separate host, which takes backup snapshots of {% data variables.product.product_location_enterprise %} at regular intervals over a secure SSH network connection. You can use a snapshot to restore an existing {% data variables.product.prodname_ghe_server %} instance to a previous state from the backup host.
+{% data variables.product.prodname_enterprise_backup_utilities %} is a backup system you install on a separate host, which takes backup snapshots of {% data variables.product.product_location %} at regular intervals over a secure SSH network connection. You can use a snapshot to restore an existing {% data variables.product.prodname_ghe_server %} instance to a previous state from the backup host.
 
 Only data added since the last snapshot will transfer over the network and occupy additional physical storage space. To minimize performance impact, backups are performed online under the lowest CPU/IO priority. You do not need to schedule a maintenance window to perform a backup.
 
@@ -27,11 +27,11 @@ For more detailed information on features, requirements, and advanced usage, see
 
 ### Prerequisites
 
-To use {% data variables.product.prodname_enterprise_backup_utilities %}, you must have a Linux or Unix host system separate from {% data variables.product.product_location_enterprise %}.
+To use {% data variables.product.prodname_enterprise_backup_utilities %}, you must have a Linux or Unix host system separate from {% data variables.product.product_location %}.
 
 You can also integrate {% data variables.product.prodname_enterprise_backup_utilities %} into an existing environment for long-term permanent storage of critical data.
 
-We recommend that the backup host and {% data variables.product.product_location_enterprise %} be geographically distant from each other. This ensures that backups are available for recovery in the event of a major disaster or network outage at the primary site.
+We recommend that the backup host and {% data variables.product.product_location %} be geographically distant from each other. This ensures that backups are available for recovery in the event of a major disaster or network outage at the primary site.
 
 Physical storage requirements will vary based on Git repository disk usage and expected growth patterns:
 
@@ -59,7 +59,7 @@ More resources may be required depending on your usage, such as user activity an
 3. Set the `GHE_HOSTNAME` value to your primary {% data variables.product.prodname_ghe_server %} instance's hostname or IP address.
 4. Set the `GHE_DATA_DIR` value to the filesystem location where you want to store backup snapshots.
 5. Open your primary instance's settings page at `https://HOSTNAME/setup/settings` and add the backup host's SSH key to the list of authorized SSH keys. For more information, see [Accessing the administrative shell (SSH)](/enterprise/{{ currentVersion }}/admin/guides/installation/accessing-the-administrative-shell-ssh/).
-5. Verify SSH connectivity with {% data variables.product.product_location_enterprise %} with the `ghe-host-check` command.
+5. Verify SSH connectivity with {% data variables.product.product_location %} with the `ghe-host-check` command.
   ```shell
   $ bin/ghe-host-check		  
   ```		  
@@ -78,9 +78,9 @@ If backup attempts overlap, the `ghe-backup` command will abort with an error me
 
 ### Restoring a backup
 
-In the event of prolonged outage or catastrophic event at the primary site, you can restore {% data variables.product.product_location_enterprise %} by provisioning another {% data variables.product.prodname_enterprise %} appliance and performing a restore from the backup host. You must add the backup host's SSH key to the target {% data variables.product.prodname_enterprise %} appliance as an authorized SSH key before restoring an appliance.
+In the event of prolonged outage or catastrophic event at the primary site, you can restore {% data variables.product.product_location %} by provisioning another {% data variables.product.prodname_enterprise %} appliance and performing a restore from the backup host. You must add the backup host's SSH key to the target {% data variables.product.prodname_enterprise %} appliance as an authorized SSH key before restoring an appliance.
 
-To restore {% data variables.product.product_location_enterprise %} from the last successful snapshot, use the `ghe-restore` command. You should see output similar to this:
+To restore {% data variables.product.product_location %} from the last successful snapshot, use the `ghe-restore` command. You should see output similar to this:
 
 ```shell
 $ ghe-restore -c 169.154.1.1

content/admin/configuration/configuring-built-in-firewall-rules.md

@@ -1,6 +1,6 @@
 ---
 title: Configuring built-in firewall rules
-intro: 'You can view default firewall rules and customize rules for {% data variables.product.product_location_enterprise %}.'
+intro: 'You can view default firewall rules and customize rules for {% data variables.product.product_location %}.'
 redirect_from:
   - /enterprise/admin/guides/installation/configuring-firewall-settings/
   - /enterprise/admin/installation/configuring-built-in-firewall-rules
@@ -9,7 +9,7 @@ versions:
   enterprise-server: '*'
 ---
 
-### About {% data variables.product.product_location_enterprise %}'s firewall
+### About {% data variables.product.product_location %}'s firewall
 
 {% data variables.product.prodname_ghe_server %} uses Ubuntu's Uncomplicated Firewall (UFW) on the virtual appliance. For more information see "[UFW](https://help.ubuntu.com/community/UFW)" in the Ubuntu documentation. {% data variables.product.prodname_ghe_server %} automatically updates the firewall allowlist of allowed services with each release.
 
@@ -66,7 +66,7 @@ The UFW firewall also opens several other ports that are required for {% data va
   $ sudo cp -r /lib/ufw ~/ufw.backup
   ```
 
-After you upgrade {% data variables.product.product_location_enterprise %}, you must reapply your custom firewall rules. We recommend that you create a script to reapply your firewall custom rules.
+After you upgrade {% data variables.product.product_location %}, you must reapply your custom firewall rules. We recommend that you create a script to reapply your firewall custom rules.
 
 ### Restoring the default firewall rules
 

content/admin/configuration/configuring-code-scanning-for-your-appliance.md

@@ -1,7 +1,7 @@
 ---
 title: Configuring code scanning for your appliance
 shortTitle: Configuring code scanning
-intro: 'You can enable, configure and disable {% data variables.product.prodname_code_scanning %} for {% data variables.product.product_location_enterprise %}. {% data variables.product.prodname_code_scanning_capc %} allows users to scan code for vulnerabilities and errors.'
+intro: 'You can enable, configure and disable {% data variables.product.prodname_code_scanning %} for {% data variables.product.product_location %}. {% data variables.product.prodname_code_scanning_capc %} allows users to scan code for vulnerabilities and errors.'
 product: '{% data reusables.gated-features.code-scanning %}'
 miniTocMaxHeadingLevel: 4
 redirect_from:
@@ -20,7 +20,7 @@ The table below summarizes the available types of analysis for {% data variables
 
 {% data reusables.code-scanning.enabling-options %}
 
-For the users of {% data variables.product.product_location_enterprise %} to be able to enable and use {% data variables.product.prodname_code_scanning %} in their repositories, you need, as a site administrator, to enable this feature for the whole appliance.
+For the users of {% data variables.product.product_location %} to be able to enable and use {% data variables.product.prodname_code_scanning %} in their repositories, you need, as a site administrator, to enable this feature for the whole appliance.
 
 ### How do I know if {% data variables.product.prodname_code_scanning %} is enabled for my appliance
 
@@ -55,18 +55,18 @@ You must ensure that Git is in the PATH variable on any self-hosted runners you
 To run {% data variables.product.prodname_code_scanning %} on {% data variables.product.prodname_ghe_server %} with {% data variables.product.prodname_actions %}, the appropriate action must be available locally. You can make the action available in three ways.
 
 - **Recommended** You can use [{% data variables.product.prodname_github_connect %}](/enterprise/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud) to automatically download actions from {% data variables.product.prodname_dotcom_the_website %}. The machine that hosts your instance must be able to access {% data variables.product.prodname_dotcom_the_website %}. This approach ensures that you get the latest software automatically. For more information, see "[Configuring {% data variables.product.prodname_github_connect %} to sync {% data variables.product.prodname_actions %}](/enterprise/admin/configuration/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions)."
-- If you want to use the {% data variables.product.prodname_codeql_workflow %}, you can sync the repository from {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.prodname_ghe_server %}, by using the {% data variables.product.prodname_codeql %} Action sync tool available at [https://github.com/github/codeql-action-sync-tool](https://github.com/github/codeql-action-sync-tool/). You can use this tool regardless of whether {% data variables.product.product_location_enterprise %} or your {% data variables.product.prodname_actions %} runners have access to the internet, as long as you can access both {% data variables.product.product_location_enterprise %} and {% data variables.product.prodname_dotcom_the_website %} simultaneously on your computer.
+- If you want to use the {% data variables.product.prodname_codeql_workflow %}, you can sync the repository from {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.prodname_ghe_server %}, by using the {% data variables.product.prodname_codeql %} Action sync tool available at [https://github.com/github/codeql-action-sync-tool](https://github.com/github/codeql-action-sync-tool/). You can use this tool regardless of whether {% data variables.product.product_location %} or your {% data variables.product.prodname_actions %} runners have access to the internet, as long as you can access both {% data variables.product.product_location %} and {% data variables.product.prodname_dotcom_the_website %} simultaneously on your computer.
 - You can create a local copy of the action's repository on your server, by cloning the {% data variables.product.prodname_dotcom_the_website %} repository with the action. For example, if you want to use the {% data variables.product.prodname_codeql %} action, you can create a repository in your instance called `github/codeql-action`, then clone the [repository](https://github.com/github/codeql-action) from {% data variables.product.prodname_dotcom_the_website %}, and then push that repository to your instance's `github/codeql-action` repository. You will also need to download any of the releases from the repository on {% data variables.product.prodname_dotcom_the_website %} and upload them to your instance's `github/codeql-action` repository as releases. 
 
 
 ##### Configuring {% data variables.product.prodname_github_connect %} to sync {% data variables.product.prodname_actions %}
 
 1. If you want to download action workflows on demand from {% data variables.product.prodname_dotcom_the_website %}, you need to enable {% data variables.product.prodname_github_connect %}. For more information, see "[Enabling {% data variables.product.prodname_github_connect %}](/enterprise/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud#enabling-github-connect)."
-2. You'll also need to enable {% data variables.product.prodname_actions %} for {% data variables.product.product_location_enterprise %}. For more information, see "[Enabling {% data variables.product.prodname_actions %} and configuring storage](/enterprise/admin/github-actions/enabling-github-actions-and-configuring-storage)."
+2. You'll also need to enable {% data variables.product.prodname_actions %} for {% data variables.product.product_location %}. For more information, see "[Enabling {% data variables.product.prodname_actions %} and configuring storage](/enterprise/admin/github-actions/enabling-github-actions-and-configuring-storage)."
 3. The next step is to configure access to actions on {% data variables.product.prodname_dotcom_the_website %} using {% data variables.product.prodname_github_connect %}. For more information, see "[Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/enterprise/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect)."
 4. Add a self-hosted runner to your repository, organization, or enterprise account. For more information, see "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."
 
-After you configure a self-hosted runner, users can enable {% data variables.product.prodname_code_scanning %} for individual repositories on {% data variables.product.product_location_enterprise %}. For more information, see "[Enabling {% data variables.product.prodname_code_scanning %} for a repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository)."
+After you configure a self-hosted runner, users can enable {% data variables.product.prodname_code_scanning %} for individual repositories on {% data variables.product.product_location %}. For more information, see "[Enabling {% data variables.product.prodname_code_scanning %} for a repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository)."
 
 ### Running {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql_runner %}
 If your organization isn't taking part in the beta for {% data variables.product.prodname_actions %}, or if you don't want to use {% data variables.product.prodname_actions %}, you can run {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql_runner %}. 

content/admin/configuration/configuring-data-encryption-for-your-enterprise.md

@@ -0,0 +1,71 @@
+---
+title: Configuring data encryption for your enterprise
+shortTitle: Configuring data encryption
+intro: 'For encryption at rest, you can provide your own encryption key to encrypt your data under your encryption policies.'
+versions:
+  github-ae: '*'
+---
+
+{% note %}
+
+**Note:** Configuring encryption at rest with a customer-managed key is currently in beta and subject to change.
+
+{% endnote %}
+
+### About data encryption
+
+To provide a high level of security, {% data variables.product.product_name %} encrypts your data while at rest in the data centers and while your data is in transit between users' machines and the data centers.
+
+For encryption in transit, {% data variables.product.product_name %} uses Transport Layer Security (TLS). For encryption at rest, {% data variables.product.product_name %} provides a default RSA key. After you've initialized your enterprise, you can choose to provide your own key instead. Your key should be a 2048 bit RSA private key in PEM format.
+
+The key that you provide is stored in a hardware security module (HSM) in a key vault that {% data variables.product.company_short %} manages.
+
+To configure your encryption key, use the REST API. There are a number of API endpoints, for example to check the status of encryption, update your encryption key, and delete your encryption key. Note that deleting your key will freeze your enterprise. For more information about the API endpoints, see "[Encryption at rest](/rest/reference/enterprise-admin#encryption-at-rest)" in the REST API documentation.
+
+### Adding or updating an encryption key
+
+You can add a new encryption key as often as you need. When you add a new key, the old key is discarded. Your enterprise won't experience downtime when you update the key.
+
+Your 2048 bit RSA private key should be in PEM format, for example in a file called _private-key.pem_.
+   
+   ```
+   -----BEGIN RSA PRIVATE KEY-----
+   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+   -----END RSA PRIVATE KEY-----
+   ```
+
+1. To add your key, use the `PATCH /enterprise/encryption` endpoint, replacing *~/private-key.pem* with the path to your private key.
+
+   ```shell
+   curl -X PATCH http(s)://<em>hostname</em>/api/v3/enterprise/encryption \
+     -d "{ \"key\": \"$(awk '{printf "%s\\n", $0}' ~/private-key.pem)\" }"
+   ```
+
+2. Optionally, check the status of the update operation.
+
+   ```shell
+   curl -X GET http(s)://<em>hostname</em>/api/v3/enterprise/encryption/status/<em>request_id</em>
+   ```
+
+### Deleting your encryption key
+
+To freeze your enterprise, for example in the case of a breach, you can disable encryption at rest by deleting your encryption key.
+
+To unfreeze your enterprise after you've deleted your encryption key, contact support. For more information, see "[About {% data variables.contact.enterprise_support %}](/admin/enterprise-support/about-github-enterprise-support)."
+
+1. To delete your key and disable encryption at rest, use the `DELETE /enterprise/encryption` endpoint.
+
+   ```shell
+   curl -X DELETE http(s)://<em>hostname</em>/api/v3/enterprise/encryption
+   ```
+
+2. Optionally, check the status of the delete operation.
+
+   ```shell
+   curl -X GET http(s)://<em>hostname</em>/api/v3/enterprise/encryption/status/<em>request_id</em>
+   ```
+
+### Further reading
+
+- "[Encryption at rest](/rest/reference/enterprise-admin#encryption-at-rest)" in the REST API documentation 

content/admin/configuration/configuring-dns-nameservers.md

@@ -9,7 +9,7 @@ versions:
   enterprise-server: '*'
 ---
 
-The nameservers you specify must resolve {% data variables.product.product_location_enterprise %}'s hostname.
+The nameservers you specify must resolve {% data variables.product.product_location %}'s hostname.
 
 {% data reusables.enterprise_installation.changing-hostname-not-supported %}
 
@@ -28,7 +28,7 @@ The nameservers you specify must resolve {% data variables.product.product_locat
   ```
 3. Append any `nameserver` entries, then save the file.
 4. After verifying your changes, save the file.
-5. To add your new nameserver entries to {% data variables.product.product_location_enterprise %}, enter:
+5. To add your new nameserver entries to {% data variables.product.product_location %}, enter:
   ```shell
   $ sudo service resolvconf restart
   ```

content/admin/configuration/configuring-email-for-notifications.md

@@ -6,11 +6,25 @@ redirect_from:
   - /enterprise/admin/articles/troubleshooting-email/
   - /enterprise/admin/articles/email-configuration-and-troubleshooting/
   - /enterprise/admin/user-management/configuring-email-for-notifications
-intro: 'To make it easy for users to respond quickly to activity on {% data variables.product.prodname_ghe_server %}, you can configure your instance to send email notifications on issue, pull request, and commit comments, as well as additional settings to allow inbound email replies. Notification emails are sent if there is activity on a repository a user is watching, if there is activity in a pull request or issue they are participating in, or if the user or team they''re a member of are @mentioned in a comment.'
+intro: 'To make it easy for users to respond quickly to activity on {% data variables.product.product_name %}, you can configure your enterprise to send email notifications on issue, pull request, and commit comments{% if enterpriseServerVersions contains currentVersion %}, as well as additional settings to allow inbound email replies{% endif %}.'
 versions:
   enterprise-server: '*'
+  github-ae: '*'
 ---
 
+Notification emails are sent if there is activity on a repository a user is watching, if there is activity in a pull request or issue they are participating in, or if the user or team they're a member of are @mentioned in a comment.
+
+{% if currentVersion == "github-ae@latest" %}
+Your dedicated technical account manager in {% data variables.contact.github_support %} can configure email for notifications to be sent through your SMTP server. Make sure you include the following details in your support request.
+
+- Your SMTP server address
+- The port your SMTP server uses to send email
+- The domain name that your SMTP server will send with a HELO response, if any
+- The type of encryption used by your SMTP server
+- The no-reply email address to use in the `From` and `To` field for all notifications
+
+For more information about contacting support, see "[About {% data variables.contact.enterprise_support %}](/enterprise/admin/guides/enterprise-support/about-github-enterprise-support)."
+{% else %}
 ### Configuring SMTP
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}
@@ -120,7 +134,7 @@ This log shows that the appliance:
 * The `login` authentication type was performed (`<- "AUTH LOGIN\r\n"`).
 * The SMTP Server rejected the authentication as invalid (`-> "535-5.7.1 Username and Password not accepted.`).
 
-#### Check {% data variables.product.product_location_enterprise %} logs
+#### Check {% data variables.product.product_location %} logs
 
 If you need to verify that your inbound email is functioning, there are two logfiles that you can examine on your instance: To verify that */var/log/mail.log* and */var/log/mail-replies/metroplex.log*.
 
@@ -155,8 +169,9 @@ In order to properly process inbound emails, you must configure a valid A Record
 
 #### Check firewall or AWS Security Group settings
 
-If {% data variables.product.product_location_enterprise %} is behind a firewall or is being served through an AWS Security Group, make sure port 25 is open to all mail servers that send emails to `reply@reply.[hostname]`.
+If {% data variables.product.product_location %} is behind a firewall or is being served through an AWS Security Group, make sure port 25 is open to all mail servers that send emails to `reply@reply.[hostname]`.
 
 #### Contact support
 
 If you're still unable to resolve the problem, contact {% data variables.contact.contact_ent_support %}. Please attach the output file from `http(s)://[hostname]/setup/diagnostics` to your email to help us troubleshoot your problem.
+{% endif %}

content/admin/configuration/configuring-github-pages-for-your-enterprise.md

@@ -0,0 +1,68 @@
+---
+title: Configuring GitHub Pages for your enterprise
+intro: 'You can enable or disable {% data variables.product.prodname_pages %} for your enterprise and choose whether to make sites publicly accessible.'
+redirect_from:
+  - /enterprise/admin/guides/installation/disabling-github-enterprise-pages/
+  - /enterprise/admin/guides/installation/configuring-github-enterprise-pages/
+  - /enterprise/admin/installation/configuring-github-pages-on-your-appliance
+  - /enterprise/admin/configuration/configuring-github-pages-on-your-appliance
+  - /admin/configuration/configuring-github-pages-on-your-appliance
+  - /enterprise/admin/guides/installation/configuring-github-pages-for-your-enterprise/
+versions:
+  enterprise-server: '*'
+  github-ae: '*'
+---
+
+### Enabling public sites for {% data variables.product.prodname_pages %}
+
+{% if enterpriseServerVersions contains currentVersion %}If private mode is enabled on your enterprise, the {% else %}The {% endif %}public cannot access {% data variables.product.prodname_pages %} sites hosted by your enterprise unless you enable public sites.
+
+{% warning %}
+
+**Warning:** If you enable public sites for {% data variables.product.prodname_pages %}, every site in every repository on your enterprise will be accessible to the public.
+
+{% endwarning %}
+
+{% if enterpriseServerVersions contains currentVersion %}
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+{% data reusables.enterprise_site_admin_settings.management-console %}
+{% data reusables.enterprise_management_console.pages-tab %}
+4. Select **Public Pages**.
+  ![Checkbox to enable Public Pages](/assets/images/enterprise/management-console/public-pages-checkbox.png)
+{% data reusables.enterprise_management_console.save-settings %}
+{% elsif currentVersion == "github-ae@latest" %}
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.pages-tab %}
+5. Under "Pages policies", select **Public {% data variables.product.prodname_pages %}**.
+  ![Checkbox to enable public {% data variables.product.prodname_pages %}](/assets/images/enterprise/business-accounts/public-github-pages-checkbox.png)
+{% data reusables.enterprise-accounts.pages-policies-save %}
+{% endif %}
+
+### Disabling {% data variables.product.prodname_pages %} for your enterprise
+
+{% if enterpriseServerVersions contains currentVersion %}
+If subdomain isolation is disabled for your enterprise, you should also disable {% data variables.product.prodname_pages %} to protect yourself from potential security vulnerabilities. For more information, see "[Enabling subdomain isolation](/admin/configuration/enabling-subdomain-isolation)."
+{% endif %}
+
+{% if enterpriseServerVersions contains currentVersion %}
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+{% data reusables.enterprise_site_admin_settings.management-console %}
+{% data reusables.enterprise_management_console.pages-tab %}
+4. Unselect **Enable Pages**.
+  ![Checkbox to disable {% data variables.product.prodname_pages %}](/assets/images/enterprise/management-console/pages-select-button.png)
+{% data reusables.enterprise_management_console.save-settings %}
+{% elsif currentVersion == "github-ae@latest" %}
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.pages-tab %}
+5. Under "Pages policies", deselect **Enable {% data variables.product.prodname_pages %}**.
+  ![Checkbox to disable {% data variables.product.prodname_pages %}](/assets/images/enterprise/business-accounts/enable-github-pages-checkbox.png)
+{% data reusables.enterprise-accounts.pages-policies-save %}
+{% endif %}
+
+{% if enterpriseServerVersions contains currentVersion %}
+### Further reading
+
+- "[Enabling private mode](/admin/configuration/enabling-private-mode)"
+{% endif %}

content/admin/configuration/configuring-github-pages-on-your-appliance.md

@@ -1,43 +0,0 @@
----
-title: Configuring GitHub Pages on your appliance
-intro: 'You can enable or disable {% data variables.product.prodname_pages %} on your instance. You can also choose to make {% data variables.product.prodname_pages %} sites publicly accessible.'
-redirect_from:
-  - /enterprise/admin/guides/installation/disabling-github-enterprise-pages/
-  - /enterprise/admin/guides/installation/configuring-github-enterprise-pages/
-  - /enterprise/admin/installation/configuring-github-pages-on-your-appliance
-  - /enterprise/admin/configuration/configuring-github-pages-on-your-appliance
-versions:
-  enterprise-server: '*'
----
-
-### Making {% data variables.product.prodname_pages %} publicly accessible
-
-If private mode is enabled on your instance, the public cannot access {% data variables.product.prodname_pages %} sites hosted on {% data variables.product.product_location_enterprise %}.
-
-{% warning %}
-
-**Warning:** If you enable public {% data variables.product.prodname_pages %} sites, every {% data variables.product.prodname_pages %} site in every repository on your instance will be accessible to the public.
-
-{% endwarning %}
-
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.management-console %}
-{% data reusables.enterprise_management_console.pages-tab %}
-4. Select **Public Pages**.
-![Checkbox to enable Public Pages](/assets/images/enterprise/management-console/public-pages-checkbox.png)
-{% data reusables.enterprise_management_console.save-settings %}
-
-### Disabling {% data variables.product.prodname_pages %} on {% data variables.product.product_location_enterprise %}
-
-If subdomain isolation is disabled for {% data variables.product.product_location_enterprise %}, you should also disable {% data variables.product.prodname_pages %} to protect yourself from potential security vulnerabilities. For more information, see "[Enabling subdomain isolation](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-subdomain-isolation)."
-
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.management-console %}
-{% data reusables.enterprise_management_console.pages-tab %}
-4. Unselect **Enable Pages**.
-![Checkbox to disable {% data variables.product.prodname_pages %}](/assets/images/enterprise/management-console/pages-select-button.png)
-{% data reusables.enterprise_management_console.save-settings %}
-
-### Further reading
-
-- "[Enabling private mode](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-private-mode)"

content/admin/configuration/configuring-rate-limits.md

@@ -31,7 +31,7 @@ You can exempt a list of users from API rate limits using the `ghe-config` utili
 
 ### Enabling abuse rate limits
 
-Setting abuse rate limits protects the overall level of service on {% data variables.product.product_location_enterprise %}.
+Setting abuse rate limits protects the overall level of service on {% data variables.product.product_location %}.
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}

content/admin/configuration/configuring-tls.md

@@ -1,6 +1,6 @@
 ---
 title: Configuring TLS
-intro: 'You can configure Transport Layer Security (TLS) on {% data variables.product.product_location_enterprise %} so that you can use a certificate that is signed by a trusted certificate authority.'
+intro: 'You can configure Transport Layer Security (TLS) on {% data variables.product.product_location %} so that you can use a certificate that is signed by a trusted certificate authority.'
 redirect_from:
   - /enterprise/admin/articles/ssl-configuration/
   - /enterprise/admin/guides/installation/about-tls/
@@ -54,9 +54,9 @@ Let's Encrypt is a public certificate authority that issues free, automated TLS
 
 {% data reusables.enterprise_installation.lets-encrypt-prerequisites %}
 
-When you enable automation of TLS certificate management using Let's Encrypt, {% data variables.product.product_location_enterprise %} will contact the Let's Encrypt servers to obtain a certificate. To renew a certificate, Let's Encrypt servers must validate control of the configured domain name with inbound HTTP requests.
+When you enable automation of TLS certificate management using Let's Encrypt, {% data variables.product.product_location %} will contact the Let's Encrypt servers to obtain a certificate. To renew a certificate, Let's Encrypt servers must validate control of the configured domain name with inbound HTTP requests.
 
-You can also use the `ghe-ssl-acme` command line utility on {% data variables.product.product_location_enterprise %} to automatically generate a Let's Encrypt certificate. For more information, see "[Command-line utilities](/enterprise/{{ currentVersion }}/admin/guides/installation/command-line-utilities#ghe-ssl-acme)."
+You can also use the `ghe-ssl-acme` command line utility on {% data variables.product.product_location %} to automatically generate a Let's Encrypt certificate. For more information, see "[Command-line utilities](/enterprise/{{ currentVersion }}/admin/guides/installation/command-line-utilities#ghe-ssl-acme)."
 
 ### Configuring TLS using Let's Encrypt
 

content/admin/configuration/configuring-your-enterprise.md

@@ -1,6 +1,6 @@
 ---
 title: Configuring your enterprise
-intro: 'Once {% data variables.product.prodname_ghe_server %} is up and running, you can configure the appliance to suit your organization''s needs.'
+intro: "After {% data variables.product.product_name %} is up and running, you can configure your enterprise to suit your organization's needs."
 redirect_from:
   - /enterprise/admin/guides/installation/basic-configuration/
   - /enterprise/admin/guides/installation/administrative-tools/
@@ -11,5 +11,6 @@ redirect_from:
 mapTopic: true
 versions:
   enterprise-server: '*'
+  github-ae: '*'
 ---
 

content/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud.md

@@ -41,8 +41,7 @@ For more information about managing enterprise accounts using the GraphQL API, s
 ### Enabling {% data variables.product.prodname_github_connect %}
 
 1. Sign in to {% data variables.product.product_location_enterprise %} and {% data variables.product.prodname_dotcom_the_website %}.
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.business %}
+{% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.github-connect-tab %}
 5. Under "{% data variables.product.prodname_dotcom_the_website %} is not enabled yet", click **Enable {% data variables.product.prodname_github_connect %}**. By clicking **Enable {% data variables.product.prodname_github_connect %}**, you agree to the  <a href="/articles/github-connect-addendum-to-the-github-enterprise-license-agreement/" class="dotcom-only">{% data variables.product.prodname_github_connect %} Addendum to the {% data variables.product.prodname_enterprise %} License Agreement</a>.
@@ -54,8 +53,7 @@ For more information about managing enterprise accounts using the GraphQL API, s
 
 When you disconnect from {% data variables.product.prodname_ghe_cloud %}, the {% data variables.product.prodname_github_connect %} {% data variables.product.prodname_github_app %} is deleted from your enterprise account or organization and credentials stored on {% data variables.product.product_location_enterprise %} are deleted.
 
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.business %}
+{% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.github-connect-tab %}
 5. Next to the enterprise account or organization you'd like to disconnect, click **Disable {% data variables.product.prodname_github_connect %}**.

content/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server.md

@@ -1,6 +1,6 @@
 ---
 title: Enabling alerts for vulnerable dependencies on GitHub Enterprise Server
-intro: 'You can connect {% data variables.product.product_location_enterprise %} to {% data variables.product.prodname_ghe_cloud %} and enable {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_short %}{% else %}security{% endif %} alerts for vulnerable dependencies in repositories in your instance.'
+intro: 'You can connect {% data variables.product.product_location %} to {% data variables.product.prodname_ghe_cloud %} and enable {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_short %}{% else %}security{% endif %} alerts for vulnerable dependencies in repositories in your instance.'
 redirect_from:
   - /enterprise/admin/installation/enabling-security-alerts-for-vulnerable-dependencies-on-github-enterprise-server
   - /enterprise/admin/configuration/enabling-security-alerts-for-vulnerable-dependencies-on-github-enterprise-server
@@ -14,17 +14,17 @@ versions:
 
 {% data reusables.repositories.tracks-vulnerabilities %} For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
 
-You can connect {% data variables.product.product_location_enterprise %} to {% data variables.product.prodname_dotcom_the_website %}, then sync vulnerability data to your instance and generate {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_short %}{% else %}security{% endif %} alerts in repositories with a vulnerable dependency.
+You can connect {% data variables.product.product_location %} to {% data variables.product.prodname_dotcom_the_website %}, then sync vulnerability data to your instance and generate {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_short %}{% else %}security{% endif %} alerts in repositories with a vulnerable dependency.
 
-After connecting {% data variables.product.product_location_enterprise %} to {% data variables.product.prodname_dotcom_the_website %} and enabling {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_short %}{% else %}security{% endif %} alerts for vulnerable dependencies, vulnerability data is synced from {% data variables.product.prodname_dotcom_the_website %} to your instance once every hour. You can also choose to manually sync vulnerability data at any time. No code or information about code from {% data variables.product.product_location_enterprise %} is uploaded to {% data variables.product.prodname_dotcom_the_website %}.
+After connecting {% data variables.product.product_location %} to {% data variables.product.prodname_dotcom_the_website %} and enabling {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_short %}{% else %}security{% endif %} alerts for vulnerable dependencies, vulnerability data is synced from {% data variables.product.prodname_dotcom_the_website %} to your instance once every hour. You can also choose to manually sync vulnerability data at any time. No code or information about code from {% data variables.product.product_location %} is uploaded to {% data variables.product.prodname_dotcom_the_website %}.
 
-{% if currentVersion ver_gt "enterprise-server@2.21" %}When {% data variables.product.product_location_enterprise %} receives information about a vulnerability, it will identify repositories in your instance that use the affected version of the dependency and generate {% data variables.product.prodname_dependabot_short %} alerts. You can customize how you receive {% data variables.product.prodname_dependabot_short %} alerts. For more information, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies/#configuring-notifications-for-github-dependabot-alerts)."
+{% if currentVersion ver_gt "enterprise-server@2.21" %}When {% data variables.product.product_location %} receives information about a vulnerability, it will identify repositories in your instance that use the affected version of the dependency and generate {% data variables.product.prodname_dependabot_short %} alerts. You can customize how you receive {% data variables.product.prodname_dependabot_short %} alerts. For more information, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies/#configuring-notifications-for-github-dependabot-alerts)."
 {% endif %}
 
-{% if currentVersion == "enterprise-server@2.21" %}When {% data variables.product.product_location_enterprise %} receives information about a vulnerability, it will identify repositories in your instance that use the affected version of the dependency and generate security alerts. You can customize how you receive security alerts. For more information, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies/#configuring-notifications-for-security-alerts)."
+{% if currentVersion == "enterprise-server@2.21" %}When {% data variables.product.product_location %} receives information about a vulnerability, it will identify repositories in your instance that use the affected version of the dependency and generate security alerts. You can customize how you receive security alerts. For more information, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies/#configuring-notifications-for-security-alerts)."
 {% endif %}
 
-{% if currentVersion ver_lt "enterprise-server@2.21" %}When {% data variables.product.product_location_enterprise %} receives information about a vulnerability, it will identify repositories in your instance that use the affected version of the dependency and generate security alerts. You can customize how you receive security alerts. For more information, see "[Choosing the delivery method for your notifications](/github/receiving-notifications-about-activity-on-github/choosing-the-delivery-method-for-your-notifications#choosing-the-delivery-method-for-security-alerts-for-vulnerable-dependencies)."
+{% if currentVersion ver_lt "enterprise-server@2.21" %}When {% data variables.product.product_location %} receives information about a vulnerability, it will identify repositories in your instance that use the affected version of the dependency and generate security alerts. You can customize how you receive security alerts. For more information, see "[Choosing the delivery method for your notifications](/github/receiving-notifications-about-activity-on-github/choosing-the-delivery-method-for-your-notifications#choosing-the-delivery-method-for-security-alerts-for-vulnerable-dependencies)."
 {% endif %}
 
 {% if currentVersion ver_gt "enterprise-server@2.21" %}
@@ -33,9 +33,9 @@ After connecting {% data variables.product.product_location_enterprise %} to {%
 ### Enabling security alerts for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}
 {% endif %}
 
-Before enabling {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_short %}{% else %}security{% endif %} alerts for vulnerable dependencies on {% data variables.product.product_location_enterprise %}, you must connect {% data variables.product.product_location_enterprise %} to {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[Connecting {% data variables.product.prodname_ghe_server %} to {% data variables.product.prodname_ghe_cloud %}](/enterprise/{{ currentVersion }}/admin/guides/installation/connecting-github-enterprise-server-to-github-enterprise-cloud)."
+Before enabling {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_short %}{% else %}security{% endif %} alerts for vulnerable dependencies on {% data variables.product.product_location %}, you must connect {% data variables.product.product_location %} to {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[Connecting {% data variables.product.prodname_ghe_server %} to {% data variables.product.prodname_ghe_cloud %}](/enterprise/{{ currentVersion }}/admin/guides/installation/connecting-github-enterprise-server-to-github-enterprise-cloud)."
 
-{% if currentVersion ver_gt "enterprise-server@2.20" %} 
+{% if currentVersion ver_gt "enterprise-server@2.20" %}
 
 {% if currentVersion ver_gt "enterprise-server@2.21" %}We recommend configuring {% data variables.product.prodname_dependabot_short %} alerts without notifications for the first few days to avoid an overload of emails. After a few days, you can enable notifications to receive {% data variables.product.prodname_dependabot_short %} alerts as usual.{% endif %}
 
@@ -44,7 +44,7 @@ Before enabling {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data v
 {% endif %}
 
 {% data reusables.enterprise_site_admin_settings.sign-in %}
-1. In the administrative shell, enable the {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_short %}{% else %}security{% endif %} alerts for vulnerable dependencies on {% data variables.product.product_location_enterprise %}:
+1. In the administrative shell, enable the {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_short %}{% else %}security{% endif %} alerts for vulnerable dependencies on {% data variables.product.product_location %}:
  ``` shell
 $ ghe-dep-graph-enable
 ```
@@ -55,8 +55,7 @@ $ ghe-dep-graph-enable
    {% endnote %}
 
 3. Return to {% data variables.product.prodname_ghe_server %}.
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.business %}
+{% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.github-connect-tab %}{% if currentVersion ver_gt "enterprise-server@2.20" %}
 5. Under "Repositories can be scanned for vulnerabilities", use the drop-down menu and select **Enabled without notifications**. Optionally, to enable alerts with notifications, select **Enabled with notifications**.{% else %}
@@ -66,7 +65,7 @@ $ ghe-dep-graph-enable
 
 ### Viewing vulnerable dependencies on {% data variables.product.prodname_ghe_server %}
 
-You can view all vulnerabilities in {% data variables.product.product_location_enterprise %} and manually sync vulnerability data from {% data variables.product.prodname_dotcom_the_website %} to update the list.
+You can view all vulnerabilities in {% data variables.product.product_location %} and manually sync vulnerability data from {% data variables.product.prodname_dotcom_the_website %} to update the list.
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 2. In the left sidebar, click **Vulnerabilities**.

content/admin/configuration/enabling-and-scheduling-maintenance-mode.md

@@ -1,6 +1,6 @@
 ---
 title: Enabling and scheduling maintenance mode
-intro: 'Some standard maintenance procedures, such as upgrading {% data variables.product.product_location_enterprise %} or restoring backups, require the instance to be taken offline for normal use.'
+intro: 'Some standard maintenance procedures, such as upgrading {% data variables.product.product_location %} or restoring backups, require the instance to be taken offline for normal use.'
 redirect_from:
   - /enterprise/admin/maintenance-mode/
   - /enterprise/admin/categories/maintenance-mode/
@@ -16,7 +16,7 @@ versions:
 
 ### About maintenance mode
 
-Some types of operations require that you take {% data variables.product.product_location_enterprise %} offline and put it into maintenance mode:
+Some types of operations require that you take {% data variables.product.product_location %} offline and put it into maintenance mode:
 - Upgrading to a new version of {% data variables.product.prodname_ghe_server %}
 - Increasing CPU, memory, or storage resources allocated to the virtual machine
 - Migrating data from one virtual machine to another

content/admin/configuration/enabling-automatic-user-license-sync-between-github-enterprise-server-and-github-enterprise-cloud.md

@@ -19,8 +19,7 @@ You can also manually upload {% data variables.product.prodname_ghe_server %} us
 
 Before enabling license synchronization on {% data variables.product.product_location_enterprise %}, you must connect {% data variables.product.product_location_enterprise %} to {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[Connecting {% data variables.product.prodname_ghe_server %} to {% data variables.product.prodname_ghe_cloud %}](/enterprise/{{ currentVersion }}/admin/guides/installation/connecting-github-enterprise-server-to-github-enterprise-cloud)."
 
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.business %}
+{% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.github-connect-tab %}
 5. Under "Server can sync user license count and usage", use the drop-down menu and select **Enabled**.

content/admin/configuration/enabling-private-mode.md

@@ -11,11 +11,11 @@ versions:
   enterprise-server: '*'
 ---
 
-You must enable private mode if {% data variables.product.product_location_enterprise %} is publicly accessible over the Internet. In private mode, users cannot anonymously clone repositories over `git://`. If built-in authentication is also enabled, an administrator must invite new users to create an account on the instance. For more information, see "[Using built-in authentication](/enterprise/{{ currentVersion }}/admin/guides/user-management/using-built-in-authentication)."
+You must enable private mode if {% data variables.product.product_location %} is publicly accessible over the Internet. In private mode, users cannot anonymously clone repositories over `git://`. If built-in authentication is also enabled, an administrator must invite new users to create an account on the instance. For more information, see "[Using built-in authentication](/enterprise/{{ currentVersion }}/admin/guides/user-management/using-built-in-authentication)."
 
 {% data reusables.enterprise_installation.image-urls-viewable-warning %}
 
-With private mode enabled, you can allow unauthenticated Git operations (and anyone with network access to {% data variables.product.product_location_enterprise %}) to read a public repository's code on your instance with anonymous Git read access enabled. For more information, see "[Allowing admins to enable anonymous Git read access to public repositories](/enterprise/{{ currentVersion }}/admin/guides/user-management/allowing-admins-to-enable-anonymous-git-read-access-to-public-repositories)."
+With private mode enabled, you can allow unauthenticated Git operations (and anyone with network access to {% data variables.product.product_location %}) to read a public repository's code on your instance with anonymous Git read access enabled. For more information, see "[Allowing admins to enable anonymous Git read access to public repositories](/enterprise/{{ currentVersion }}/admin/guides/user-management/allowing-admins-to-enable-anonymous-git-read-access-to-public-repositories)."
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}

content/admin/configuration/enabling-subdomain-isolation.md

@@ -11,7 +11,7 @@ versions:
 
 ### About subdomain isolation
 
-Subdomain isolation mitigates cross-site scripting and other related vulnerabilities. For more information, see "[Cross-site scripting](http://en.wikipedia.org/wiki/Cross-site_scripting)" on Wikipedia. We highly recommend that you enable subdomain isolation on {% data variables.product.product_location_enterprise %}.
+Subdomain isolation mitigates cross-site scripting and other related vulnerabilities. For more information, see "[Cross-site scripting](http://en.wikipedia.org/wiki/Cross-site_scripting)" on Wikipedia. We highly recommend that you enable subdomain isolation on {% data variables.product.product_location %}.
 
 When subdomain isolation is enabled, {% data variables.product.prodname_ghe_server %} replaces several paths with subdomains.
 

content/admin/configuration/index.md

@@ -1,23 +1,35 @@
 ---
 title: Configuring GitHub Enterprise
 shortTitle: Configuring GitHub Enterprise
-intro: 'Once {% data variables.product.prodname_ghe_server %} is installed and set up, you can configure the appliance to suit your organization''s needs.'
+intro: "You can configure your enterprise to suit your organization's needs."
 redirect_from:
   - /enterprise/admin/configuration
 versions:
   enterprise-server: '*'
+  github-ae: '*'
 ---
 
+{% if currentVersion ver_gt "enterprise-server@2.21" %}
+{% note %}
+
+**Note:** To configure {% data variables.product.prodname_actions %} or {% data variables.product.prodname_registry %} for your enterprise, see "[Managing GitHub Actions for your enterprise](/admin/github-actions)" or "[Managing GitHub Packages for your enterprise](/admin/packages)."
+
+{% endnote %}
+{% endif %}
 
 ### Table of Contents
 
 {% topic_link_in_list /configuring-your-enterprise %}
+    {% link_in_list /about-enterprise-configuration %}
+    {% link_in_list /initializing-github-ae %}
     {% link_in_list /accessing-the-management-console %}
     {% link_in_list /accessing-the-administrative-shell-ssh %}
+    {% link_in_list /configuring-data-encryption-for-your-enterprise %}
     {% link_in_list /enabling-and-scheduling-maintenance-mode %}
     {% link_in_list /configuring-backups-on-your-appliance %}
     {% link_in_list /site-admin-dashboard %}
     {% link_in_list /enabling-private-mode %}
+    {% link_in_list /configuring-email-for-notifications %}
     {% link_in_list /configuring-rate-limits %}
 <!-- if currentVersion ver_gt "enterprise-server@2.15" -->
     {% link_in_list /configuring-applications %}
@@ -25,7 +37,8 @@ versions:
     {% link_in_list /troubleshooting-ssl-errors %}
     {% link_in_list /configuring-time-synchronization %}
     {% link_in_list /command-line-utilities %}
-    {% link_in_list /configuring-github-pages-on-your-appliance %}
+    {% link_in_list /restricting-network-traffic-to-your-enterprise %}
+    {% link_in_list /configuring-github-pages-for-your-enterprise %}
 {% topic_link_in_list /configuring-network-settings %}
     {% link_in_list /configuring-the-ip-address-using-the-virtual-machine-console %}
     {% link_in_list /configuring-dns-nameservers %}
@@ -49,11 +62,3 @@ versions:
 {% topic_link_in_list /configuring-advanced-security-features %}
     {% link_in_list /configuring-code-scanning-for-your-appliance %}
 <!-- endif -->
-
-{% if currentVersion ver_gt "enterprise-server@2.21" %}
-{% note %}
-
-**Note:** To configure {% data variables.product.prodname_actions %} or {% data variables.product.prodname_registry %} for your enterprise, see "[Managing GitHub Actions for your enterprise](/admin/github-actions)" or "[Managing GitHub Packages for your enterprise](/admin/packages)."
-
-{% endnote %}
-{% endif %}

content/admin/configuration/initializing-github-ae.md

@@ -0,0 +1,94 @@
+---
+title: Initializing GitHub AE
+intro: 'To get your enterprise ready to use, you can complete the initial configuration of {% data variables.product.product_name %}.'
+versions:
+  github-ae: '*'
+---
+
+### About initialization
+
+Before you can initialize your enterprise, you must purchase {% data variables.product.product_name %}. For more information, contact {% data variables.contact.contact_enterprise_sales %}.
+
+After you purchase {% data variables.product.product_name %}, we'll ask you to provide an email address and username for the person you want to initialize the enterprise. Your dedicated technical account manager in {% data variables.contact.enterprise_support %} will create an account for the enterprise owner and send the enterprise owner an email to log into {% data variables.product.product_name %} and complete the initialization. Make sure the information you provide matches the intended enterprise owner's information in the IdP. For more information about enterprise owners, see "[Roles in an enterprise](/github/setting-up-and-managing-your-enterprise/roles-in-an-enterprise#enterprise-owner)."
+
+During initialization, the enterprise owner will name your enterprise, configure SAML SSO, create policies for all organizations in your enterprise, and configure a support contact for your users.
+
+### Prerequisites
+
+{% note %}
+
+**Note**: Before you begin initialization, store the initial username and password for {% data variables.product.prodname_ghe_managed %} securely in a password manager. {% data reusables.saml.contact-support-if-your-idp-is-unavailable %}
+
+{% endnote %}
+
+1. To initialize {% data variables.product.product_location %}, you must have a SAML identity provider (IdP). {% data reusables.saml.ae-uses-saml-sso %} To connect your IdP to your enterprise during initialization, you should have your IdP's Entity ID (SSO) URL, Issuer ID URL, and public signing certificate (Base64-encoded). For more information, see "[About identity and access management for your enterprise](/admin/authentication/about-identity-and-access-management-for-your-enterprise)."
+    
+    {% note %}
+    
+    **Note**: {% data reusables.saml.create-a-machine-user %}
+
+    {% endnote %}
+
+2. {% data reusables.saml.assert-the-administrator-attribute %}
+
+### Signing in and naming your enterprise
+
+1. Follow the instructions in your welcome email to reach your enterprise.
+2. Type your credentials under "Change password", then click **Change password**.
+3. Under "What would you like your enterprise account to be named?", type the enterprise's name, then click **Save and continue**.
+  !["Save and continue" button for naming an enterprise](/assets/images/enterprise/configuration/ae-enterprise-configuration.png)
+
+### Connecting your IdP to your enterprise
+
+To configure authentication for {% data variables.product.product_name %}, you must provide {% data variables.product.product_name %} with the details for your SAML IdP. {% data variables.product.company_short %} recommends using Azure AD as your IdP. For more information, see "[Configuring authentication and provisioning with your identity provider](/admin/authentication/configuring-authentication-and-provisioning-with-your-identity-provider)."
+
+1. To the right of "Set up your identity provider", click **Configure**.
+  !["Configure" button for IdP configuration](/assets/images/enterprise/configuration/ae-idp-configure.png)
+1. Under "Sign on URL", copy and paste the URL for your SAML IdP.
+  ![Text field for SAML IdP's sign-on URL](/assets/images/enterprise/configuration/ae-idp-sign-on-url.png)
+1. Under "Issuer", copy and paste the issuer URL for your SAML IdP.
+  ![Text field for SAML IdP's issuer URL](/assets/images/enterprise/configuration/ae-idp-issuer-url.png)
+1. Under "Public certificate", copy and paste the public certificate for your SAML IdP.
+  ![Text field for SAML IdP's public certificate](/assets/images/enterprise/configuration/ae-idp-public-certificate.png)
+1. Click **Test SAML configuration** to ensure that the information you've entered is correct.
+  !["Test SAML configuration" button](/assets/images/enterprise/configuration/ae-test-saml-configuration.png)
+1. Click **Save**.
+  !["Save" button for IdP configuration](/assets/images/enterprise/configuration/ae-save.png)
+
+### Setting your enterprise policies
+
+Configuring policies will set limitations for repository and organization management for your enterprise. These can be reconfigured after the initialization process.
+
+1. To the right of "Set your enterprise policies", click **Configure**.
+  !["Configure" button for policies configuration](/assets/images/enterprise/configuration/ae-policies-configure.png)
+2. Under "Default Repository Permissions", use the drop-down menu and click a default permissions level for repositories in your enterprise. If a person has multiple avenues of access to an organization, either individually, through a team, or as an organization member, the highest permission level overrides any lower permission levels. Optionally, to allow organizations within your enterprise to set their default repository permissions, click **No policy**
+  ![Drop-down menu for default repository permissions options](/assets/images/enterprise/configuration/ae-repository-permissions-menu.png)
+3. Under "Repository creation", choose whether you want to allow members to create repositories. Optionally, to allow organizations within your enterprise to set permissions, click **No policy**.
+  !["Members can create repositories" button for enterprise policies configuration](/assets/images/enterprise/configuration/ae-repository-creation-permissions.png)
+4. Under "Repository forking", choose whether to allow forking of private and internal repositories. Optionally, to allow organizations within your enterprise to set permissions, click **No policy**
+  ![Drop-down menu for repository forking permissions options](/assets/images/enterprise/configuration/ae-repository-forking-menu.png)
+5. Under "Repository invitations", choose whether members or organization owners can invite collaborators to repositories. Optionally, to allow organizations within your enterprise to set permissions, click **No policy**
+  ![Drop-down menu for repository invitation permissions options](/assets/images/enterprise/configuration/ae-repository-invitations-menu.png)
+6. Under "Default repository visibility", use the drop-down menu and click the default visibility setting for new repositories.
+  ![Drop-down menu for default repository visibility options](/assets/images/enterprise/configuration/ae-repository-visibility-menu.png)
+7. Under "Users can create organizations", use the drop-down menu to enable or disable organization creation access for members of the enterprise.
+  ![Drop-down menu for organization creation permissions options](/assets/images/enterprise/configuration/ae-organization-creation-permissions-menu.png)
+8. Under "Force pushes", use the drop-down menu and choose whether to allow or block force pushes.
+  ![Drop-down menu for force pushes configuration options](/assets/images/enterprise/configuration/ae-force-pushes-configuration-menu.png)
+9. Under "Git SSH access", use the drop-down menu and choose whether to enable Git SSH access for all repositories in the enterprise.
+  ![Drop-down menu for Git SSH access options](/assets/images/enterprise/configuration/ae-git-ssh-access-menu.png)
+10. Click **Save**
+  !["Save" button for enterprise policies configuration](/assets/images/enterprise/configuration/ae-save.png)
+11. Optionally, to reset all selections, click "Reset to default policies".
+  ![Link to reset all default policies](/assets/images/enterprise/configuration/ae-reset-default-options.png)
+
+### Setting your internal support contact
+
+You can configure the method your users will use to contact your internal support team. This can be reconfigured after the initialization process.
+
+1. To the right of "Internal support contact", click **Configure**.
+  !["Configure" button for internal support contact configuration](/assets/images/enterprise/configuration/ae-support-configure.png)
+2. Under "Internal support contact", select the method for users of your enterprise to contact support, through a URL or an e-mail address. Then, type the support contact information.
+  ![Text field for internal support contact URL](/assets/images/enterprise/configuration/ae-support-link-url.png)
+3. Click **Save**.
+  !["Save" button for enterprise support contact configuration](/assets/images/enterprise/configuration/ae-save.png)

content/admin/configuration/network-ports.md

@@ -14,13 +14,13 @@ versions:
 
 ### Administrative ports
 
-Some administrative ports are required to configure {% data variables.product.product_location_enterprise %} and run certain features. Administrative ports are not required for basic application use by end users.
+Some administrative ports are required to configure {% data variables.product.product_location %} and run certain features. Administrative ports are not required for basic application use by end users.
 
 | Port | Service | Description |
 |---|---|---|
 | 8443 | HTTPS | Secure web-based {% data variables.enterprise.management_console %}. Required for basic installation and configuration. |
 | 8080 | HTTP | Plain-text web-based {% data variables.enterprise.management_console %}. Not required unless SSL is disabled manually. |
-| 122 | SSH | Shell access for {% data variables.product.product_location_enterprise %}. Required to be open to incoming connections from all other nodes in a High Availability configuration. The default SSH port (22) is dedicated to Git and SSH application network traffic. |
+| 122 | SSH | Shell access for {% data variables.product.product_location %}. Required to be open to incoming connections from all other nodes in a High Availability configuration. The default SSH port (22) is dedicated to Git and SSH application network traffic. |
 | 1194/UDP | VPN | Secure replication network tunnel in High Availability configuration. Required to be open to all other nodes in the configuration.|
 | 123/UDP| NTP | Required for time protocol operation. |
 | 161/UDP | SNMP | Required for network monitoring protocol operation. |

content/admin/configuration/restricting-network-traffic-to-your-enterprise.md

@@ -0,0 +1,11 @@
+---
+title: Restricting network traffic to your enterprise
+shortTitle: Restricting network traffic
+intro: 'You can restrict access to your enterprise to connections from specified IP addresses.'
+versions:
+  github-ae: '*'
+---
+
+By default, authorized users can access your enterprise from any IP address. You can restrict access to specific IP addresses such as your physical office locations by contacting support.
+
+Contact {% data variables.contact.github_support %} with the IP addresses that should be allowed to access your enterprise. Specify address ranges using the standard CIDR (Classless Inter-Domain Routing) format. {% data variables.contact.github_support %} will configure the appropriate firewall rules for your enterprise to restrict network access over HTTP, SSH, HTTPS, and SMTP. For more information, see "[Receiving help from {% data variables.contact.github_support %}](/enterprise/admin/guides/enterprise-support/receiving-help-from-github-support)."

content/admin/configuration/site-admin-dashboard.md

@@ -1,6 +1,6 @@
 ---
 title: Site admin dashboard
-intro: 'The site admin dashboard provides a number of tools to help you manage {% data variables.product.product_location_enterprise %}.'
+intro: '{% data reusables.enterprise_site_admin_settings.about-the-site-admin-dashboard %}'
 redirect_from:
   - /enterprise/admin/articles/site-admin-dashboard/
   - /enterprise/admin/installation/site-admin-dashboard
@@ -46,7 +46,7 @@ For more information on audit logging in general, see "[Audit logging](/enterpri
 
 ### Reports
 
-If you need to get information on the users, organizations, and repositories in {% data variables.product.product_location_enterprise %}, you would ordinarily fetch JSON data through the [GitHub API](/rest). Unfortunately, the API may not provide all of the data that you want and it requires a bit of technical expertise to use. The site admin dashboard offers a **Reports** section as an alternative, making it easy for you to download CSV reports with most of the information that you are likely to need for users, organizations, and repositories.
+If you need to get information on the users, organizations, and repositories in {% data variables.product.product_location %}, you would ordinarily fetch JSON data through the [GitHub API](/rest). Unfortunately, the API may not provide all of the data that you want and it requires a bit of technical expertise to use. The site admin dashboard offers a **Reports** section as an alternative, making it easy for you to download CSV reports with most of the information that you are likely to need for users, organizations, and repositories.
 
 Specifically, you can download CSV reports that list
 
@@ -152,7 +152,7 @@ In other words, repair jobs are started as needed and run in the background—th
 
 Furthermore, repair jobs use a "repair offset" for parallelization. This is an offset into the database table for the record being reconciled. Multiple background jobs can synchronize work based on this offset.
 
-A progress bar shows the current status of a repair job across all of its background workers. It is the percentage difference of the repair offset with the highest record ID in the database. Don't worry about the value shown in the progress bar after a repair job has completed: because it shows the difference between the repair offset and the highest record ID in the database, it will decrease as more repositories are added to {% data variables.product.product_location_enterprise %} even though those repositories are actually indexed.
+A progress bar shows the current status of a repair job across all of its background workers. It is the percentage difference of the repair offset with the highest record ID in the database. Don't worry about the value shown in the progress bar after a repair job has completed: because it shows the difference between the repair offset and the highest record ID in the database, it will decrease as more repositories are added to {% data variables.product.product_location %} even though those repositories are actually indexed.
 
 You can start a new code-search index repair job at any time. It will use a single CPU as it reconciles the search index with database and Git repository data. To minimize the effects this will have on I/O performance and reduce the chances of operations timing out, try to run a repair job during off-peak hours first. Monitor your system's load averages and CPU usage with a utility like `top`; if you don't notice any significant changes, it should be safe to run an index repair job during peak hours, as well.
 
@@ -176,7 +176,7 @@ Refer to this section of the site admin dashboard to manage organizations, peopl
 
 ### Repositories
 
-This is a list of the repositories on {% data variables.product.product_location_enterprise %}. You can click on a repository name and access functions for administering the repository.
+This is a list of the repositories on {% data variables.product.product_location %}. You can click on a repository name and access functions for administering the repository.
 
 - [Blocking force pushes to a repository](/enterprise/{{ currentVersion }}/admin/guides/developer-workflow/blocking-force-pushes-to-a-repository/)
 - [Configuring {% data variables.large_files.product_name_long %}](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-git-large-file-storage/#configuring-git-large-file-storage-for-an-individual-repository)
@@ -184,17 +184,17 @@ This is a list of the repositories on {% data variables.product.product_location
 
 ### All users
 
-Here you can see all of the users on {% data variables.product.product_location_enterprise %}—, and [initiate an SSH key audit](/enterprise/{{ currentVersion }}/admin/guides/user-management/auditing-ssh-keys).
+Here you can see all of the users on {% data variables.product.product_location %}—, and [initiate an SSH key audit](/enterprise/{{ currentVersion }}/admin/guides/user-management/auditing-ssh-keys).
 
 ### Site admins
 
-Here you can see all of the administrators on {% data variables.product.product_location_enterprise %}, and [initiate an SSH key audit](/enterprise/{{ currentVersion }}/admin/guides/user-management/auditing-ssh-keys).
+Here you can see all of the administrators on {% data variables.product.product_location %}, and [initiate an SSH key audit](/enterprise/{{ currentVersion }}/admin/guides/user-management/auditing-ssh-keys).
 
 ### Dormant users
 
-Here you can see and [suspend](/enterprise/{{ currentVersion }}/admin/guides/user-management/suspending-and-unsuspending-users) all of the inactive users on {% data variables.product.product_location_enterprise %}. A user account is considered to be inactive ("dormant") when it:
+Here you can see and [suspend](/enterprise/{{ currentVersion }}/admin/guides/user-management/suspending-and-unsuspending-users) all of the inactive users on {% data variables.product.product_location %}. A user account is considered to be inactive ("dormant") when it:
 
-- Has existed for longer than the dormancy threshold that's set for {% data variables.product.product_location_enterprise %}.
+- Has existed for longer than the dormancy threshold that's set for {% data variables.product.product_location %}.
 - Has not generated any activity within that time period.
 - Is not a site administrator.
 
@@ -202,4 +202,4 @@ Here you can see and [suspend](/enterprise/{{ currentVersion }}/admin/guides/use
 
 ### Suspended users
 
-Here you can see all of the users who have been suspended on {% data variables.product.product_location_enterprise %}, and [initiate an SSH key audit](/enterprise/{{ currentVersion }}/admin/guides/user-management/auditing-ssh-keys).
+Here you can see all of the users who have been suspended on {% data variables.product.product_location %}, and [initiate an SSH key audit](/enterprise/{{ currentVersion }}/admin/guides/user-management/auditing-ssh-keys).

content/admin/configuration/troubleshooting-ssl-errors.md

@@ -39,7 +39,7 @@ Otherwise, you can use the SSL Converter tool to convert your certificate into t
 
 ### Unresponsive installation after uploading a key
 
-If {% data variables.product.product_location_enterprise %} is unresponsive after uploading an SSL key, please [contact {% data variables.product.prodname_enterprise %} Support](https://enterprise.github.com/support) with specific details, including a copy of your SSL certificate.
+If {% data variables.product.product_location %} is unresponsive after uploading an SSL key, please [contact {% data variables.product.prodname_enterprise %} Support](https://enterprise.github.com/support) with specific details, including a copy of your SSL certificate.
 
 ### Certificate validity errors
 

content/admin/configuration/using-github-enterprise-server-with-a-load-balancer.md

@@ -21,7 +21,7 @@ Because client connections to {% data variables.product.prodname_ghe_server %} c
 
 {% data reusables.enterprise_clustering.proxy_xff_firewall_warning %}
 
-#### Enabling PROXY protocol support on {% data variables.product.product_location_enterprise %}
+#### Enabling PROXY protocol support on {% data variables.product.product_location %}
 
 We strongly recommend enabling PROXY protocol support for both your appliance and the load balancer. Use the instructions provided by your vendor to enable the PROXY protocol on your load balancer. For more information, see [the PROXY protocol documentation](http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt).
 
@@ -34,7 +34,7 @@ We strongly recommend enabling PROXY protocol support for both your appliance an
 
 {% data reusables.enterprise_clustering.proxy_protocol_ports %}
 
-#### Enabling X-Forwarded-For support on {% data variables.product.product_location_enterprise %}
+#### Enabling X-Forwarded-For support on {% data variables.product.product_location %}
 
 {% data reusables.enterprise_clustering.x-forwarded-for %}
 

content/admin/configuration/validating-your-domain-settings.md

@@ -1,6 +1,6 @@
 ---
 title: Validating your domain settings
-intro: 'Ensure that your domain settings are properly configured before booting up {% data variables.product.product_location_enterprise %} for the first time.'
+intro: 'Ensure that your domain settings are properly configured before booting up {% data variables.product.product_location %} for the first time.'
 redirect_from:
   - /enterprise/admin/installation/validating-your-domain-settings
   - /enterprise/admin/configuration/validating-your-domain-settings

content/admin/enterprise-management/accessing-the-monitor-dashboard.md

@@ -19,7 +19,7 @@ versions:
 
 {% note %}
 
-**Note**: Because regularly polling {% data variables.product.product_location_enterprise %} with continuous integration (CI) or build servers can effectively cause a denial of service attack that results in problems, we recommend using webhooks to push updates. For more information, see "[About webhooks](/enterprise/{{ currentVersion }}/user/articles/about-webhooks/)".
+**Note**: Because regularly polling {% data variables.product.product_location %} with continuous integration (CI) or build servers can effectively cause a denial of service attack that results in problems, we recommend using webhooks to push updates. For more information, see "[About webhooks](/enterprise/{{ currentVersion }}/user/articles/about-webhooks/)".
 
 {% endnote %}
 

content/admin/enterprise-management/configuring-collectd.md

@@ -10,7 +10,7 @@ versions:
 ---
 ### Set up an external `collectd` server
 
-If you haven't already set up an external `collectd` server, you will need to do so before enabling `collectd` forwarding on {% data variables.product.product_location_enterprise %}. Your `collectd` server must by running `collectd` version 5.x or higher.
+If you haven't already set up an external `collectd` server, you will need to do so before enabling `collectd` forwarding on {% data variables.product.product_location %}. Your `collectd` server must by running `collectd` version 5.x or higher.
 
 1. Log into your `collectd` server.
 2. Create or edit the `collectd` configuration file to load the network plugin and populate the server and port directives with the proper values. On most distributions, this is located at `/etc/collectd/collectd.conf`
@@ -52,6 +52,6 @@ ssh -p 122 admin@[hostname] -- 'ghe-export-graphs' && scp -P 122 admin@[hostname
 
 #### Central collectd server receives no data
 
-{% data variables.product.prodname_enterprise %} ships with `collectd` version 5.x. `collectd` 5.x is not backwards compatible with the 4.x release series. Your central `collectd` server needs to be at least version 5.x to accept data sent from {% data variables.product.product_location_enterprise %}.
+{% data variables.product.prodname_enterprise %} ships with `collectd` version 5.x. `collectd` 5.x is not backwards compatible with the 4.x release series. Your central `collectd` server needs to be at least version 5.x to accept data sent from {% data variables.product.product_location %}.
 
 For help with further questions or issues, contact {% data variables.contact.contact_ent_support %}.

content/admin/enterprise-management/enabling-automatic-update-checks.md

@@ -1,6 +1,6 @@
 ---
 title: Enabling automatic update checks
-intro: 'You can enable automatic update checks so that {% data variables.product.product_location_enterprise %} checks for and downloads the latest {% data variables.product.prodname_ghe_server %} release.'
+intro: 'You can enable automatic update checks so that {% data variables.product.product_location %} checks for and downloads the latest {% data variables.product.prodname_ghe_server %} release.'
 redirect_from:
   - /enterprise/admin/installation/enabling-automatic-update-checks
   - /enterprise/admin/enterprise-management/enabling-automatic-update-checks
@@ -8,13 +8,13 @@ versions:
   enterprise-server: '*'
 ---
 
-When an upgrade package is automatically downloaded for {% data variables.product.product_location_enterprise %}, you'll receive a message letting you know you can upgrade {% data variables.product.prodname_ghe_server %}. Packages download to the `/var/lib/ghe-updates` directory on {% data variables.product.product_location_enterprise %}. For more information, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/guides/installation/upgrading-github-enterprise-server)."
+When an upgrade package is automatically downloaded for {% data variables.product.product_location %}, you'll receive a message letting you know you can upgrade {% data variables.product.prodname_ghe_server %}. Packages download to the `/var/lib/ghe-updates` directory on {% data variables.product.product_location %}. For more information, see "[Upgrading {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/guides/installation/upgrading-github-enterprise-server)."
 
 If a hotpatch is available for an upgrade, the `.hpkg` will download automatically. In the management console you can choose to install the hotpatch immediately or schedule installation for a later time. For more information, see "[Upgrading with a hotpatch](/enterprise/{{ currentVersion }}/admin/guides/installation/upgrading-github-enterprise-server#upgrading-with-a-hotpatch)."
 
 {% tip %}
 
-**Tip:** To enable automatic update checks, {% data variables.product.product_location_enterprise %} must be able to connect to `https://github-enterprise.s3.amazonaws.com`.
+**Tip:** To enable automatic update checks, {% data variables.product.product_location %} must be able to connect to `https://github-enterprise.s3.amazonaws.com`.
 
 {% endtip %}
 

content/admin/enterprise-management/increasing-cpu-or-memory-resources.md

@@ -20,7 +20,7 @@ versions:
 
 #### Resizing considerations
 
-Before increasing CPU or memory resources for {% data variables.product.product_location_enterprise %}, review the following recommendations.
+Before increasing CPU or memory resources for {% data variables.product.product_location %}, review the following recommendations.
 
 - **Scale your memory with CPUs**. {% data reusables.enterprise_installation.increasing-cpus-req %}
 - **Assign an Elastic IP address to the instance**. If you haven't assigned an Elastic IP to your instance, you'll have to adjust the DNS A records for your {% data variables.product.prodname_ghe_server %} host after the restart to account for the change in public IP address. Once your instance restarts, the instance keeps the Elastic IP if you launched the instance in a virtual private cloud (VPC). If you create the instance in an EC2-Classic network, you must manually reassign the Elastic IP to the instance.
@@ -64,7 +64,7 @@ It's not possible to add CPU or memory resources to an existing OpenStack KVM in
 {% data reusables.enterprise_installation.increasing-cpus-req %}
 
 1. Use the vSphere Client to connect to the VMware ESXi host.
-2. Shut down {% data variables.product.product_location_enterprise %}.
+2. Shut down {% data variables.product.product_location %}.
 3. Select the virtual machine and click **Edit Settings**.
 4. Under "Hardware", adjust the CPU and/or memory resources allocated to the virtual machine as needed:
 ![VMware setup resources](/assets/images/enterprise/vmware/vsphere-hardware-tab.png)

content/admin/enterprise-management/increasing-storage-capacity.md

@@ -10,7 +10,7 @@ versions:
 
 {% data reusables.enterprise_installation.warning-on-upgrading-physical-resources %}
 
-As more users join {% data variables.product.product_location_enterprise %}, you may need to resize your storage volume. Refer to the documentation for your virtualization platform for information on resizing storage.
+As more users join {% data variables.product.product_location %}, you may need to resize your storage volume. Refer to the documentation for your virtualization platform for information on resizing storage.
 
 ### Requirements and recommendations
 

content/admin/enterprise-management/index.md

@@ -15,7 +15,6 @@ versions:
     {% link_in_list /recommended-alert-thresholds %}
     {% link_in_list /setting-up-external-monitoring %}
     {% link_in_list /configuring-collectd %}
-    {% link_in_list /log-forwarding %}
     {% link_in_list /monitoring-using-snmp %}
 {% topic_link_in_list /updating-the-virtual-machine-and-physical-resources %}
     {% link_in_list /upgrade-requirements %}

content/admin/enterprise-management/log-forwarding.md

@@ -1,24 +0,0 @@
----
-title: Log forwarding
-intro: '{% data variables.product.prodname_enterprise %} uses `syslog-ng` to forward system and application logs to the server you specify in the {% data variables.enterprise.management_console %} settings.'
-redirect_from:
-  - /enterprise/admin/articles/log-forwarding/
-  - /enterprise/admin/installation/log-forwarding
-  - /enterprise/admin/enterprise-management/log-forwarding
-versions:
-  enterprise-server: '*'
----
-Any log collection system that supports syslog-style log streams is supported (e.g., [Logstash](http://logstash.net/) and [Splunk](http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports)).
-
-### Enabling log forwarding
-
-1. On the {% data variables.enterprise.management_console %} settings page, in the left sidebar, click **Monitoring**.
-1. Select **Enable log forwarding**.
-1. In the **Server address** field, type the address of the server to which you want to forward logs. You can specify multiple addresses in a comma-separated list.
-1. In the Protocol drop-down menu, select the protocol to use to communicate with the log server. The protocol will apply to all specified log destinations.
-1. Select **Enable TLS**.
-1. Click **Choose File** and choose a CA certificate to encrypt communication between syslog endpoints. The entire certificate chain will be validated, and must terminate in a root certificate. For more information, see [TLS options in the syslog-ng documentation](https://support.oneidentity.com/technical-documents/syslog-ng-open-source-edition/3.16/administration-guide/56#TOPIC-956599).
-
-### Troubleshooting
-
-If you run into issues with log forwarding, contact {% data variables.contact.contact_ent_support %} and attach the output file from `http(s)://[hostname]/setup/diagnostics` to your email.

content/admin/enterprise-management/monitoring-using-snmp.md

@@ -9,7 +9,7 @@ versions:
   enterprise-server: '*'
 ---
 
-SNMP is a common standard for monitoring devices over a network. We strongly recommend enabling SNMP so you can monitor the health of {% data variables.product.product_location_enterprise %} and know when to add more memory, storage, or processor power to the host machine.
+SNMP is a common standard for monitoring devices over a network. We strongly recommend enabling SNMP so you can monitor the health of {% data variables.product.product_location %} and know when to add more memory, storage, or processor power to the host machine.
 
 {% data variables.product.prodname_enterprise %} has a standard SNMP installation, so you can take advantage of the [many plugins](http://www.monitoring-plugins.org/doc/man/check_snmp.html) available for Nagios or for any other monitoring system.
 
@@ -29,7 +29,7 @@ SNMP is a common standard for monitoring devices over a network. We strongly rec
   $ snmpget -v 2c -c <em>community-string</em> -O e <em>hostname</em> hrSystemDate.0
   ```
 
-This should return the system time on {% data variables.product.product_location_enterprise %} host.
+This should return the system time on {% data variables.product.product_location %} host.
 
 ### User-based security