Merge pull request #35098 from github/repo-sync

Repo sync

content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md

@@ -127,9 +127,9 @@ Email notifications from {% data variables.product.prodname_dotcom %} contain he
 
 | Header | Information |
 | --- | --- |
-| `From` address | This address will always be {% ifversion fpt or ghec %}`notifications@github.com`{% else %}'the no-reply email address configured by your site administrator'{% endif %}. |
+| `From` address | This address will always be {% ifversion fpt %}`notifications@github.com`{% elsif ghec %}`notifications@github.com` or `notifications@SUBDOMAIN.ghe.com`{% else %}the no-reply email address configured by your site administrator{% endif %}. |
 | `To` field | This field connects directly to the thread. If you reply to the email, you'll add a new comment to the conversation. |
-| `Cc` address | {% data variables.product.product_name %} will `Cc` you if you're subscribed to a conversation. The second `Cc` email address matches the notification reason. The suffix for these notification reasons is {% ifversion fpt or ghec %}`@noreply.github.com`{% else %}based on the no-reply email address configured by your site administrator{% endif %}. The possible notification reasons are: <ul><li>`assign`: You were assigned to an issue or pull request.</li><li>`author`: You created an issue or pull request.</li><li>`ci_activity`: A {% data variables.product.prodname_actions %} workflow run that you triggered was completed.</li><li>`comment`: You commented on an issue or pull request.</li><li>`manual`: There was an update to an issue or pull request you manually subscribed to.</li><li>`mention`: You were mentioned on an issue or pull request.</li><li>`push`: Someone committed to a pull request you're subscribed to.</li><li>`review_requested`: You or a team you're a member of was requested to review a pull request.</li><li>`security_alert`: {% data variables.product.prodname_dotcom %} detected a vulnerability in a repository you receive alerts for.</li><li>`state_change`: An issue or pull request you're subscribed to was either closed or opened.</li><li>`subscribed`: There was an update in a repository you're watching.</li><li>`team_mention`: A team you belong to was mentioned on an issue or pull request.</li><li>`your_activity`: You opened, commented on, or closed an issue or pull request.</li></ul> |
+| `Cc` address | {% data variables.product.product_name %} will `Cc` you if you're subscribed to a conversation. The second `Cc` email address matches the notification reason. The suffix for these notification reasons is {% ifversion fpt %}`@noreply.github.com`{% elsif ghec %}`@noreply.github.com` or `@noreply.SUBDOMAIN.ghe.com`{% else %}based on the no-reply email address configured by your site administrator{% endif %}. The possible notification reasons are: <ul><li>`assign`: You were assigned to an issue or pull request.</li><li>`author`: You created an issue or pull request.</li><li>`ci_activity`: A {% data variables.product.prodname_actions %} workflow run that you triggered was completed.</li><li>`comment`: You commented on an issue or pull request.</li><li>`manual`: There was an update to an issue or pull request you manually subscribed to.</li><li>`mention`: You were mentioned on an issue or pull request.</li><li>`push`: Someone committed to a pull request you're subscribed to.</li><li>`review_requested`: You or a team you're a member of was requested to review a pull request.</li><li>`security_alert`: {% data variables.product.prodname_dotcom %} detected a vulnerability in a repository you receive alerts for.</li><li>`state_change`: An issue or pull request you're subscribed to was either closed or opened.</li><li>`subscribed`: There was an update in a repository you're watching.</li><li>`team_mention`: A team you belong to was mentioned on an issue or pull request.</li><li>`your_activity`: You opened, commented on, or closed an issue or pull request.</li></ul> |
 | `List-Id` field | This field identifies the name of the repository and its owner. The format of this address is always `OWNER/REPOSITORY <REPOSITORY.OWNER>`, e.g. `List-Id: grain-lang/grain <grain.grain-lang.{% data variables.product.product_url %}>`. |
 | `X-GitHub-Severity` field | {% data reusables.repositories.security-alerts-x-github-severity %} The possible severity levels are:<ul><li>`low`</li><li>`moderate`</li><li>`high`</li><li>`critical`</li></ul>For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." |
 

content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/index.md

@@ -15,7 +15,7 @@ children:
   - /viewing-contributions-on-your-profile
   - /showing-an-overview-of-your-activity-on-your-profile
   - /showing-your-private-contributions-and-achievements-on-your-profile
-  - /sending-enterprise-contributions-to-your-githubcom-profile
+  - /sharing-contributions-from-github-enterprise-server
   - /why-are-my-contributions-not-showing-up-on-my-profile
   - /troubleshooting-commits-on-your-timeline
 shortTitle: Manage contribution settings

content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/sharing-contributions-from-github-enterprise-server.md

@@ -1,6 +1,6 @@
 ---
-title: Sending enterprise contributions to your GitHub.com profile
-intro: 'You can highlight your work on {% data variables.product.prodname_enterprise %} by sending the contribution counts to your {% data variables.product.prodname_dotcom_the_website %} profile.'
+title: Sharing contributions from GitHub Enterprise Server
+intro: 'You can send contribution counts from {% data variables.product.prodname_ghe_server %} to your profile on {% data variables.product.prodname_dotcom_the_website %} or {% data variables.enterprise.data_residency_site %}.'
 redirect_from:
   - /articles/sending-your-github-enterprise-contributions-to-your-github-com-profile
   - /articles/sending-your-github-enterprise-server-contributions-to-your-github-com-profile
@@ -8,6 +8,7 @@ redirect_from:
   - /github/setting-up-and-managing-your-github-profile/sending-your-github-enterprise-server-contributions-to-your-githubcom-profile
   - /github/setting-up-and-managing-your-github-profile/managing-contribution-graphs-on-your-profile/sending-your-github-enterprise-server-contributions-to-your-githubcom-profile
   - /account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-graphs-on-your-profile/sending-enterprise-contributions-to-your-githubcom-profile
+  - /account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/sending-enterprise-contributions-to-your-githubcom-profile
 versions:
   fpt: '*'
   ghes: '*'
@@ -17,9 +18,9 @@ topics:
 shortTitle: Send enterprise contributions
 ---
 
-## About enterprise contributions on your {% data variables.product.prodname_dotcom_the_website %} profile
+## About enterprise contributions
 
-Your {% data variables.product.prodname_dotcom_the_website %} profile shows {% ifversion fpt or ghec %}{% data variables.product.prodname_enterprise %}{% else %}{% data variables.product.product_name %}{% endif %} contribution counts from the past 90 days. {% data reusables.github-connect.sync-frequency %} Contribution counts from {% ifversion fpt or ghec %}{% data variables.product.prodname_enterprise %}{% else %}{% data variables.product.product_name %}{% endif %} are considered private contributions. The commit details will only show the contribution counts and that these contributions were made in a {% data variables.product.prodname_enterprise %} environment outside of {% data variables.product.prodname_dotcom_the_website %}.
+When you share contributions, your {% data variables.product.prodname_dotcom_the_website %} or {% data variables.enterprise.data_residency_site %} profile shows {% data variables.product.prodname_ghe_server %} contribution counts from the past 90 days. {% data reusables.github-connect.sync-frequency %} Contribution counts from {% data variables.product.prodname_ghe_server %} are considered private contributions. The commit details will only show the contribution counts and that these contributions were made on {% data variables.product.prodname_ghe_server %}.
 
 You can decide whether to show counts for private contributions on your profile. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile)."
 
@@ -31,17 +32,17 @@ For more information about how contributions are calculated, see "[AUTOTITLE](/a
 
 {% endnote %}
 
-## Sending your enterprise contributions to your {% data variables.product.prodname_dotcom_the_website %} profile
+## Sending your enterprise contributions to your profile
 
-Before you can connect your {% ifversion fpt or ghec %}{% data variables.product.prodname_enterprise %}{% else %}{% data variables.product.product_name %}{% endif %} profile to your {% data variables.product.prodname_dotcom_the_website %} profile, your enterprise owner must enable {% data variables.product.prodname_github_connect %} and enable contribution sharing between the environments. For more information, contact your enterprise owner.
+Before you can connect your {% data variables.product.prodname_ghe_server %} profile to your {% data variables.product.prodname_dotcom_the_website %} or {% data variables.enterprise.data_residency_site %} profile, your enterprise owner must enable {% data variables.product.prodname_github_connect %} and enable contribution sharing between the environments. For more information, contact your enterprise owner.
 
 {% ifversion fpt or ghec %}
 
-To send enterprise contributions from {% data variables.product.prodname_ghe_server %} to your {% data variables.product.prodname_dotcom_the_website %} profile, see "[AUTOTITLE](/enterprise-server@latest/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/sending-enterprise-contributions-to-your-githubcom-profile)" in the {% data variables.product.prodname_ghe_server %} documentation.
+To share contributions from {% data variables.product.prodname_ghe_server %}, view this article in the [{% data variables.product.prodname_ghe_server %} version of the site](/enterprise-server@latest/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/sending-enterprise-contributions-to-your-githubcom-profile)."
 
 {% elsif ghes %}
 
-1. Sign in to {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_dotcom_the_website %}.
+1. Sign in to both your user account on {% data variables.product.product_name %} **and** your user account on {% data variables.product.prodname_ghe_cloud %} ({% data variables.product.prodname_dotcom_the_website %}{% ifversion ghecom-github-connect %} or {% data variables.enterprise.data_residency_site %}{% endif %}).
 1. On {% data variables.product.prodname_ghe_server %}, in the upper-right corner of any page, click your profile photo, then click **Settings**.
 
 {% ifversion global-nav-update %}
@@ -55,7 +56,7 @@ To send enterprise contributions from {% data variables.product.prodname_ghe_ser
 {% endif %}
 {% data reusables.github-connect.github-connect-tab-user-settings %}
 {% data reusables.github-connect.connect-dotcom-and-enterprise %}
-1. Review the resources that {% data variables.product.prodname_ghe_server %} will access from your {% data variables.product.prodname_dotcom_the_website %} account, then click **Authorize**.
+1. Review the resources that {% data variables.product.prodname_ghe_server %} will access from your {% data variables.product.prodname_dotcom_the_website %}{% ifversion ghecom-github-connect %} or {% data variables.enterprise.data_residency_site %}{% endif %} account, then click **Authorize**.
 {% data reusables.github-connect.send-contribution-counts-to-githubcom %}
 
 {% endif %}

content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/showing-your-private-contributions-and-achievements-on-your-profile.md

@@ -16,13 +16,15 @@ shortTitle: Private contributions {% ifversion hide-individual-achievements %}an
 allowTitleToDifferFromFilename: true
 ---
 
+{% ifversion ghec %}
+
+>[!NOTE] Achievements are not available on subdomains of {% data variables.enterprise.data_residency_site %}, such as `octocorp.ghe.com`.
+
+{% endif %}
+
 If you publicize your private contributions, people without access to the private repositories you work in won't be able to see the details of your private contributions. Instead, they'll see the number of private contributions you made on any given day. Your public contributions will include detailed information. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile)."
 
-{% note %}
-
-**Note:** On {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom_the_website %}{% elsif ghes %}{% data variables.product.product_name %}{% endif %}, public contributions on your profile are visible {% ifversion fpt or ghec %}to anyone in the world who can access {% data variables.product.prodname_dotcom_the_website %}{% elsif ghes %}only to other users of {% data variables.location.product_location%}{% endif %}.
-
-{% endnote %}
+>[!NOTE] On {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom_the_website %}{% elsif ghes %}{% data variables.product.product_name %}{% endif %}, public contributions on your profile are visible {% ifversion fpt or ghec %}to anyone in the world who can access {% data variables.product.prodname_dotcom_the_website %}{% elsif ghes %}only to other users of {% data variables.location.product_location%}{% endif %}.
 
 ## Changing the visibility of your private contributions
 

content/actions/administering-github-actions/index.md

@@ -8,7 +8,8 @@ versions:
   ghec: '*'
 children:
   - /usage-limits-billing-and-administration
-  - /viewing-github-actions-usage-metrics-for-your-organization
+  - /viewing-github-actions-metrics
   - /sharing-workflows-secrets-and-runners-with-your-organization
+  - /making-retired-namespaces-available-on-ghecom
 ---
 

content/actions/administering-github-actions/making-retired-namespaces-available-on-ghecom.md

@@ -0,0 +1,32 @@
+---
+title: 'Making retired namespaces available on GHE.com'
+shortTitle: Retired namespaces on GHE.com
+intro: 'Allow people to use namespaces that match actions you have used from {% data variables.product.prodname_dotcom_the_website %}.'
+versions:
+  ghec: '*'
+type: how_to
+permissions: Enterprise owners
+---
+
+## About retirement of namespaces
+
+If you use {% data variables.enterprise.data_residency %}, members of your enterprise can create {% data variables.product.prodname_actions %} workflows that use actions directly from {% data variables.product.prodname_dotcom_the_website %} or [{% data variables.product.prodname_marketplace %}](https://github.com/marketplace?type=actions).
+
+{% data variables.product.prodname_actions %} searches your enterprise on {% data variables.enterprise.data_residency_site %} for each action before falling back to {% data variables.product.prodname_dotcom_the_website %}. This ensures that custom versions of actions in your enterprise are used in preference to their counterparts on {% data variables.product.prodname_dotcom_the_website %}.
+
+To ensure workflows use their intended actions and to block the potential for abuse, once an action on {% data variables.product.prodname_dotcom_the_website %} is used for the first time, the namespace associated with that action is retired in your enterprise. This blocks users from creating an organization and repository in your enterprise that match the action's namespace on {% data variables.product.prodname_dotcom_the_website %}.
+
+## Making a retired namespace available
+
+After using an action from {% data variables.product.prodname_dotcom_the_website %}, if you want to create an action in your enterprise with the same name, you need to make the namespace for that organization and repository available.
+
+{% data reusables.enterprise-accounts.access-enterprise-emu %}
+{% data reusables.enterprise-accounts.settings-tab %}
+1. Under {% octicon "gear" aria-hidden="true" %} **Settings**, click **Retired namespaces**.
+1. To the right of the namespace that you want use in your enterprise, click **Unretire**.
+1. Go to the relevant organization and create a new repository.
+
+### Tips for ensuring you can create a new repository
+
+* When you unretire a namespace, always create the new repository with that name as soon as possible. If a workflow calls the associated action on {% data variables.product.prodname_dotcom_the_website %} before you create the local repository, the namespace will be retired again.
+* For actions used in workflows that run frequently, you may find that a namespace is retired again before you have time to create the local repository. In this case, you can temporarily disable the relevant workflows until you have created the new repository.

content/actions/administering-github-actions/usage-limits-billing-and-administration.md

@@ -93,7 +93,7 @@ In addition to the usage limits, you must ensure that you use {% data variables.
 
 ## {% data variables.product.prodname_actions %} usage metrics
 
-Organization owners and users with the "View organization Actions usage metrics" permission can view {% data variables.product.prodname_actions %} usage metrics for their organization. These metrics can help you understand how and where your Actions minutes are being used. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/collaborating-with-groups-in-organizations/viewing-usage-metrics-for-github-actions)."
+Organization owners and users with the "View organization Actions metrics" permission can view {% data variables.product.prodname_actions %} usage metrics for their organization. These metrics can help you understand how and where your Actions minutes are being used. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/collaborating-with-groups-in-organizations/viewing-usage-metrics-for-github-actions)."
 
 When you view usage metrics, it is important to remember that {% data reusables.actions.actions-usage-metrics-not-billing-metrics %}
 

content/actions/administering-github-actions/viewing-github-actions-metrics.md

@@ -0,0 +1,47 @@
+---
+title: Viewing GitHub Actions metrics
+shortTitle: GitHub Actions metrics
+intro: 'You can view metrics to monitor where your organization or repositories use {% data variables.product.prodname_actions %} and how they are performing.'
+permissions: Organization owners and users with the "View organization Actions metrics" permission can view organization-level metrics. <br><br> Users with the base repository role can view repository-level metrics. 
+versions:
+  feature: actions-metrics
+redirect_from:
+  - /actions/monitoring-and-troubleshooting-workflows/viewing-github-actions-usage-metrics-for-your-organization
+  - /actions/administering-github-actions/viewing-github-actions-usage-metrics-for-your-organization
+  - /actions/administering-github-actions/viewing-github-actions-metrics-for-your-organization
+---
+
+{% data reusables.actions.about-actions-metrics %}
+
+{% data reusables.actions.enabling-actions-metrics %}
+
+## About {% data variables.product.prodname_actions %} usage metrics
+
+{% data reusables.actions.about-actions-usage-metrics %}
+
+## About {% data variables.product.prodname_actions %} performance metrics
+
+{% data reusables.actions.about-actions-performance-metrics %}
+
+## Understanding {% data variables.product.prodname_actions %} metrics aggregation
+
+{% data reusables.actions.about-actions-usage-metrics-aggregation %}
+
+## Viewing {% data variables.product.prodname_actions %} metrics for your organization
+
+{% data reusables.actions.actions-metrics-discrepancy-note %}
+
+{% data reusables.profile.access_org %}
+{% data reusables.user-settings.access_org %}
+{% data reusables.organizations.insights %}
+{% data reusables.actions.viewing-actions-metrics %}
+
+## Viewing {% data variables.product.prodname_actions %} metrics for your repository
+
+> [!NOTE] Repository-level metrics for {% data variables.product.prodname_actions %} is in {% data variables.release-phases.public_preview %} and subject to change.
+
+{% data reusables.actions.actions-metrics-discrepancy-note %}
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.navigate-to-insights %}
+{% data reusables.actions.viewing-actions-metrics %}

content/actions/administering-github-actions/viewing-github-actions-usage-metrics-for-your-organization.md

@@ -1,16 +0,0 @@
----
-title: Viewing GitHub Actions usage metrics for your organization
-shortTitle: GitHub Actions usage metrics
-intro: 'Organization owners and CI/CD administrators can view usage metrics for how and where their organization uses {% data variables.product.prodname_actions %}.'
-permissions: Organization owners and users with the "View organization Actions usage metrics" permissions.
-product: 'Your organization must be on a {% data variables.product.prodname_ghe_cloud %} plan.'
-versions:
-  fpt: '*'
-  ghec: '*'
-redirect_from:
-  - /actions/monitoring-and-troubleshooting-workflows/viewing-github-actions-usage-metrics-for-your-organization
----
-
-If you are on a {% data variables.product.prodname_ghe_cloud %} plan, {% data reusables.actions.about-actions-usage-metrics %}
-
-For more information about how to use {% data variables.product.prodname_actions %} usage metrics, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/collaborating-with-groups-in-organizations/viewing-usage-metrics-for-github-actions)" in the {% data variables.product.prodname_ghe_cloud %} documentation.

content/actions/monitoring-and-troubleshooting-workflows/monitoring-workflows/about-monitoring-workflows.md

@@ -1,6 +1,6 @@
 ---
 title: About monitoring workflows
-intro: 'You can use the tools in {% data variables.product.prodname_actions %} to monitor your workflows.'
+intro: 'You can use the tools in {% data variables.product.prodname_actions %} to monitor your workflows, metrics, and self-hosted runners.'
 versions:
   fpt: '*'
   ghes: '*'
@@ -45,6 +45,13 @@ To identify how long a job took to run, you can view its execution time. For mor
 
 You can view the status of each job and step in a workflow. For more information, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history)."
 
+{% ifversion actions-metrics %}
+
+## Monitoring {% data variables.product.prodname_actions %} metrics
+
+To analyze the efficiency and reliability of your workflows using metrics, see "[AUTOTITLE](/actions/administering-github-actions/viewing-github-actions-metrics)".
+{% endif %}
+
 ## Monitoring self-hosted runners
 
 If you use self-hosted runners, you can view their activity and diagnose common issues.

content/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/about-troubleshooting-workflows.md

@@ -24,6 +24,15 @@ If the workflow logs do not provide enough detail to diagnose why a workflow, jo
 
 If you attempt to cancel a workflow and the cancellation doesn't succeed, make sure you aren't using the `always` expression. The `always` expression causes a workflow step to run even when the workflow is canceled, which results in a hanging cancellation. For more information, see "[AUTOTITLE](/actions/learn-github-actions/expressions#always)".
 
+{% ifversion actions-metrics %}
+
+## Troubleshooting {% data variables.product.prodname_actions %} inefficiencies
+
+To analyze the inefficiencies and reliability of your workflows using metrics, see "[AUTOTITLE](/actions/administering-github-actions/viewing-github-actions-metrics)".
+{% endif %}
+
+## Monitoring self-hosted runners
+
 ## Troubleshooting self-hosted runners
 
 If you use self-hosted runners, you can view their activity and diagnose common issues.

content/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md

@@ -497,6 +497,23 @@ To enable and configure OIDC for another cloud provider, see the following guide
 
 * "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers)"
 
+{% ifversion ghec %}
+
+### Following these guides on {% data variables.enterprise.data_residency_site %}
+
+If you are part of an enterprise that uses {% data variables.enterprise.data_residency %} and you're setting up OIDC on {% data variables.enterprise.data_residency_site %}, you must **substitute certain values** in the linked articles.
+
+* Your provider's expected claim must substitute `githubusercontent.com` with `{% data variables.enterprise.data_residency_domain %}`, where SUBDOMAIN is your enterprise's subdomain on {% data variables.enterprise.data_residency_site %}.
+* For any URLs that include a route with your enterprise's name or slug, you must substitute your enterprise's subdomain on {% data variables.enterprise.data_residency_site %}.
+
+For example, if your subdomain is `octocorp`, the following substitutions apply:
+
+* The URL for seeing all the claims supported by {% data variables.product.company_short %}'s OIDC provider would be `https://token.actions.octocorp.ghe.com/.well-known/openid-configuration`.
+* The value of `iss` in your OIDC token would be `https://token.actions.octocorp.ghe.com`.
+* The enterprise can receive tokens at `https://token.actions.octocorp.ghe.com/octocorp`, and the REST API endpoint for customizing the `issuer` value would be `/enterprises/octocorp/actions/oidc/customization/issuer`.
+
+{% endif %}
+
 ## Debugging your OIDC claims
 
 You can use the [`github/actions-oidc-debugger`](https://github.com/github/actions-oidc-debugger) action to visualize the claims that would be sent, before integrating with a cloud provider. This action requests a JWT and prints the claims included within the JWT that were received from {% data variables.product.prodname_actions %}.

content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services.md

@@ -29,6 +29,8 @@ This guide explains how to configure AWS to trust {% data variables.product.prod
 
 {% data reusables.actions.oidc-security-notice %}
 
+{% data reusables.actions.oidc-on-ghecom %}
+
 {% ifversion ghes %}
 {% data reusables.actions.oidc-endpoints %}
   <!-- This note is indented to align with the above reusable. -->

content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure.md

@@ -27,6 +27,8 @@ This guide gives an overview of how to configure Azure to trust {% data variable
 
 {% data reusables.actions.oidc-security-notice %}
 
+{% data reusables.actions.oidc-on-ghecom %}
+
 {% ifversion ghes %}
 {% data reusables.actions.oidc-endpoints %}
   <!-- This note is indented to align with the above reusable. -->

content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers.md

@@ -27,6 +27,8 @@ To use OIDC, you will first need to configure your cloud provider to trust {% da
 
 {% data reusables.actions.oidc-security-notice %}
 
+{% data reusables.actions.oidc-on-ghecom %}
+
 ## Updating your {% data variables.product.prodname_actions %} workflow
 
 To update your workflows for OIDC, you will need to make two changes to your YAML:

content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform.md

@@ -12,7 +12,7 @@ topics:
 redirect_from:
   - /actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform
 ---
- 
+
 {% data reusables.actions.enterprise-github-hosted-runners %}
 
 ## Overview
@@ -27,6 +27,8 @@ This guide gives an overview of how to configure GCP to trust {% data variables.
 
 {% data reusables.actions.oidc-security-notice %}
 
+{% data reusables.actions.oidc-on-ghecom %}
+
 ## Adding a Google Cloud Workload Identity Provider
 
 To configure the OIDC identity provider in GCP, you will need to perform the following configuration. For instructions on making these changes, refer to [the GCP documentation](https://github.com/google-github-actions/auth).

content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md

@@ -12,7 +12,7 @@ topics:
 redirect_from:
   - /actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault
 ---
- 
+
 {% data reusables.actions.enterprise-github-hosted-runners %}
 
 ## Overview
@@ -27,6 +27,8 @@ This guide gives an overview of how to configure HashiCorp Vault to trust {% dat
 
 {% data reusables.actions.oidc-security-notice %}
 
+{% data reusables.actions.oidc-on-ghecom %}
+
 ## Adding the identity provider to HashiCorp Vault
 
 To use OIDC with HashiCorp Vault, you will need to add a trust configuration for the {% data variables.product.prodname_dotcom %} OIDC provider. For more information, see the HashiCorp Vault [documentation](https://www.vaultproject.io/docs/auth/jwt).

content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md

@@ -29,6 +29,8 @@ For an example {% data variables.product.prodname_actions %} workflow using the
 
 {% data reusables.actions.oidc-security-notice %}
 
+{% data reusables.actions.oidc-on-ghecom %}
+
 * To be secure, you need to set a Claims JSON in JFrog when configuring identity mappings. For more information, see "[AUTOTITLE](https://jfrog.com/help/r/jfrog-platform-administration-documentation/configure-identity-mappings)" and "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-token-claims)."
 
     For example, you can set `iss` to `https://token.actions.githubusercontent.com`, and the `repository` to something like "octo-org/octo-repo"`. This will ensure only Actions workflows from the specified repository will have access to your JFrog platform. The following is an example Claims JSON when configuring identity mappings.

content/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi.md

@@ -25,6 +25,8 @@ This guide gives an overview of how to configure PyPI to trust {% data variables
 
 {% data reusables.actions.oidc-security-notice %}
 
+{% data reusables.actions.oidc-on-ghecom %}
+
 ## Adding the identity provider to PyPI
 
 To use OIDC with PyPI, add a trust configuration that links each project on PyPI to each repository and workflow combination that's allowed to publish for it.

content/actions/security-for-github-actions/using-artifact-attestations/enforcing-artifact-attestations-with-a-kubernetes-admission-controller.md

@@ -111,7 +111,7 @@ Note that any image you intend to admit _must_ have a matching glob pattern in t
 
 {% ifversion ghec %}
 
-If your GitHub Enterprise account has a subdomain on GHE.com, you must specify a value for the GitHub trust domain. This value is used to fetch the trusted materials associated with the data residency region that hosts your GitHub Enterprise account. This value can be found by logging into your enterprise account with the `gh` CLI tool and running the following command:
+If your GitHub Enterprise account has a subdomain on {% data variables.enterprise.data_residency_site %}, you must specify a value for the GitHub trust domain. This value is used to fetch the trusted materials associated with the data residency region that hosts your GitHub Enterprise account. This value can be found by logging into your enterprise account with the `gh` CLI tool and running the following command:
 
 ```bash copy
 gh api meta --jq .domains.artifact_attestations.trust_domain

content/actions/sharing-automations/creating-actions/about-custom-actions.md

@@ -17,7 +17,7 @@ topics:
   - Action development
   - Fundamentals
 ---
- 
+
 {% data reusables.actions.enterprise-github-hosted-runners %}
 
 ## About custom actions
@@ -76,14 +76,18 @@ Storing an action in its own repository makes it easier for the {% data variable
 
 {% ifversion fpt or ghec %}If you're building an action that you don't plan to make available to others, you {% else %} You{% endif %} can store the action's files in any location in your repository. If you plan to combine action, workflow, and application code in a single repository, we recommend storing actions in the `.github` directory. For example, `.github/actions/action-a` and `.github/actions/action-b`.
 
-## Compatibility with {% data variables.product.prodname_ghe_server %}
+## Ensuring compatibility with other platforms
 
-To ensure that your action is compatible with {% data variables.product.prodname_ghe_server %}, you should make sure that you do not use any hard-coded references to {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} API URLs. You should instead use environment variables to refer to the {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} API:
+Many people access {% data variables.product.github %} at a domain other than {% data variables.product.prodname_dotcom_the_website %}, such as {% data variables.enterprise.data_residency_site %} or a custom domain for {% data variables.product.prodname_ghe_server %}.
 
-* For the REST API, use the `GITHUB_API_URL` environment variable.
-* For GraphQL, use the `GITHUB_GRAPHQL_URL` environment variable.
+To ensure that your action is compatible with other platforms, do not use any hard-coded references to API URLs such as `https://api.github.com`. Instead, you can:
 
-For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables#default-environment-variables)."
+* Use environment variables (see "[AUTOTITLE](/actions/learn-github-actions/variables#default-environment-variables)"):
+
+  * For the REST API, use the `GITHUB_API_URL` environment variable.
+  * For GraphQL, use the `GITHUB_GRAPHQL_URL` environment variable.
+
+* Use a toolkit such as [`@actions/github`](https://github.com/actions/toolkit/tree/main/packages/github), which can automatically set the correct URLs.
 
 ## Using release management for actions
 

content/actions/use-cases-and-examples/building-and-testing/building-and-testing-xamarin-applications.md

@@ -18,7 +18,7 @@ topics:
   - iOS
 shortTitle: Build & test Xamarin apps
 ---
- 
+
 {% data reusables.actions.enterprise-github-hosted-runners %}
 
 ## Introduction
@@ -35,6 +35,12 @@ We recommend that you have a basic understanding of Xamarin, .NET Core SDK, YAML
 * "[Getting started with .NET](https://dotnet.microsoft.com/learn)"
 * "[Learn Xamarin](https://dotnet.microsoft.com/learn/xamarin)"
 
+{% ifversion ghec %}
+
+To use the examples in the guide, you will need a repository on {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.actions.macos-unavailable-ghecom %}
+
+{% endif %}
+
 ## Building Xamarin.iOS apps
 
 The example below demonstrates how to change the default Xamarin SDK versions and build a Xamarin.iOS application.
@@ -54,7 +60,7 @@ jobs:
     - name: Set default Xamarin SDK versions
       run: |
         $VM_ASSETS/select-xamarin-sdk-v2.sh --mono=6.12 --ios=14.10
-    
+
     - name: Set default Xcode 12.3
       run: |
         XCODE_ROOT=/Applications/Xcode_12.3.0.app

content/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow.md

@@ -42,6 +42,8 @@ The actions you use in your workflow can be defined in:
 
 {% data reusables.actions.enterprise-marketplace-actions %}
 
+{% data reusables.actions.actions-marketplace-ghecom %}
+
 {% ifversion fpt or ghec %}
 
 ## Browsing Marketplace actions in the workflow editor
@@ -99,6 +101,10 @@ jobs:
         uses: {% data reusables.actions.action-setup-node %}
 ```
 
+{% ifversion ghec or ghes %}
+If {% ifversion ghec %}you're on {% data variables.enterprise.data_residency_site %}{% elsif ghes %}an enterprise owner has enabled access to actions on {% data variables.product.prodname_dotcom_the_website %}{% endif %}, you can use this syntax to reference actions either within your enterprise or on {% data variables.product.prodname_dotcom_the_website %}. {% data variables.product.prodname_actions %} will look for the action in your enterprise first, then fall back to {% data variables.product.prodname_dotcom_the_website %}.
+{% endif %}
+
 ### Referencing a container on Docker Hub
 
 If an action is defined in a published Docker container image on Docker Hub, you must reference the action with the `docker://{image}:{tag}` syntax in your workflow file. To protect your code and data, we strongly recommend you verify the integrity of the Docker container image from Docker Hub before using it in your workflow.

content/admin/configuring-settings/configuring-github-connect/about-github-connect.md

@@ -1,6 +1,6 @@
 ---
 title: About GitHub Connect
-intro: '{% data variables.product.prodname_github_connect %} enhances {% data variables.product.product_name %} by giving you access to additional features and workflows that rely on the power of {% data variables.product.prodname_dotcom_the_website %}.'
+intro: '{% data variables.product.prodname_github_connect %} enhances {% data variables.product.product_name %} by giving you access to data and workflows from {% data variables.product.prodname_ghe_cloud %}.'
 versions:
   ghes: '*'
 type: overview
@@ -11,40 +11,69 @@ redirect_from:
   - /admin/configuration/configuring-github-connect/about-github-connect
 ---
 
-## About {% data variables.product.prodname_github_connect %}
+{% data variables.product.prodname_github_connect %} allows {% data variables.location.product_location %} to connect to your enterprise on {% data variables.product.prodname_ghe_cloud %} in limited ways.
 
-{% data variables.product.prodname_github_connect %} enhances {% data variables.product.product_name %} by allowing {% data variables.location.product_location %} to benefit from the power of {% data variables.product.prodname_dotcom_the_website %} in limited ways. After you enable {% data variables.product.prodname_github_connect %}, you can enable additional features and workflows that rely on {% data variables.product.prodname_dotcom_the_website %}, such as {% data variables.product.prodname_dependabot_alerts %} for security vulnerabilities that are tracked in the {% data variables.product.prodname_advisory_database %}.
+After you enable {% data variables.product.prodname_github_connect %}, you can choose which features to enable. For example, you can:
 
-{% data variables.product.prodname_github_connect %} does not open {% data variables.location.product_location %} to the public internet. None of your enterprise's private data is exposed to {% data variables.product.prodname_dotcom_the_website %} users. Instead, {% data variables.product.prodname_github_connect %} transmits only the limited data needed for the individual features you choose to enable. Unless you enable license sync, no personal data is transmitted by {% data variables.product.prodname_github_connect %}. For more information about what data is transmitted by {% data variables.product.prodname_github_connect %}, see "[Data transmission for {% data variables.product.prodname_github_connect %}](#data-transmission-for-github-connect)."
+* Automatically sync license usage between environments
+* Unify search results and user contribution data
+* Enable features that rely on {% data variables.product.prodname_dotcom_the_website %}, such as {% data variables.product.prodname_dependabot_alerts %} for security vulnerabilities that are tracked in the {% data variables.product.prodname_advisory_database %}
 
-Enabling {% data variables.product.prodname_github_connect %} will not allow {% data variables.product.prodname_dotcom_the_website %} users to make changes to {% data variables.product.product_name %}.
+## About the connection
 
-To enable {% data variables.product.prodname_github_connect %}, you configure a connection between {% data variables.location.product_location %} and enterprise account on {% data variables.product.prodname_dotcom_the_website %} that uses {% data variables.product.prodname_ghe_cloud %}. {% data reusables.github-connect.connection-port-protocol %} For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/managing-github-connect)."
+To enable {% data variables.product.prodname_github_connect %}, you configure a connection between {% data variables.location.product_location %} and an enterprise account on **{% data variables.product.prodname_dotcom_the_website %}**{% ifversion ghecom-github-connect %} or **{% data variables.enterprise.data_residency_site %}**{% endif %}. {% data reusables.github-connect.connection-port-protocol %}
 
-After enabling {% data variables.product.prodname_github_connect %}, you will be able to enable features such as {% ifversion ghes %}automatic user license sync and {% endif %}{% data variables.product.prodname_dependabot_alerts %}. For more information about all of the features available, see "[{% data variables.product.prodname_github_connect %} features](#github-connect-features)."
+* {% data variables.product.prodname_github_connect %} does not open {% data variables.location.product_location %} to the public internet.
+* None of your enterprise's private data is exposed to {% data variables.product.prodname_ghe_cloud %} users.
+* {% data variables.product.prodname_github_connect %} transmits only the limited data needed for the features you enable. Unless you enable license sync, no personal data is transmitted. For more information, see "[Data transmission](#data-transmission)."
+* Enabling {% data variables.product.prodname_github_connect %} will not allow {% data variables.product.prodname_ghe_cloud %} users to make changes to {% data variables.product.product_name %}.
 
 ## {% data variables.product.prodname_github_connect %} features
 
-After you configure the connection between {% data variables.location.product_location %} and {% data variables.product.prodname_ghe_cloud %}, you can enable individual features of {% data variables.product.prodname_github_connect %} for your enterprise.
+After you configure the connection between {% data variables.location.product_location %} and {% data variables.product.prodname_ghe_cloud %}, you can enable individual features of {% data variables.product.prodname_github_connect %}.
+
+{% ifversion ghecom-github-connect %}
+If you're connecting to an enterprise on {% data variables.enterprise.data_residency_site %}, features that rely on data from {% data variables.product.prodname_dotcom_the_website %} are not available.
+
+* [Connections to {% data variables.product.prodname_dotcom_the_website %}](#connections-to-githubcom)
+* [Connections to {% data variables.enterprise.data_residency_site %}](#connections-to-ghecom)
+
+### Connections to {% data variables.product.prodname_dotcom_the_website %}
+
+{% endif %}
 
 | Feature | Description | More information |
 | ----------- | ----------- | ----------- |
-| Automatic user license sync | Manage license usage across your {% data variables.product.prodname_enterprise %} deployments by automatically syncing user licenses from {% data variables.location.product_location %} to {% data variables.product.prodname_ghe_cloud %}. | "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-automatic-user-license-sync-for-your-enterprise)" |
+{% data reusables.github-connect.license-sync %}
 | {% data variables.product.prodname_dependabot %} | Allow users to find and fix vulnerabilities in code dependencies. | "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)" |
 | {% data variables.product.prodname_dotcom_the_website %} actions | Allow users to use actions from {% data variables.product.prodname_dotcom_the_website %} in public workflow files. | "[AUTOTITLE](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)" |
 | {% ifversion server-statistics %} |
 | {% data variables.product.prodname_server_statistics %} | Analyze your own aggregate data from GitHub Enterprise Server, and help us improve GitHub products. | "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-server-statistics-for-your-enterprise)" |
 | {% endif %} |
-| Unified search | Allow users to include repositories on {% data variables.product.prodname_dotcom_the_website %} in their search results when searching from {% data variables.location.product_location %}. | "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-unified-search-for-your-enterprise)" |
-| Unified contributions | Allow users to include anonymized contribution counts for their work on {% data variables.location.product_location %} in their contribution graphs on {% data variables.product.prodname_dotcom_the_website %}. | "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-unified-contributions-for-your-enterprise)" |
+{% data reusables.github-connect.unified-search %}
+{% data reusables.github-connect.unified-contributions %}
 
-## Data transmission for {% data variables.product.prodname_github_connect %}
+{% ifversion ghecom-github-connect %}
+
+### Connections to {% data variables.enterprise.data_residency_site %}
+
+| Feature | Description | More information |
+| ----------- | ----------- | ----------- |
+| {% ifversion ghecom-license-sync %} |
+{% data reusables.github-connect.license-sync %}
+| {% endif %} |
+{% data reusables.github-connect.unified-search %}
+{% data reusables.github-connect.unified-contributions %}
+
+{% endif %}
+
+## Data transmission
 
 When {% data variables.product.prodname_github_connect %} is enabled, a record on {% data variables.product.prodname_ghe_cloud %} stores information about the connection. If you enable individual features of {% data variables.product.prodname_github_connect %}, additional data is transmitted.
 
 {% note %}
 
-**Note:** No repositories, issues, or pull requests are ever transmitted from {% data variables.product.product_name %} to {% data variables.product.prodname_dotcom_the_website %} by {% data variables.product.prodname_github_connect %}.
+**Note:** No repositories, issues, or pull requests are ever transmitted from {% data variables.product.product_name %} to {% data variables.product.prodname_ghe_cloud %} by {% data variables.product.prodname_github_connect %}.
 
 {% endnote %}
 
@@ -86,9 +115,20 @@ Additional data is transmitted if you enable individual features of {% data vari
 | {% ifversion server-statistics %} |
 | {% data variables.product.prodname_server_statistics %} | Aggregate metrics about your usage of {% data variables.product.prodname_ghe_server %}. For the complete list of metrics, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/analyzing-how-your-team-works-with-server-statistics/about-server-statistics#server-statistics-data-collected)." | From {% data variables.product.product_name %} to {% data variables.product.prodname_ghe_cloud %} | {% data variables.product.prodname_ghe_cloud %} |
 | {% endif %} |
-| Unified search | Search terms, search results | From {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.product_name %}<br><br>From {% data variables.product.product_name %} to {% data variables.product.prodname_dotcom_the_website %} | {% data variables.product.product_name %} |
-| Unified contributions | Contribution counts | From {% data variables.product.product_name %} to {% data variables.product.prodname_dotcom_the_website %} | {% data variables.product.prodname_dotcom_the_website %} |
+| Unified search | Search terms, search results | From {% data variables.product.prodname_ghe_cloud %} to {% data variables.product.product_name %}<br><br>From {% data variables.product.product_name %} to {% data variables.product.prodname_ghe_cloud %} | {% data variables.product.product_name %} |
+| Unified contributions | Contribution counts | From {% data variables.product.product_name %} to {% data variables.product.prodname_ghe_cloud %} | {% data variables.product.prodname_ghe_cloud %} |
 
-## Further reading
+## Enabling {% data variables.product.prodname_github_connect %}
 
-* "[AUTOTITLE](/graphql/guides/managing-enterprise-accounts)" in the GraphQL API documentation
+{% ifversion ghecom-github-connect %}
+
+To enable {% data variables.product.prodname_github_connect %}, see the article for your {% data variables.product.prodname_ghe_cloud %} environment.
+
+* "[AUTOTITLE](/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-githubcom)"
+* "[AUTOTITLE](/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-ghecom)"
+
+{% else %}
+
+To enable {% data variables.product.prodname_github_connect %}, see "[AUTOTITLE](/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-githubcom)."
+
+{% endif %}

content/admin/configuring-settings/configuring-github-connect/disabling-github-connect.md

@@ -0,0 +1,15 @@
+---
+title: Disabling GitHub Connect
+shortTitle: Disable GitHub Connect
+intro: 'You can disable {% data variables.product.prodname_github_connect %} to stop the connection from {% data variables.location.product_location %} to {% data variables.product.prodname_ghe_cloud %}.'
+versions:
+  ghes: '*'
+permissions: 'Enterprise owners'
+---
+
+When you disconnect from {% data variables.product.prodname_ghe_cloud %}, the {% data variables.product.prodname_github_connect %} {% data variables.product.prodname_github_app %} is deleted from your enterprise account and credentials stored on {% data variables.location.product_location %} are deleted.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.github-connect-tab %}
+1. Under "{% data variables.product.prodname_github_connect %}", to the right of the enterprise account you'd like to disconnect, click **Disable {% data variables.product.prodname_github_connect %}**.
+1. Read the information about disconnection, then click **Disable {% data variables.product.prodname_github_connect %}**.

content/admin/configuring-settings/configuring-github-connect/enabling-automatic-user-license-sync-for-your-enterprise.md

@@ -22,9 +22,9 @@ shortTitle: Automatic user license sync
 
 {% data reusables.enterprise-licensing.unique-user-licensing-model %}
 
-{% data reusables.enterprise-licensing.about-license-sync %} For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/about-github-connect#data-transmission-for-github-connect)."
+{% data reusables.enterprise-licensing.about-license-sync %} For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/about-github-connect#data-transmission)."
 
-If you enable automatic user license sync for your enterprise, {% data variables.product.prodname_github_connect %} will automatically synchronize license usage between {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %} weekly.{% ifversion ghes %} You can also synchronize your license data at any time outside of the automatic weekly sync, by manually triggering a license sync job. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud#triggering-a-license-sync-job)."{% endif %}
+If you enable automatic user license sync for your enterprise, every week, {% data variables.product.prodname_github_connect %} will automatically synchronize license usage between {% data variables.product.prodname_ghe_server %} and your enterprise on {% data variables.product.prodname_dotcom_the_website %}{% ifversion ghecom-license-sync %} or {% data variables.enterprise.data_residency_site %}{% endif %}. You can also synchronize your license data at any time outside of the automatic weekly sync, by manually triggering a license sync job. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud#triggering-a-license-sync-job)."
 
 If you use multiple {% data variables.product.prodname_ghe_server %} instances, you can enable automatic license sync between each of your instances and the same enterprise account on {% data variables.product.prodname_ghe_cloud %}.
 
@@ -36,7 +36,7 @@ You can also manually upload {% data variables.product.prodname_ghe_server %} us
 
 ## Enabling license synchronization
 
-Before enabling license synchronization on {% data variables.location.product_location %}, you must enable {% data variables.product.prodname_github_connect %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/managing-github-connect)."
+Before enabling license synchronization on {% data variables.location.product_location %}, you must enable {% data variables.product.prodname_github_connect %}. See {% ifversion ghecom-license-sync %}"[AUTOTITLE](/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-ghecom) or {% endif %}"[AUTOTITLE](/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-githubcom)."
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.github-connect-tab %}

content/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-ghecom.md

@@ -0,0 +1,82 @@
+---
+title: Enabling GitHub Connect for GHE.com
+shortTitle: Enable for GHE.com
+intro: 'Enable {% data variables.product.prodname_github_connect %} to share data between {% data variables.enterprise.data_residency_site %} and {% data variables.location.product_location %}.'
+versions:
+  feature: ghecom-github-connect
+---
+
+You can access additional features and workflows on {% data variables.location.product_location %} by enabling {% data variables.product.prodname_github_connect %}. See "[AUTOTITLE](/admin/configuration/configuring-github-connect/about-github-connect)."
+
+On {% data variables.enterprise.data_residency_site %}, {% data variables.product.prodname_github_connect %} features do not include any functionality that relies on resources on {% data variables.product.prodname_dotcom_the_website %}.
+
+## What happens when {% data variables.product.prodname_github_connect %} is enabled?
+
+{% data reusables.github-connect.what-happens-when-enabled %}
+
+## Prerequisites
+
+* **Administrative access:** You need administrative access to both an enterprise account on {% data variables.enterprise.data_residency_site %} and a {% data variables.product.prodname_ghe_server %} instance.
+* **Version requirement:** Your {% data variables.product.prodname_ghe_server %} instance must run {% data variables.product.prodname_ghe_server %} 3.12 or later.
+* **Proxy configuration**: If using a proxy server, allow connectivity to the following {% data variables.enterprise.data_residency_site %} hostnames (replace SUBDOMAIN with your enterprise's subdomain).
+
+   * `{% data variables.enterprise.data_residency_domain %}`
+   * `{% data variables.enterprise.data_residency_api %}`
+   * `uploads.{% data variables.enterprise.data_residency_domain %}`
+
+   See "[AUTOTITLE](/admin/configuration/configuring-network-settings/configuring-an-outbound-web-proxy-server)."
+
+## Step 1: Enable connection to {% data variables.enterprise.data_residency_site %}
+
+By default, {% data variables.product.prodname_github_connect %} connects {% data variables.product.prodname_ghe_server %} to {% data variables.product.prodname_dotcom_the_website %}. You must enable your instance to connect to your enterprise's subdomain of {% data variables.enterprise.data_residency_site %}.
+
+To enable the connection, someone with administrative SSH access to {% data variables.location.product_location_enterprise %} must complete the following tasks.
+
+{% data reusables.enterprise_installation.ssh-into-instance %}
+1. To enable your instance to connect to {% data variables.enterprise.data_residency_site %} for {% data variables.product.prodname_github_connect %}, run the following command. Replace SUBDOMAIN with the subdomain for your enterprise on {% data variables.enterprise.data_residency_site %}, for example `octocorp`.
+
+   ```shell copy
+   ghe-config app.github.github-connect-ghe-com-enabled true
+   ghe-config app.github.github-connect-ghe-com-subdomain "SUBDOMAIN"
+   ```
+
+1. To apply the configuration, run the following command.
+
+   >[!NOTE] During a configuration run, services on {% data variables.location.product_location_enterprise %} may restart, which can cause brief downtime for users.
+
+    ```shell copy
+    ghe-config-apply
+    ```
+
+After the run completes, you can configure {% data variables.product.prodname_github_connect %}.
+
+## Step 2: Enable {% data variables.product.prodname_github_connect %}
+
+To enable {% data variables.product.prodname_github_connect %}, you must be an enterprise owner on both {% data variables.product.product_name %} and {% data variables.product.prodname_ghe_cloud %}.
+
+People with a user account in both environments can connect the accounts from {% data variables.location.product_location_enterprise %}.
+
+1. Sign in to {% data variables.location.product_location %} and {% data variables.enterprise.data_residency_site %}.
+{% data reusables.github-connect.enable-github-connect %}
+1. Choose which individual features of {% data variables.product.prodname_github_connect %} you want to enable. See "[AUTOTITLE](/admin/configuring-settings/configuring-github-connect/about-github-connect#github-connect-features)."
+
+## Reenabling connections to {% data variables.product.prodname_dotcom_the_website %}
+
+If you need to reenable {% data variables.product.prodname_github_connect %} for {% data variables.product.prodname_dotcom_the_website %}, you must reconfigure your settings.
+
+{% data reusables.enterprise_installation.ssh-into-instance %}
+1. Run the following command.
+
+   ```shell copy
+   ghe-config app.github.github-connect-ghe-com-enabled false
+   ```
+
+1. To apply the configuration, run the following command.
+
+   >[!NOTE] During a configuration run, services on {% data variables.location.product_location_enterprise %} may restart, which can cause brief downtime for users.
+
+    ```shell copy
+    ghe-config-apply
+    ```
+
+1. Enable {% data variables.product.prodname_github_connect %} on {% data variables.product.prodname_dotcom_the_website %}. See "[AUTOTITLE](/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-githubcom)."

content/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-githubcom.md

@@ -0,0 +1,47 @@
+---
+title: Enabling GitHub Connect for GitHub.com
+shortTitle: Enable for GitHub.com
+intro: 'Enable {% data variables.product.prodname_github_connect %} to access additional features and workflows from {% data variables.product.prodname_dotcom_the_website %} on {% data variables.location.product_location %}.'
+redirect_from:
+  - /enterprise/admin/guides/developer-workflow/connecting-github-enterprise-to-github-com
+  - /enterprise/admin/guides/developer-workflow/connecting-github-enterprise-server-to-github-com
+  - /enterprise/admin/developer-workflow/connecting-github-enterprise-server-to-githubcom
+  - /enterprise/admin/installation/connecting-github-enterprise-server-to-github-enterprise-cloud
+  - /enterprise/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud
+  - /admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud
+  - /admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/connecting-github-enterprise-server-to-github-enterprise-cloud
+  - /admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud
+  - /admin/configuration/configuring-github-connect/managing-github-connect
+  - /admin/configuring-settings/configuring-github-connect/managing-github-connect
+versions:
+  ghes: '*'
+type: how_to
+topics:
+  - Enterprise
+  - GitHub Connect
+  - Infrastructure
+  - Networking
+---
+
+You can access additional features and workflows on {% data variables.location.product_location %} by enabling {% data variables.product.prodname_github_connect %}. See "[AUTOTITLE](/admin/configuration/configuring-github-connect/about-github-connect)."
+
+## What happens when {% data variables.product.prodname_github_connect %} is enabled?
+
+{% data reusables.github-connect.what-happens-when-enabled %}
+
+## Prerequisites
+
+* You must have an enterprise account on {% data variables.product.prodname_dotcom_the_website %} that uses {% data variables.product.prodname_ghe_cloud %}.
+* Your enterprise account on {% data variables.product.prodname_dotcom_the_website %} must be invoiced. Enterprise accounts on the free trial of {% data variables.product.prodname_ghe_cloud %} or that pay by credit card cannot be connected to {% data variables.location.product_location %}.
+* If your enterprise account on {% data variables.product.prodname_dotcom_the_website %} uses IP allow lists, you must add the IP address or network for {% data variables.location.product_location %} to your IP allow list. See "[AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-allowed-ip-addresses-for-organizations-in-your-enterprise)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
+* To configure a connection, your proxy configuration must allow connectivity to `github.com`, `api.github.com`, and `uploads.github.com`. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/configuring-an-outbound-web-proxy-server)."
+{%- ifversion ghecom-github-connect %}
+* If you have previously enabled {% data variables.product.prodname_github_connect %} for an enterprise on {% data variables.enterprise.data_residency_site %}, you must change your configuration to allow connections to {% data variables.product.prodname_dotcom_the_website %}. See "[AUTOTITLE](/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-ghecom#reenabling-connections-to-githubcom)."
+{%- endif %}
+
+## Enabling {% data variables.product.prodname_github_connect %}
+
+To enable {% data variables.product.prodname_github_connect %}, you must be an enterprise owner on both {% data variables.product.product_name %} and {% data variables.product.prodname_ghe_cloud %}.
+
+1. Sign in to {% data variables.location.product_location %} and {% data variables.product.prodname_dotcom_the_website %}.
+{% data reusables.github-connect.enable-github-connect %}

content/admin/configuring-settings/configuring-github-connect/enabling-unified-contributions-for-your-enterprise.md

@@ -1,7 +1,7 @@
 ---
 title: Enabling unified contributions for your enterprise
 shortTitle: Unified contributions
-intro: 'You can allow users to include anonymized contribution counts for their work on {% data variables.location.product_location %} in their contribution graphs on {% data variables.product.prodname_dotcom_the_website %}.'
+intro: 'You can allow users to include anonymized contribution counts for their work on {% data variables.location.product_location %} in their contribution graphs on {% data variables.product.prodname_ghe_cloud %}.'
 redirect_from:
   - /enterprise/admin/guides/developer-workflow/enabling-unified-contributions-between-github-enterprise-and-github-com
   - /enterprise/admin/guides/developer-workflow/enabling-unified-contributions-between-github-enterprise-server-and-github-com
@@ -12,7 +12,7 @@ redirect_from:
   - /admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/enabling-unified-contributions-between-github-enterprise-server-and-githubcom
   - /admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-unified-contributions-between-your-enterprise-account-and-githubcom
   - /admin/configuration/configuring-github-connect/enabling-unified-contributions-for-your-enterprise
-permissions: 'Enterprise owners can enable unified contributions between {% data variables.location.product_location %} and {% data variables.product.prodname_dotcom_the_website %}.'
+permissions: 'Enterprise owners'
 versions:
   ghes: '*'
 type: how_to
@@ -23,31 +23,27 @@ topics:
 
 ## About unified contributions
 
-As an enterprise owner, you can allow end users to send anonymized contribution counts for their work from {% data variables.location.product_location %} to their {% data variables.product.prodname_dotcom_the_website %} contribution graph.
+As an enterprise owner, you can allow end users to send anonymized contribution counts for their work from {% data variables.location.product_location %} to their contribution graph on {% data variables.product.prodname_dotcom_the_website %}{% ifversion ghecom-github-connect %} or {% data variables.enterprise.data_residency_site %}{% endif %}.
 
-After you enable {% data variables.enterprise.prodname_unified_contributions %}, before individual users can send contribution counts from {% data variables.location.product_location %} to {% data variables.product.prodname_dotcom_the_website %}, each user must also connect their user account on {% data variables.product.product_name %} with a personal account on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/sending-enterprise-contributions-to-your-githubcom-profile)."
+After you enable {% data variables.enterprise.prodname_unified_contributions %}, before individual users can send contribution counts from {% data variables.location.product_location %} to {% data variables.product.prodname_ghe_cloud %}, each user must also connect their user account on {% data variables.product.product_name %} with an account on {% data variables.product.prodname_ghe_cloud %}. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/sending-enterprise-contributions-to-your-githubcom-profile)."
 
 {% data reusables.github-connect.sync-frequency %}
 
-If the enterprise owner disables the functionality or individual users opt out of the connection, the contribution counts from {% data variables.product.product_name %} will be deleted on {% data variables.product.prodname_dotcom_the_website %}. If the user reconnects their profiles after disabling them, the contribution counts for the past 90 days are restored.
+If the enterprise owner disables the functionality or individual users opt out of the connection, the contribution counts from {% data variables.product.product_name %} will be deleted on {% data variables.product.prodname_ghe_cloud %}. If the user reconnects their profiles after disabling them, the contribution counts for the past 90 days are restored.
 
 {% data variables.product.product_name %} **only** sends the contribution count and source ({% data variables.product.product_name %}) for connected users. It does not send any information about the contribution or how it was made.
 
 ## Enabling unified contributions
 
-Before enabling {% data variables.enterprise.prodname_unified_contributions %} on {% data variables.location.product_location %}, you must enable {% data variables.product.prodname_github_connect %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/managing-github-connect)."
+Before enabling {% data variables.enterprise.prodname_unified_contributions %} on {% data variables.location.product_location %}, you must enable {% data variables.product.prodname_github_connect %}. See {% ifversion ghecom-github-connect %}"[AUTOTITLE](/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-ghecom) or {% endif %}"[AUTOTITLE](/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-githubcom)."
 
-{% ifversion ghes %}
 {% data reusables.github-connect.access-dotcom-and-enterprise %}
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.business %}
-{% data reusables.enterprise-accounts.github-connect-tab %}{% else %}
-1. Sign in to {% data variables.location.product_location %} and {% data variables.product.prodname_dotcom_the_website %}.
-{% data reusables.enterprise-accounts.access-enterprise %}{% data reusables.enterprise-accounts.github-connect-tab %}{% endif %}
-1. To the right of "Unified contributions", click **Enable**.{% ifversion ghes %}
+{% data reusables.enterprise-accounts.github-connect-tab %}
+1. To the right of "Unified contributions", click **Enable**.
 
    ![Screenshot of the "Unified contributions" option on the GitHub Connect page. The "Enable" button is highlighted with an orange outline.](/assets/images/enterprise/site-admin-settings/dotcom-ghe-connection-request-access.png)
 1. [Sign in](https://enterprise.github.com/login) to the {% data variables.product.prodname_ghe_server %} site to receive further instructions.
 
 When you request access, we may redirect you to the {% data variables.product.prodname_ghe_server %} site to check your current terms of service.
-{% endif %}

content/admin/configuring-settings/configuring-github-connect/enabling-unified-search-for-your-enterprise.md

@@ -1,7 +1,7 @@
 ---
 title: Enabling unified search for your enterprise
 shortTitle: Unified search
-intro: 'You can allow users to include repositories on {% data variables.product.prodname_dotcom_the_website %} in their search results when searching from {% data variables.location.product_location %}.'
+intro: 'You can allow users to include repositories on {% data variables.product.prodname_ghe_cloud %} in their search results when searching from {% data variables.location.product_location %}.'
 redirect_from:
   - /enterprise/admin/guides/developer-workflow/enabling-unified-search-between-github-enterprise-and-github-com
   - /enterprise/admin/guides/developer-workflow/enabling-unified-search-between-github-enterprise-server-and-github-com
@@ -12,7 +12,7 @@ redirect_from:
   - /admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/enabling-unified-search-between-github-enterprise-server-and-githubcom
   - /admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-unified-search-between-your-enterprise-account-and-githubcom
   - /admin/configuration/configuring-github-connect/enabling-unified-search-for-your-enterprise
-permissions: 'Enterprise owners can enable unified search between {% data variables.product.product_name %} and {% data variables.product.prodname_dotcom_the_website %}.'
+permissions: 'Enterprise owners'
 versions:
   ghes: '*'
 type: how_to
@@ -24,27 +24,24 @@ topics:
 
 ## About {% data variables.enterprise.prodname_unified_search %}
 
-When you enable unified search, users can view search results from content on {% data variables.product.prodname_dotcom_the_website %} when searching from {% data variables.location.product_location %}.
+When you enable unified search, users can view search results from content on {% data variables.product.prodname_dotcom_the_website %}{% ifversion ghecom-github-connect %} or {% data variables.enterprise.data_residency_site %}{% endif %} when searching from {% data variables.location.product_location %}.
 
 You can choose to allow search results for public repositories on {% data variables.product.prodname_dotcom_the_website %}, and you can separately choose to allow search results for private repositories on {% data variables.product.prodname_ghe_cloud %}. If you enable unified search for private repositories, users can only search private repositories that they have access to and that are owned by the connected enterprise account. For more information, see "[AUTOTITLE](/search-github/getting-started-with-searching-on-github/about-searching-on-github#searching-across-github-enterprise-and-githubcom-simultaneously)."
 
-Users will never be able to search {% data variables.location.product_location %} from {% data variables.product.prodname_dotcom_the_website %}, even if they have access to both environments.
+Users will never be able to search {% data variables.location.product_location %} from {% data variables.product.prodname_ghe_cloud %}, even if they have access to both environments.
 
-After you enable unified search for {% data variables.location.product_location %}, before individual users can see search results from private repositories on {% data variables.product.prodname_dotcom_the_website %} in {% data variables.location.product_location %}, each user must also connect their user account on {% data variables.product.product_name %} with a user account on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/search-github/getting-started-with-searching-on-github/enabling-githubcom-repository-search-from-your-private-enterprise-environment)."
+After you enable unified search for {% data variables.location.product_location %}, before individual users can see search results from private repositories on {% data variables.product.prodname_ghe_cloud %} in {% data variables.location.product_location %}, each user must also connect their user account on {% data variables.product.product_name %} with a user account on {% data variables.product.prodname_ghe_cloud %}. For more information, see "[AUTOTITLE](/search-github/getting-started-with-searching-on-github/enabling-githubcom-repository-search-from-your-private-enterprise-environment)."
 
-Searching via the REST and GraphQL APIs does not include {% data variables.product.prodname_dotcom_the_website %} search results. Advanced search and searching for wikis in {% data variables.product.prodname_dotcom_the_website %} are not supported.
+Searching via the REST and GraphQL APIs does not include {% data variables.product.prodname_ghe_cloud %} search results. Advanced search and searching for wikis in {% data variables.product.prodname_ghe_cloud %} are not supported.
 
 ## Enabling {% data variables.enterprise.prodname_unified_search %}
 
-Before you can enable {% data variables.enterprise.prodname_unified_search %}, you must enable {% data variables.product.prodname_github_connect %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/managing-github-connect)."
+Before you can enable {% data variables.enterprise.prodname_unified_search %}, you must enable {% data variables.product.prodname_github_connect %}. See {% ifversion ghecom-github-connect %}"[AUTOTITLE](/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-ghecom) or {% endif %}"[AUTOTITLE](/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-githubcom)."
 
-{% ifversion ghes %}
 {% data reusables.github-connect.access-dotcom-and-enterprise %}
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.business %}
-{% data reusables.enterprise-accounts.github-connect-tab %}{% else %}
-1. Sign into {% data variables.location.product_location %} and {% data variables.product.prodname_dotcom_the_website %}.
-{% data reusables.enterprise-accounts.access-enterprise %}{% data reusables.enterprise-accounts.github-connect-tab %}{% endif %}
+{% data reusables.enterprise-accounts.github-connect-tab %}
 1. To the right of "Unified search", click **Enable**.
 
    ![Screenshot of the "Unified search" option on the GitHub Connect page. The "Enable" button is highlighted with an orange outline.](/assets/images/enterprise/site-admin-settings/github-dotcom-enable-search.png)

content/admin/configuring-settings/configuring-github-connect/index.md

@@ -18,12 +18,14 @@ topics:
   - Enterprise
 children:
   - /about-github-connect
-  - /managing-github-connect
+  - /enabling-github-connect-for-githubcom
+  - /enabling-github-connect-for-ghecom
   - /enabling-automatic-user-license-sync-for-your-enterprise
   - /enabling-dependabot-for-your-enterprise
   - /enabling-server-statistics-for-your-enterprise
   - /enabling-unified-search-for-your-enterprise
   - /enabling-unified-contributions-for-your-enterprise
+  - /disabling-github-connect
 shortTitle: GitHub Connect
 ---
 

content/admin/configuring-settings/configuring-github-connect/managing-github-connect.md

@@ -1,77 +0,0 @@
----
-title: Managing GitHub Connect
-shortTitle: Manage GitHub Connect
-intro: 'You can enable {% data variables.product.prodname_github_connect %} to access additional features and workflows for {% data variables.location.product_location %}.'
-redirect_from:
-  - /enterprise/admin/guides/developer-workflow/connecting-github-enterprise-to-github-com
-  - /enterprise/admin/guides/developer-workflow/connecting-github-enterprise-server-to-github-com
-  - /enterprise/admin/developer-workflow/connecting-github-enterprise-server-to-githubcom
-  - /enterprise/admin/installation/connecting-github-enterprise-server-to-github-enterprise-cloud
-  - /enterprise/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud
-  - /admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud
-  - /admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/connecting-github-enterprise-server-to-github-enterprise-cloud
-  - /admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud
-  - /admin/configuration/configuring-github-connect/managing-github-connect
-versions:
-  ghes: '*'
-type: how_to
-topics:
-  - Enterprise
-  - GitHub Connect
-  - Infrastructure
-  - Networking
----
-
-## About {% data variables.product.prodname_github_connect %}
-
-You can access additional features and workflows on {% data variables.location.product_location %} by enabling {% data variables.product.prodname_github_connect %}. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/about-github-connect)."
-
-When you enable {% data variables.product.prodname_github_connect %}, you configure a connection between {% data variables.location.product_location %} and an enterprise account on {% data variables.product.prodname_ghe_cloud %}. {% data reusables.github-connect.connection-port-protocol %}
-
-Enabling {% data variables.product.prodname_github_connect %} creates a {% data variables.product.prodname_github_app %} owned by the enterprise account on {% data variables.product.prodname_ghe_cloud %}. {% data variables.product.product_name %} uses the {% data variables.product.prodname_github_app %}'s credentials to make requests to {% data variables.product.prodname_ghe_cloud %}.
-
-{% ifversion ghes %}
-{% data variables.product.prodname_ghe_server %} stores credentials from the {% data variables.product.prodname_github_app %}. The following credentials will be replicated to all nodes in a high availability or cluster environment, and stored in any backups, including snapshots created by {% data variables.product.prodname_enterprise_backup_utilities %}.
-* An authentication token, which is valid for one hour
-* A private key, which is used to generate a new authentication token
-{% endif %}
-
-## Prerequisites
-
-To use {% data variables.product.prodname_github_connect %}, you must have an enterprise account on {% data variables.product.prodname_dotcom_the_website %} that uses {% data variables.product.prodname_ghe_cloud %}. You may already have {% data variables.product.prodname_ghe_cloud %} included in your plan.
-
-{% note %}
-
-**Note:** Your enterprise account on {% data variables.product.prodname_dotcom_the_website %} must be invoiced. Enterprise accounts on the free trial of {% data variables.product.prodname_ghe_cloud %} or that pay by credit card cannot be connected to {% data variables.location.product_location %}.
-
-{% endnote %}
-
-{% ifversion ghes %}
-If your enterprise account on {% data variables.product.prodname_dotcom_the_website %} uses IP allow lists, you must add the IP address or network for {% data variables.location.product_location %} to your IP allow list on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-allowed-ip-addresses-for-organizations-in-your-enterprise)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
-
-To configure a connection, your proxy configuration must allow connectivity to `github.com`, `api.github.com`, and `uploads.github.com`. For more information, see "[AUTOTITLE](/admin/configuration/configuring-network-settings/configuring-an-outbound-web-proxy-server)."
-{% endif %}
-
-## Enabling {% data variables.product.prodname_github_connect %}
-
-To enable {% data variables.product.prodname_github_connect %}, you must be an enterprise owner on both {% data variables.product.product_name %} and {% data variables.product.prodname_ghe_cloud %}.
-
-{% ifversion ghes %}
-1. Sign in to {% data variables.location.product_location %} and {% data variables.product.prodname_dotcom_the_website %}.
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.github-connect-tab %}{% else %}
-1. Sign in to {% data variables.location.product_location %} and {% data variables.product.prodname_dotcom_the_website %}.
-{% data reusables.enterprise-accounts.access-enterprise %}{% data reusables.enterprise-accounts.github-connect-tab %}{% endif %}
-1. Under "{% data variables.product.prodname_github_connect %} is not enabled yet", click **Enable {% data variables.product.prodname_github_connect %}**. By clicking **Enable {% data variables.product.prodname_github_connect %}**, you agree to the "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#connect)."
-1. To the right of the enterprise account you'd like to connect, click **Connect**.
-
-## Disabling {% data variables.product.prodname_github_connect %}
-
-Enterprise owners can disable {% data variables.product.prodname_github_connect %}.
-
-When you disconnect from {% data variables.product.prodname_ghe_cloud %}, the {% data variables.product.prodname_github_connect %} {% data variables.product.prodname_github_app %} is deleted from your enterprise account and credentials stored on {% data variables.location.product_location %} are deleted.
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.github-connect-tab %}
-1. Under "{% data variables.product.prodname_github_connect %}", to the right of the enterprise account you'd like to disconnect, click **Disable {% data variables.product.prodname_github_connect %}**.
-1. Read the information about disconnection, then click **Disable {% data variables.product.prodname_github_connect %}**.

content/admin/configuring-settings/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise.md

@@ -56,7 +56,9 @@ Variables
 }
 ```
 
-Alternatively, you can use the following curl command to find your `databaseId`.
+#### Example for {% data variables.product.prodname_dotcom_the_website %}
+
+You can use the following curl command to find your `databaseId`.
 
 ```shell copy
 curl -H "Authorization: Bearer BEARER_TOKEN" -X POST \
@@ -68,6 +70,16 @@ curl -H "Authorization: Bearer BEARER_TOKEN" -X POST \
 https://api.github.com/graphql
 ```
 
+#### Example for {% data variables.enterprise.data_residency_site %}
+
+You can use the following {% data variables.product.prodname_cli %} commands to retrieve the `databaseId`. Replace SUBDOMAIN with your enterprise's subdomain of {% data variables.enterprise.data_residency_site %}.
+
+  ```shell copy
+  gh auth login -s 'read:enterprise' -h SUBDOMAIN.ghe.com
+
+  gh api graphql --hostname SUBDOMAIN.ghe.com -f query='query($slug: String!) { enterprise (slug: $slug) { slug databaseId } }' -f slug='SUBDOMAIN'
+  ```
+
 {% data reusables.actions.azure-vnet-configure-azure-resources-script %}
 
 ## Creating a network configuration for your enterprise in {% data variables.product.company_short %}

content/admin/data-residency/about-github-enterprise-cloud-with-data-residency.md

@@ -0,0 +1,104 @@
+---
+title: About GitHub Enterprise Cloud with data residency
+intro: "With {% data variables.product.prodname_ghe_cloud %}, you can have more control over your data without needing to host your own platform."
+shortTitle: What is data residency?
+versions:
+  ghec: '*'
+---
+
+By default, {% data variables.product.company_short %} stores data for {% data variables.product.prodname_dotcom_the_website %} in the USA. {% data reusables.data-residency.when-you-adopt-data-residency %} To learn how {% data variables.product.company_short %} handles data storage, see "[AUTOTITLE](/admin/data-residency/about-storage-of-your-data-with-data-residency)."
+
+Access to this feature is currently managed by {% data variables.contact.contact_enterprise_sales %}.
+
+## What is {% data variables.product.product_name %}?
+
+{% data variables.product.github %} is a complete developer platform for building, scaling, and delivering secure software. In addition to these capabilities, {% data variables.product.product_name %} offers several key features designed to further optimize and secure your use of the platform:
+
+* Includes an **enterprise account**: a dedicated, shared space for your company to store code, collaborate, and access {% data variables.product.company_short %} features
+* Centralizes billing, administration, governance, and audit of your company’s resources and activity
+* Is accessible only to authorized users, isolated from the wider {% data variables.product.prodname_dotcom_the_website %} community
+* Includes management of authentication and user lifecycles from an external identity management system:
+
+  * **SCIM** for provisioning
+  * **SAML** or **OIDC** for authentication
+
+With {% data variables.enterprise.data_residency_short %}, {% data variables.enterprise.prodname_managed_users %} access your resources through a dedicated subdomain of {% data variables.enterprise.data_residency_site %}, and can only interact with resources that belong to your enterprise.
+
+## Why move data to the cloud?
+
+If you currently use a self-hosted service like {% data variables.product.prodname_ghe_server %}, {% data variables.enterprise.data_residency %} will help you to have more control over your data while benefiting from a cloud-based, managed product.
+
+* Your users will have access to the latest features from {% data variables.product.prodname_dotcom_the_website %}, such as {% data variables.product.prodname_copilot %}, without needing to wait for features to be available in {% data variables.product.prodname_ghe_server %} releases.
+* You'll have a simplified administrative experience, and won't need to schedule downtime for maintenance or upgrades.
+
+## How does billing work?
+
+To adopt {% data variables.enterprise.data_residency %}, you'll sign up for the **{% data variables.product.prodname_enterprise %} plan**, which covers your enterprise on {% data variables.enterprise.data_residency_site %} and, if you need it, {% data variables.product.prodname_ghe_server %}. For pricing details, see our [Pricing](https://github.com/pricing) page.
+
+To pay for user licenses and services, you can:
+* Add a credit card or PayPal account to your enterprise and bill directly through {% data variables.product.company_short %}
+* Connect your enterprise to a Microsoft Azure subscription
+
+You will be on our latest billing platform, which allows you to estimate spending, create cost centers to manage expenses, and pay flexibly for the services you use.
+
+You can also sign up for usage-based billing for {% data variables.product.prodname_enterprise %} and {% data variables.product.prodname_GH_advanced_security %} licenses, meaning you won't need to purchase a pre-defined number of licenses in advance.
+
+## Developer experience
+
+The developer experience on {% data variables.enterprise.data_residency_site %} differs in some ways from {% data variables.product.prodname_dotcom_the_website %} and {% data variables.product.prodname_ghe_server %}.
+
+* [Identity and access](#identity-and-access)
+* [Functionality for managed user accounts](#functionality-for-managed-user-accounts)
+* [Repository visibility](#repository-visibility)
+* [API access](#api-access)
+* [Documentation](#documentation)
+
+### Identity and access
+
+Enterprises on {% data variables.enterprise.data_residency_site %} use **{% data variables.product.prodname_emus %}**. In an {% data variables.enterprise.prodname_emu_enterprise %}, your company manages the user accounts that people use to access your resources. These accounts can only access your enterprise's resources, and are isolated from the wider open source community on {% data variables.product.prodname_dotcom_the_website %}.
+
+People access your enterprise via the {% data variables.enterprise.data_residency_site %} URL that you choose during onboarding. To access your enterprise's resources, people must authenticate through the identity management system that your company uses.
+
+### Network access
+
+Network details such as IP ranges and SSH key fingerprints differ between {% data variables.enterprise.data_residency_site %} and {% data variables.product.prodname_dotcom_the_website %}. You must give client systems such as storage accounts or identity provider integrations access to your enterprise. See "[AUTOTITLE](/admin/data-residency/network-details-for-ghecom)."
+
+### Functionality for {% data variables.enterprise.prodname_managed_users %}
+
+Administrators and developers with access to your enterprise can take advantage of the full {% data variables.product.prodname_dotcom %} platform, with the exception of some features that are currently unavailable.
+
+Developers may have experience using a personal account on {% data variables.product.prodname_dotcom_the_website %}, or a user account on a {% data variables.product.prodname_ghe_server %} instance. The experience of using a {% data variables.enterprise.prodname_managed_user %} on {% data variables.enterprise.data_residency_site %} differs in some ways. See "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts)."
+
+### Repository visibility
+
+Public repositories are not available in an {% data variables.enterprise.prodname_emu_enterprise %}. To practice innersource, users can create internal repositories that are visible to all enterprise members. See "[AUTOTITLE](/repositories/creating-and-managing-repositories/about-repositories#about-internal-repositories)."
+
+### API access
+
+{% data reusables.data-residency.data-resident-enterprises-api-access %} For example, if your enterprise's subdomain is `octocorp`, users should send requests to `https://api.octocorp.ghe.com`.
+
+Users can simplify API requests by using the {% data variables.product.prodname_cli %}. However, if they also need to access resources on {% data variables.product.prodname_dotcom_the_website %} or {% data variables.product.prodname_ghe_server %}, they will need to authenticate to multiple accounts and specify a target platform for most requests. See "[AUTOTITLE](/github-cli/github-cli/using-multiple-accounts)."
+
+Rate limits apply for requests to the REST API. See "[AUTOTITLE](/rest/overview/rate-limits-for-the-rest-api)."
+
+### Documentation
+
+In general, the content on [{% data variables.product.prodname_docs %}](/enterprise-cloud@latest) reflects the user experience on {% data variables.enterprise.data_residency_site %}. Readers should use the "{% data variables.product.product_name %}" version of the site. See "[AUTOTITLE](/get-started/using-github-docs/about-versions-of-github-docs#about-versions-of-github-docs)."
+
+When reading the documentation, readers may need to substitute references to {% data variables.product.prodname_dotcom_the_website %} with your enterprise's dedicated URL on {% data variables.enterprise.data_residency_site %}.
+
+## Feature overview
+
+{% data reusables.data-residency.data-resident-enterprise-feature-availability %} See "[AUTOTITLE](/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency)."
+
+## Getting started
+
+When you have worked with your account team in {% data variables.contact.contact_enterprise_sales %} to create a new enterprise account and choose a subdomain on {% data variables.enterprise.data_residency_site %}, you can get started with your new enterprise.
+
+You will:
+
+* Create accounts for your company's administrators and developers
+* Add your billing details
+* Optionally, migrate data from another platform
+
+To get started, see "[AUTOTITLE](/admin/data-residency/getting-started-with-data-residency-for-github-enterprise-cloud)."

content/admin/data-residency/about-storage-of-your-data-with-data-residency.md

@@ -0,0 +1,46 @@
+---
+title: About storage of your data with data residency
+shortTitle: How is data stored?
+intro: "Learn how your data is stored when you use {% data variables.enterprise.data_residency %}."
+versions:
+  ghec: '*'
+---
+
+{% data reusables.data-residency.when-you-adopt-data-residency %}
+
+Although your code and user data are stored within your chosen region, {% data variables.product.company_short %} may store certain types of data outside your region, and may need to transfer some data outside your region.
+
+If you are in doubt about any aspect of {% data variables.enterprise.data_residency_short %}, contact your account manager in {% data variables.contact.contact_enterprise_sales %}.
+
+## Data stored in your region
+
+{% data variables.product.company_short %} stores the following data for your enterprise within your chosen region.
+
+| Description of data | Examples |
+| :- | :- |
+| Customer content, including text, data, software, images, and other data available on the service | <ul><li>Repositories, including repository name and source code</li><li>User-generated content or URLs from the service, such as a pull request, comment, file path, raw URL, or filename</li><li>Structured or blob storage</li></ul> |
+| Data or logs that identify your company | <ul><li>Data and logs for GitHub Actions</li><li>Data for business continuity and disaster recovery (BCDR)</li></ul> |
+| Data or logs that identify a person | <ul><li>Email address</li><li>Username</li><li>First or last name</li><li>IP address</li></ul> |
+
+## Data stored outside your region
+
+For the purposes outlined in our [Data Protection Agreement](https://github.com/customer-terms/github-data-protection-agreement), {% data variables.product.company_short %} may store the following data for your enterprise outside your chosen region.
+
+| Description of data | Examples |
+| :- | :- |
+| Telemetry or logs containing consistent identifiers tied to a person, that by themselves do not identify the person without additional information | <ul><li>User ID or GUID as integer value in a database</li><li>Unsalted hash of other data that could identify a person</li><ul><li>Email address</li><li>Username</li><li>First or last name</li><li>IP address</li></ul> |
+| Information that GitHub needs to administer a paid plan | <ul><li>Contact information</li><li>Billing, purchase, payment, or license information</li></ul> |
+| Support and feedback data | <ul><li>Support requests or case notes</li><li>Phone conversations</li><li>Online chat sessions</li><li>Remote assistance sessions</li></ul> |
+| {% data variables.product.prodname_copilot %} data | Data and logs for {% data variables.product.prodname_copilot %} |
+
+## Data transfers
+
+{% data variables.product.company_short %} will document reasons for the transfer of data out of your enterprise's region, but does not notify you when transfers occur.
+
+Additionally, {% data variables.product.company_short %} sends information about the TLS certificate for your enterprise's subdomain on {% data variables.enterprise.data_residency_site %} to certificate authorities (CAs) and the certificate transparency (CT) ecosystem. Some entities may be outside of your enterprise's region.
+
+## Data subject requests
+
+If you need to comply with a data subject request (DSR), contact {% data variables.contact.contact_support_page %}.
+
+If {% data variables.product.company_short %} receives a request from one of your data subjects pertaining to {% data variables.enterprise.data_residency_short %} for {% data variables.product.prodname_ghe_cloud %}, where {% data variables.product.company_short %} functions as your processor or subprocessor, {% data variables.product.company_short %} will redirect the data subject to you. Consistent with the functionality of the services and {% data variables.product.company_short %}'s role, we will cooperate with you and provide you the necessary means to respond.

content/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency.md

@@ -0,0 +1,83 @@
+---
+title: Feature overview for GitHub Enterprise Cloud with data residency
+shortTitle: Which features are available?
+intro: "Learn about the available features on {% data variables.enterprise.data_residency_site %}, plus features that work differently from {% data variables.product.prodname_dotcom_the_website %}."
+versions:
+  ghec: '*'
+---
+
+{% data reusables.data-residency.data-resident-enterprise-feature-availability %} Some features work differently or require additional configuration compared to the equivalent feature on {% data variables.product.prodname_dotcom_the_website %}.
+
+## Available features
+
+{% data variables.product.prodname_ghe_cloud %} is a developer platform that supports the entire software development lifecycle, including planning work, automating tests and deployments, and keeping code secure. To learn about available features, see "[AUTOTITLE](/enterprise-cloud@latest/admin/overview/feature-overview-for-github-enterprise-cloud)."
+
+## Currently unavailable features
+
+The following features are currently unavailable on {% data variables.enterprise.data_residency_site %}.
+
+| Feature | Details | More information |
+| :- | :- | :- |
+| {% data variables.product.prodname_github_codespaces %} | Currently unavailable. | "[AUTOTITLE](/codespaces/overview)" |
+| {% data variables.product.prodname_marketplace %} | Currently, apps from {% data variables.product.prodname_marketplace %} are unavailable. {% data variables.product.prodname_actions %} workflows from {% data variables.product.prodname_marketplace %} may not function as expected. For more information, see "[GitHub Actions workflows from GitHub Marketplace](#github-actions-workflows-from-github-marketplace)." | "[AUTOTITLE](/search-github/searching-on-github/searching-github-marketplace)" | "[AUTOTITLE](/enterprise-server@latest/admin/configuration/configuring-github-connect/about-github-connect#github-connect-features)" in the {% data variables.product.prodname_ghe_server %} documentation |
+| macOS runners for {% data variables.product.prodname_actions %} | Currently unavailable. | "[AUTOTITLE](/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners)" |
+| Maven and Gradle support for {% data variables.product.prodname_registry %} | Currently unavailable. | "[AUTOTITLE](/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry)" |
+| Achievements | Currently unavailable. | "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/viewing-contributions-on-your-profile)" |
+| Microsoft Teams integrations | Currently unavailable. | "[AUTOTITLE](/get-started/exploring-integrations/featured-github-integrations#team-communication-tools)" |
+| {% data variables.product.prodname_importer %} | Currently unavailable | "[AUTOTITLE](/migrations/importing-source-code/using-github-importer/about-github-importer)" |
+| {% data variables.product.prodname_copilot %} Workspaces | Currently unavailable | |
+| Interactive maps | Currently can't use GeoJSON/TopoJSON syntax to create interactive maps. | "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams#creating-geojson-and-topojson-maps)" |
+| Usage metrics for {% data variables.product.prodname_actions %} | Currently unavailable | "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/viewing-usage-metrics-for-github-actions)" |
+| Some features currently in {% data variables.release-phases.public_preview %} or {% data variables.release-phases.private_preview %} | Certain features that are in a preview phase on {% data variables.product.prodname_dotcom_the_website %} may not be available on {% data variables.enterprise.data_residency_site %} | |
+
+## Features that work differently
+
+The following features are either specific to {% data variables.enterprise.data_residency_site %} or work differently compared to {% data variables.product.prodname_dotcom_the_website %}.
+
+* [API access](#api-access)
+* [URL differences](#url-differences)
+* [{% data variables.product.prodname_actions %} workflows from {% data variables.product.prodname_marketplace %}](#github-actions-workflows-from-github-marketplace)
+* [Retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website %}](#retirement-of-namespaces-for-actions-accessed-on-githubcom)
+* [GitHub Connect](#github-connect)
+
+### API access
+
+{% data reusables.data-residency.data-resident-enterprises-api-access %} For more information, see "[AUTOTITLE](/admin/data-residency/about-github-enterprise-cloud-with-data-residency#api-access)."
+
+### URL differences
+
+The URL formats for certain features and services vary between {% data variables.product.prodname_dotcom_the_website %} and {% data variables.enterprise.data_residency_site %}. If you're migrating to {% data variables.enterprise.data_residency_site %} and have automations or integrations that depend on URL values for {% data variables.product.prodname_dotcom_the_website %}, you will need to updates these values.
+
+The following examples are not exhaustive.
+
+{% rowheaders %}
+
+| Feature | Example on {% data variables.product.prodname_dotcom_the_website %} | Example on {% data variables.enterprise.data_residency_site %} |
+| ------ | ------------ | ----------- |
+| {% data variables.product.prodname_registry %} | The {% data variables.product.prodname_container_registry %} is located at {% data variables.product.prodname_container_registry_namespace %}. | The {% data variables.product.prodname_container_registry %} is located at `https://containers.SUBDOMAIN.ghe.com`. |
+| User provisioning | The "tenant URL" for Microsoft Entra ID is `https://api.github.com/scim/v2/enterprises/ENTERPRISE` | The "tenant URL" for Microsoft Entra ID is `https://api.SUBDOMAIN.ghe.com/scim/v2/enterprises/SUBDOMAIN` |
+| OIDC trusts for {% data variables.product.prodname_actions %} deployments | The OIDC token is issued from `https://token.actions.githubusercontent.com`. | The OIDC token is issued from `https://token.actions.SUBDOMAIN.ghe.com` |
+| Raw URLs | `https://raw.githubusercontent.com/` | `https://raw.SUBDOMAIN.ghe.com/` |
+| Anonymized URLs for images and videos | `https://private-user-images.githubusercontent.com/` | `https://SUBDOMAIN.ghe.com/user-attachments/assets/` |
+
+{% endrowheaders %}
+
+### {% data variables.product.prodname_actions %} workflows from {% data variables.product.prodname_marketplace %}
+
+{% data variables.product.prodname_actions %} workflows from the {% data variables.product.prodname_marketplace %} may not work as users expect.
+
+* Some actions hard-code API calls to api.github.com, which don't currently work for enterprises on {% data variables.enterprise.data_residency_site %}.
+* Some actions make requests to resources on {% data variables.location.product_location %}, and these actions will **not** work for enterprises on {% data variables.enterprise.data_residency_site %} unless the author has built a mechanism to inject a secondary token for API calls. A `GITHUB_TOKEN` within a workflow run for your enterprise on {% data variables.enterprise.data_residency_site %} does not grant access to resources on {% data variables.location.product_location %}.
+
+### Retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website %}
+
+{% data reusables.actions.namespace-retirement-ghecom %}
+
+To allow people to use namespaces that match actions you have used from {% data variables.product.prodname_dotcom_the_website %}, you can make a retired namespace available. See "[AUTOTITLE](/actions/administering-github-actions/making-retired-namespaces-available-on-ghecom)."
+
+### {% data variables.product.prodname_github_connect %}
+
+You can use {% data variables.product.prodname_github_connect %} to connect to {% data variables.enterprise.data_residency_site %} from {% data variables.product.prodname_ghe_server %}.
+
+* {% data variables.product.prodname_github_connect %} features that rely on data from {% data variables.product.prodname_dotcom_the_website %} are not available.
+* To enable {% data variables.product.prodname_github_connect %}, you must configure your {% data variables.product.prodname_ghe_server %} instance to connect to your {% data variables.enterprise.data_residency_site %} subdomain. See "[AUTOTITLE](/enterprise-server@latest/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-ghecom)."

content/admin/data-residency/getting-started-with-data-residency-for-github-enterprise-cloud.md

@@ -0,0 +1,113 @@
+---
+title: Getting started with data residency for GitHub Enterprise Cloud
+shortTitle: Get started
+intro: "Set up your enterprise on {% data variables.enterprise.data_residency_site %} by onboarding users, enabling billing, and migrating data."
+versions:
+  ghec: '*'
+---
+
+When you adopt {% data variables.enterprise.data_residency %}, you can choose where your company's code and data are stored.
+
+After you have **worked with {% data variables.contact.contact_enterprise_sales %}** to create an enterprise account with a dedicated URL on {% data variables.enterprise.data_residency_site %}, you'll use this guide to set up your enterprise. You will:
+
+* Add users by configuring authentication and provisioning with an identity management system
+* Set up billing for your enterprise
+* Optionally, migrate data from another platform
+* Learn about available features, including features that work differently or require additional configuration
+
+After this initial setup, you'll be able to create organizations and repositories, collaborate on code, configure policies, and more.
+
+## Prerequisites
+
+* You must have been provisioned with an enterprise on {% data variables.enterprise.data_residency_site %}.
+
+* If you intend to pay with a Microsoft Azure subscription, you must have admin access to the Azure portal or work with someone to configure an admin consent workflow. For a full list of prerequisites, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription#prerequisites)."
+
+* {% data reusables.data-residency.data-resident-enterprises-network-access %}
+
+## 1. Add users to your enterprise
+
+Enterprises on {% data variables.enterprise.data_residency_site %} use {% data variables.product.prodname_emus %}. To create user accounts and grant access to your new enterprise on {% data variables.enterprise.data_residency_site %}, you must configure authentication and SCIM provisioning. See "[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users)."
+
+### Sign in as the setup user
+
+After we create your enterprise, you will receive an email inviting you to choose a password for the setup user, which is used to configure authentication and provisioning. The username is a randomly generated shortcode, suffixed with `_admin`.
+
+Using an **incognito or private browsing window**:
+
+1. Set the user's password.
+1. Save the user's recovery codes.
+
+{% data reusables.enterprise-accounts.emu-password-reset-session %}
+
+### Create a {% data variables.product.pat_generic %}
+
+{% data reusables.enterprise-accounts.emu-create-a-pat %}
+
+### Configure authentication
+
+{% data reusables.enterprise-accounts.emu-configure-authentication %}
+
+### Configure provisioning
+
+{% data reusables.enterprise-accounts.emu-configure-provisioning %}
+
+### Manage organization membership
+
+{% data reusables.enterprise-accounts.emu-manage-org-membership %}
+
+## 2. Set up billing
+
+To pay for licenses and services, you can use a credit card, PayPal, or a Microsoft Azure subscription.
+
+* To add a credit card or PayPal details, see "[AUTOTITLE](/billing/using-the-new-billing-platform/managing-your-payment-and-billing-information#viewing-payment-information)."
+* To link an Azure subscription, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription#connecting-your-azure-subscription-to-your-enterprise-account)."
+
+## 3. Migrate data
+
+Optionally, to migrate existing data to your new enterprise on {% data variables.enterprise.data_residency_site %}, you can use {% data variables.product.company_short %}'s migration tools.
+
+* If you're migrating from {% data variables.product.prodname_dotcom_the_website %}, {% data variables.product.prodname_ghe_server %}, Azure DevOps, or Bitbucket Server, you can migrate source code history and metadata with {% data variables.product.prodname_importer_proper_name %}. See "[AUTOTITLE](/migrations/using-github-enterprise-importer/understanding-github-enterprise-importer/about-github-enterprise-importer)."
+* If you're migrating from a different platform, see "[AUTOTITLE](/migrations/overview/migration-paths-to-github#migrations-to-ghecom)."
+
+### Example script for {% data variables.product.prodname_importer_proper_name %}
+
+The following script demonstrates the use of {% data variables.product.prodname_importer_proper_name %} for migration of an individual source repository from {% data variables.product.prodname_dotcom_the_website %} to a target repository on {% data variables.enterprise.data_residency_site %}. The `--target-api-url` parameter sets your enterprise on {% data variables.enterprise.data_residency_site %} as the destination of the migration.
+
+You can use the environment variable definitions in the script as an example to create additional commands that migrate data using {% data variables.product.prodname_importer_proper_name %}.
+
+In the following script, **replace the following placeholder text** with actual values.
+
+| Placeholder | Description |
+| :- | :- |
+| TARGET-TOKEN | {% data variables.product.pat_generic_caps %} (PAT) for accessing the target enterprise on {% data variables.enterprise.data_residency_site %} |
+| SOURCE-TOKEN | PAT for accessing the source resources on {% data variables.product.prodname_dotcom_the_website %} |
+| TARGET-GHE-API-URL | The URL for accessing API endpoints for your enterprise. For example, if your enterprise's subdomain is `octocorp`, this value must be `https://api.octocorp.ghe.com`. |
+| SOURCE-GH-ORGANIZATION-NAME | The name of the source organization on {% data variables.product.prodname_dotcom_the_website %}. |
+| SOURCE-GH-REPOSITORY-NAME | The name of the source repository on {% data variables.product.prodname_dotcom_the_website %}. |
+| TARGET-GHE-ORGANIZATION-NAME | The name of the target organization on {% data variables.enterprise.data_residency_site %}. |
+| TARGET-GHE-REPOSITORY-NAME | The name of the target repository on {% data variables.enterprise.data_residency_site %}. |
+
+```bash copy
+#!/bin/sh
+
+export GH_PAT="TARGET-TOKEN"
+export GH_SOURCE_PAT="SOURCE-TOKEN"
+export TARGET_API_URL="TARGET-GHE-API-URL"
+export GITHUB_SOURCE_ORG="SOURCE-GH-ORGANIZATION-NAME"
+export SOURCE_REPO="SOURCE-GH-REPOSITORY-NAME"
+export GITHUB_TARGET_ORG="TARGET-GHE-ORGANIZATION-NAME"
+export TARGET_REPO="TARGET-GHE-REPOSITORY-NAME"
+
+gh gei migrate-repo --target-api-url $TARGET_API_URL --github-source-org $GITHUB_SOURCE_ORG --source-repo $SOURCE_REPO --github-target-org $GITHUB_TARGET_ORG --target-repo $TARGET_REPO --verbose
+```
+
+## 4. Learn about {% data variables.product.github %}'s features
+
+When you have completed the initial setup of your enterprise, you and your enterprise's members can start using {% data variables.product.github %}'s features.
+
+{% data reusables.data-residency.data-resident-enterprise-feature-availability %} Some features work differently or require additional configuration compared to the equivalent feature on {% data variables.product.prodname_dotcom_the_website %}. See "[AUTOTITLE](/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency)."
+
+## Further reading
+
+* "[AUTOTITLE](/admin/data-residency/resolving-issues-with-your-enterprise-on-ghecom)

content/admin/data-residency/index.md

@@ -0,0 +1,13 @@
+---
+title: GitHub Enterprise Cloud with data residency
+shortTitle: Data residency
+versions:
+  ghec: '*'
+children:
+  - /about-github-enterprise-cloud-with-data-residency
+  - /about-storage-of-your-data-with-data-residency
+  - /feature-overview-for-github-enterprise-cloud-with-data-residency
+  - /getting-started-with-data-residency-for-github-enterprise-cloud
+  - /network-details-for-ghecom
+  - /resolving-issues-with-your-enterprise-on-ghecom
+---

content/admin/data-residency/network-details-for-ghecom.md

@@ -0,0 +1,57 @@
+---
+title: Network details for GHE.com
+shortTitle: Network details
+intro: 'Ensure client systems can access your resources on {% data variables.enterprise.data_residency_site %}.'
+versions:
+  ghec: '*'
+---
+
+To access your enterprise on {% data variables.enterprise.data_residency_site %}, client systems must:
+
+* Trust the following SSH key fingerprints
+* Have access to the following hostnames and IP addresses
+
+## {% data variables.product.github %}'s SSH key fingerprints
+
+* `SHA256:PYES2CtancLX+w0+VvwWRQclfulUkqj6hpZmcKFAO3w` (RSA)
+* `SHA256:TKoEXigNsj5b6XaSOSf20L0y3cuNx41WWM+l4AAK9k4` (ECDSA)
+* `SHA256:LqPvjvQugr3MmzVYw9M3gT7won8/lUPZCSvmNydl7vU` (Ed25519)
+
+## {% data variables.product.github %}'s hostnames
+
+* `*.{% data variables.enterprise.data_residency_domain %}`, where SUBDOMAIN is your enterprise's dedicated subdomain on {% data variables.enterprise.data_residency_site %}
+* `*.githubassets.com`
+* `*.githubusercontent.com`
+* `*.blob.core.windows.net`
+
+## {% data variables.product.github %}'s IP addresses
+
+These are {% data variables.product.company_short %}'s IP address ranges for enterprises on {% data variables.enterprise.data_residency_site %}.
+
+### Ranges for egress traffic
+
+* 108.143.221.96/28
+* 20.61.46.32/28
+* 20.224.62.160/28
+* 51.12.252.16/28
+* 74.241.131.48/28
+* 20.240.211.176/28
+
+### Ranges for ingress traffic
+
+* 108.143.197.176/28
+* 20.123.213.96/28
+* 20.224.46.144/28
+* 20.240.194.240/28
+* 20.240.220.192/28
+* 20.240.211.208/28
+
+## Supported regions for Azure private networking
+
+If you use Azure private networking for {% data variables.product.company_short %}-hosted runners, the supported Azure regions on {% data variables.enterprise.data_residency_site %} differ from those on {% data variables.product.prodname_dotcom_the_website %}.
+
+The following regions are available:
+
+* x64: `francecentral`, `swedencentral`
+* arm64: `francecentral`, `northeurope`
+* GPU: `italynorth`, `swedencentral`

content/admin/data-residency/resolving-issues-with-your-enterprise-on-ghecom.md

@@ -0,0 +1,25 @@
+---
+title: Resolving issues with your enterprise on GHE.com
+shortTitle: Resolving issues
+intro: "Learn the best course of action when you encounter problems."
+versions:
+  ghec: '*'
+---
+
+## Viewing service status
+
+If you're experiencing problems with a service that usually works, like pull requests or {% data variables.product.prodname_copilot %}, you can check if an ongoing incident is affecting the service in your region. See {% data variables.product.company_short %}'s status page at https://githubstatus.com.
+
+## Getting support
+
+If you need help to resolve an issue, contact {% data variables.contact.contact_ent_support %}. Ensure you are signed in to the support portal with your {% data variables.enterprise.data_residency_site %} account. You can also purchase {% data variables.contact.premium_support %}.
+
+Some requests, such as configuration of an external identity management system, may not be in the scope of what {% data variables.contact.github_support %} can help with. See "[AUTOTITLE](/support/learning-about-github-support/about-github-support#scope-of-support)."
+
+## Giving feedback
+
+We encourage you to engage with your account team to provide feedback about your company's experience on {% data variables.enterprise.data_residency_site %}.
+
+## Further reading
+
+* "[AUTOTITLE](/support/learning-about-github-support/about-github-premium-support)"

content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise.md

@@ -15,6 +15,8 @@ redirect_from:
   - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise
 ---
 
+>[!NOTE] {% data variables.product.prodname_github_codespaces %} is not available for enterprises that use {% data variables.enterprise.data_residency %}.
+
 ## About enterprise policies for {% data variables.product.prodname_github_codespaces %}
 
 As an enterprise owner, you can set a policy to enable or disable {% data variables.product.prodname_github_codespaces %} across organizations in your enterprise. You can enable {% data variables.product.prodname_github_codespaces %} for all organizations, enable for specific organizations, or disable for all organizations.

content/admin/index.md

@@ -100,6 +100,7 @@ versions:
   ghes: '*'
 children:
   - /overview
+  - /data-residency
   - /managing-your-enterprise-account
   - /installing-your-enterprise-server
   - /configuring-settings

content/admin/managing-github-actions-for-your-enterprise/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md

@@ -47,7 +47,7 @@ Before enabling access to public actions from {% data variables.product.prodname
 
 When you enable {% data variables.product.prodname_github_connect %}, users see no change in behavior for existing workflows because {% data variables.product.prodname_actions %} searches {% data variables.location.product_location %} for each action before falling back to {% data variables.product.prodname_dotcom_the_website%}. This ensures that any custom versions of actions your enterprise has created are used in preference to their counterparts on {% data variables.product.prodname_dotcom_the_website%}.
 
-Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website %} blocks the potential for a man-in-the-middle attack by a malicious user with access to {% data variables.location.product_location %}. When an action on {% data variables.product.prodname_dotcom_the_website %} is used for the first time, that namespace is retired in {% data variables.location.product_location %}. This blocks any user creating an organization and repository in your enterprise that matches that organization and repository name on {% data variables.product.prodname_dotcom_the_website %}. This ensures that when a workflow runs, the intended action is always run.
+{% data reusables.actions.namespace-retirement-ghecom %}
 
 After using an action from {% data variables.product.prodname_dotcom_the_website %}, if you want to create an action in {% data variables.location.product_location %} with the same name, first you need to make the namespace for that organization and repository available.
 

content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users.md

@@ -44,7 +44,7 @@ OIDC does not support IdP-initiated authentication.
 ## Configuring OIDC for Enterprise Managed Users
 
 1. Sign into {% data variables.product.prodname_dotcom %} as the setup user for your new enterprise with the username **@SHORT-CODE_admin**.
-{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.access-enterprise-emu %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.security-tab %}
 1. Under "OpenID Connect single sign-on", select **Require OIDC single sign-on**.

content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md

@@ -25,7 +25,7 @@ If your enterprise uses **personal accounts**, you must follow a different proce
 
 ## About SAML SSO for {% data variables.product.prodname_emus %}
 
-With {% data variables.product.prodname_emus %}, access to your enterprise's resources on {% data variables.product.github %} must be authenticated through your identity provider (IdP). Instead of signing in to {% data variables.product.prodname_dotcom %} with a {% data variables.product.prodname_dotcom %} username and password, members of your enterprise will sign in through your IdP.
+With {% data variables.product.prodname_emus %}, access to your enterprise's resources on {% data variables.product.prodname_dotcom_the_website %} or {% data variables.enterprise.data_residency_site %} must be authenticated through your identity provider (IdP). Instead of signing in with a {% data variables.product.prodname_dotcom %} username and password, members of your enterprise will sign in through your IdP.
 
 After you configure SAML SSO, we recommend storing your recovery codes so you can recover access to your enterprise in the event that your IdP is unavailable.
 
@@ -53,22 +53,32 @@ To configure SAML SSO for your {% data variables.enterprise.prodname_emu_enterpr
 
 ### Configure your IdP
 
-1. {% ifversion emu-public-scim-schema %}If you use a partner IdP, to install the {% data variables.product.prodname_emu_idp_application %} application, click one of the following links.{% else %}To install the {% data variables.product.prodname_emu_idp_application %} application, click the link for your IdP below:{% endif %}
+1. If you use a partner IdP, to install the {% data variables.product.prodname_emu_idp_application %} application, click the link for your IdP and environment.
 
-    * [Microsoft Entra ID application](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.githubenterprisemanageduser?tab=Overview) in Azure Marketplace (Entra ID was previously known as Azure AD)
-    * [Okta application](https://www.okta.com/integrations/github-enterprise-managed-user) in Okta's integrations directory
-    * [PingFederate downloads website](https://www.pingidentity.com/en/resources/downloads/pingfederate.html)
+   {% rowheaders %}
 
-      * To download the PingFederate connector, navigate to the **Add-ons** tab and select **{% data variables.product.prodname_dotcom %} EMU Connector 1.0**.
+   | Identity provider | App for {% data variables.product.prodname_dotcom_the_website %} | App for {% data variables.enterprise.data_residency_site %} |
+   | ----------------- | ------------- | ------------------- |
+   | Microsoft Entra ID | [{% data variables.product.prodname_emu_idp_application %}](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.githubenterprisemanageduser?tab=Overview) | [{% data variables.product.prodname_emu_idp_application %}](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.githubenterprisemanageduser?tab=Overview) |
+   | Okta | [{% data variables.product.prodname_emu_idp_application %}](https://www.okta.com/integrations/github-enterprise-managed-user) | [{% data variables.product.prodname_emu_idp_application %} - ghe.com](https://www.okta.com/integrations/github-enterprise-managed-user-ghe-com/) |
+   | PingFederate | [PingFederate downloads website](https://www.pingidentity.com/en/resources/downloads/pingfederate.html) (navigate to the **Add-ons** tab, then select **{% data variables.product.prodname_dotcom %} EMU Connector 1.0**) | [PingFederate downloads website](https://www.pingidentity.com/en/resources/downloads/pingfederate.html) (navigate to the **Add-ons** tab, then select **{% data variables.product.prodname_dotcom %} EMU Connector 1.0**) |
 
-1. To configure SAML SSO for {% data variables.product.prodname_emus %} on your IdP, read the following documentation. {% ifversion emu-public-scim-schema %}If you don't use a partner IdP, you can use the SAML configuration reference for {% data variables.product.product_name %} to create and configure a generic SAML 2.0 application on your IdP.{% endif %}
+   {% endrowheaders %}
+
+1. To configure SAML SSO for {% data variables.product.prodname_emus %} on a partner IdP, read the relevant documentation for your IdP and environment.
+
+   {% rowheaders %}
+
+   | Identity provider | Documentation for {% data variables.product.prodname_dotcom_the_website %} | Documentation for {% data variables.enterprise.data_residency_site %} |
+   | ----------------- | ------------- | ------------------- |
+   | Microsoft Entra ID | [Microsoft Learn](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/github-enterprise-managed-user-tutorial) | [Microsoft Learn](https://learn.microsoft.com/en-us/entra/identity/saas-apps/github-enterprise-managed-user-ghe-com-tutorial) |
+   | Okta | "[AUTOTITLE](/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-with-okta-for-enterprise-managed-users)" | "[AUTOTITLE](/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-with-okta-for-enterprise-managed-users)" |
+   | PingFederate | "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-pingfederate)" ("Prerequisities" and "1. Configure SAML" sections) | "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-pingfederate)" ("Prerequisities" and "1. Configure SAML" sections) |
+
+   {% endrowheaders %}
+
+   Alternatively, if you don't use a partner IdP, you can use the SAML configuration reference for {% data variables.product.product_name %} to create and configure a generic SAML 2.0 application on your IdP. See "[AUTOTITLE](/admin/identity-and-access-management/iam-configuration-reference/saml-configuration-reference)."
 
-   * [Entra ID](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/github-enterprise-managed-user-tutorial) on Microsoft Learn
-   * "[AUTOTITLE](/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-with-okta-for-enterprise-managed-users)"
-   * [PingFederate instructions](https://docs.pingidentity.com/integrations/github/github_emu_provisioner/pf_github_emu_connector.html) in the PingIdentity documentation
-   {%- ifversion emu-public-scim-schema %}
-   * "[AUTOTITLE](/admin/identity-and-access-management/iam-configuration-reference/saml-configuration-reference)"
-   {%- endif %}
 1. To test and configure your enterprise, assign yourself or the user that will configure SAML SSO for your enterprise on {% data variables.product.github %} to the application you configured for {% data variables.product.prodname_emus %} on your IdP.
 
    > [!NOTE]
@@ -95,7 +105,7 @@ After the initial configuration of SAML SSO, the only setting you can update on
    **Note**: {% data reusables.enterprise-accounts.emu-password-reset-session %}
 
    {% endnote %}
-{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.access-enterprise-emu %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.security-tab %}
 

content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-with-okta-for-enterprise-managed-users.md

@@ -1,7 +1,7 @@
 ---
 title: Configuring SAML single sign-on with Okta for Enterprise Managed Users
 shortTitle: Configure SAML on Okta
-intro: 'Learn how to configure SAML SSO for {% data variables.product.prodname_emus %} on Okta and {% data variables.product.prodname_ghe_cloud %}.'
+intro: 'Learn how to configure Okta for {% data variables.product.prodname_emus %} on {% data variables.product.prodname_dotcom_the_website %} or {% data variables.enterprise.data_residency_site %}.'
 product: '{% data reusables.gated-features.emus %}'
 versions:
   ghec: '*'
@@ -26,13 +26,17 @@ The {% data variables.product.prodname_emu_idp_application %} application on Okt
 
 ## Configuring Okta
 
-1. Install the [{% data variables.product.prodname_emu_idp_application %} application](https://www.okta.com/integrations/github-enterprise-managed-user) from Okta's integrations direction.
-1. In the {% data variables.product.prodname_emu_idp_application %} application on Okta, click the **Assignments** tab and assign the application to your Okta account.
+1. Install the Okta application for your environment.
+
+   * For **{% data variables.product.prodname_dotcom_the_website %}**, install the [{% data variables.product.prodname_emu_idp_application %} application](https://www.okta.com/integrations/github-enterprise-managed-user).
+   * For **{% data variables.enterprise.data_residency_site %}**, install the [{% data variables.product.prodname_emu_idp_application %} - {% data variables.enterprise.data_residency_site %} application](https://www.okta.com/integrations/github-enterprise-managed-user-ghe-com/).
+
+1. In the application on Okta, click the **Assignments** tab and assign the application to your Okta account.
 1. Click the **Sign on** tab.
 1. Next to "Enterprise Name," type the name of your  {% data variables.enterprise.prodname_emu_enterprise %}.
 
    >[!NOTE]
-   >For example, if you sign in to `https://github.com/enterprises/octo-enterprise`, your enterprise name is `octo-enterprise`.
+   >For example, if you sign in to `github.com/enterprises/octocorp` or `{% data variables.enterprise.data_residency_example_domain %}`, your enterprise name is `octocorp`.
 
 1. On the "Sign on" tab, under "SAML 2.0," click **More details**.
 1. In order to configure your enterprise on {% data variables.product.product_name %} later, note down the following items:
@@ -44,24 +48,7 @@ The {% data variables.product.prodname_emu_idp_application %} application on Okt
 ## Configuring your enterprise
 
 1. Sign in to your {% data variables.enterprise.prodname_emu_enterprise %}.
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.security-tab %}
-
-1. Under "SAML single sign-on", select **Require SAML authentication**.
-1. Under **Sign on URL**, type the "Sign on URL" that you noted down from Okta.
-1. Under **Issuer**, type the "Issuer" that you noted down from Okta.
-1. Under **Public Certificate**, paste the certificate that you noted from Okta.
-1. Before enabling SAML SSO for your enterprise, to ensure that the information you've entered is correct, click **Test SAML configuration**. {% data reusables.saml.test-must-succeed %}
-1. Click **Save**.
-
-    {% note %}
-
-    **Note:** After you require SAML SSO for your enterprise and save SAML settings, the setup user will continue to have access to the enterprise and will remain signed in to GitHub {% data variables.product.prodname_dotcom %} along with the {% data variables.enterprise.prodname_managed_users %} provisioned by your IdP who will also have access to the enterprise.
-
-    {% endnote %}
-
-{% data reusables.enterprise-accounts.download-recovery-codes %}
+1. Using the details you noted from Okta, follow the steps in "[AUTOTITLE](/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users#configure-your-enterprise)."
 
 ## Enabling provisioning
 

content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md

@@ -46,7 +46,7 @@ If you want to migrate to a new identity provider (IdP) or tenant rather than di
 
 {% data reusables.emus.sign-in-as-setup-user %}
 1. Attempt to access your enterprise account, and use a recovery code to bypass SAML SSO or OIDC. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable)."
-{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.access-enterprise-emu %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.security-tab %}
 1. Under "SAML single sign-on", deselect **Require SAML authentication** or **Require OIDC single sign-on**.

content/admin/managing-iam/iam-configuration-reference/saml-configuration-reference.md

@@ -23,7 +23,7 @@ To use SAML single sign-on (SSO) for authentication to {% data variables.product
 
  {% data variables.product.product_name %} provides integration according to the SAML 2.0 specification. For more information, see the [SAML Wiki](https://wiki.oasis-open.org/security) on the OASIS website.
 
-You must enter unique values from your SAML IdP when configuring SAML SSO for {% data variables.product.product_name %}, and you must also enter unique values from {% data variables.product.product_name %} on your IdP. For more information about authentication for
+You must enter unique values from your SAML IdP when configuring SAML SSO for {% data variables.product.product_name %}, and you must also enter unique values from {% data variables.product.product_name %} on your IdP.
 
 ## SAML metadata
 
@@ -31,6 +31,8 @@ You must enter unique values from your SAML IdP when configuring SAML SSO for {%
 
 The SP metadata for {% data variables.product.product_name %} is available for either organizations or enterprises with SAML SSO. {% data variables.product.product_name %} uses the `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST` binding.
 
+If you use {% data variables.product.prodname_emus %}, you can only enable SAML SSO at the enterprise level.
+
 ### Organizations
 
 You can configure SAML SSO for an individual organization in your enterprise. You can also configure SAML SSO for an organization if you use an individual organization on {% data variables.product.product_name %} and do not use an enterprise account. For more information, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization)."
@@ -45,7 +47,10 @@ The SP metadata for an organization on {% data variables.product.github %} is av
 
 ### Enterprises
 
-The SP metadata for an enterprise on {% data variables.product.github %} is available at `https://github.com/enterprises/ENTERPRISE/saml/metadata`, where **ENTERPRISE** is the name of your enterprise on {% data variables.product.github %}.
+Depending on your environment, the SP metadata for an enterprise on {% data variables.product.prodname_ghe_cloud %} is available at either:
+
+* `https://github.com/enterprises/ENTERPRISE/saml/metadata`, where **ENTERPRISE** is the name of your enterprise
+* `https://SUBDOMAIN.ghe.com/enterprises/SUBDOMAIN/saml/metadata`, where **SUBDOMAIN** is the subdomain for your enterprise
 
 | Value | Other names | Description | Example |
 | :- | :- | :- | :- |
@@ -100,7 +105,7 @@ To specify more than one value for an attribute, use multiple `<saml2:AttributeV
 
   {%- ifversion ghec %}
   * If you configure SAML for an organization, this value is `https://github.com/orgs/ORGANIZATION`.
-  * If you configure SAML for an enterprise, this URL is `https://github.com/enterprises/ENTERPRISE`.
+  * If you configure SAML for an enterprise, this URL is `https://github.com/enterprises/ENTERPRISE` or `https://SUBDOMAIN.ghe.com/enterprises/SUBDOMAIN`.
   {%- endif %}
 * Your IdP must protect each assertion in the response with a digital signature. You can accomplish this by signing each individual `<Assertion>` element or by signing the `<Response>` element.
 * Your IdP must provide a `<NameID>` element as part of the `<Subject>` element. You may use any persistent name identifier format.

content/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication.md

@@ -38,7 +38,12 @@ When you use external authentication, {% data variables.location.product_locatio
 
 If you use an enterprise with {% data variables.product.prodname_emus %}, members of your enterprise authenticate to access {% data variables.product.prodname_dotcom %} through your SAML identity provider (IdP). For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)" and "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#authentication-methods-for-github-enterprise-server)."
 
-{% data variables.product.prodname_dotcom %} automatically creates a username for each person when their user account is provisioned via SCIM, by normalizing an identifier provided by your IdP, then adding an underscore and short code. If multiple identifiers are normalized into the same username, a username conflict occurs, and only the first user account is created. You can resolve username problems by making a change in your IdP so that the normalized usernames will be unique and within the 39-character limit.
+{% data variables.product.github %} automatically creates a username for each person when their user account is provisioned via SCIM.
+
+* To create the username, {% data variables.product.github %} normalizes an identifier provided by your IdP.
+* On {% data variables.product.prodname_dotcom_the_website %}, {% data variables.product.github %} also adds an underscore and your enterprise's shortcode to the end of each username.
+
+If multiple identifiers are normalized into the same username, a username conflict occurs, and only the first user account is created. You can resolve username problems by making a change in your IdP so that the normalized usernames will be unique and within the 39-character limit.
 
 {% data reusables.enterprise-accounts.emu-only-emails-within-the-enterprise-can-conflict %}
 
@@ -46,13 +51,31 @@ If you use an enterprise with {% data variables.product.prodname_emus %}, member
 
 {% ifversion ghec %}
 
-## About usernames for {% data variables.enterprise.prodname_managed_users %}
+## About shortcodes for {% data variables.enterprise.prodname_managed_users %}
 
-When your {% data variables.enterprise.prodname_emu_enterprise %} is created, you will choose a short code that will be used as the suffix for your enterprise members' usernames. {% data reusables.enterprise-accounts.emu-shortcode %}
+Each enterprise that uses {% data variables.enterprise.prodname_managed_users %} is associated with a shortcode, which is an alphanumeric string between three and eight characters.
+
+### Shortcodes on {% data variables.product.prodname_dotcom_the_website %}
+
+When you create an {% data variables.enterprise.prodname_emu_enterprise %} on {% data variables.product.prodname_dotcom_the_website %}, you choose a shortcode that will be used as the suffix for all your enterprise members' usernames.
+
+* The short code must be unique to your enterprise and contain no special characters.
+* Choose carefully, because it is **not possible** to modify the shortcode after your {% data variables.enterprise.prodname_emu_enterprise %} has been created.
 
 The setup user who configures SAML SSO has a username in the format of **SHORT-CODE_admin**. For example, if your enterprise's shortcode is "octo", the setup user will be "octo_admin."
 
-When you provision a new user from your identity provider, the new {% data variables.enterprise.prodname_managed_user %} will have a {% data variables.product.prodname_dotcom %} username in the format of **@IDP-USERNAME_SHORT-CODE** (for example, "mona-cat_octo"). The IDP-USERNAME component is formed by normalizing the SCIM `userName` attribute value sent from the IdP.
+When you provision a new user from your identity provider, the new {% data variables.enterprise.prodname_managed_user %} will have a {% data variables.product.prodname_dotcom %} username in the format of **@IDP-USERNAME_SHORT-CODE** (for example, "mona-cat_octo").
+
+### Shortcodes on {% data variables.enterprise.data_residency_site %}
+
+If you use {% data variables.enterprise.data_residency %}, when you create an {% data variables.enterprise.prodname_emu_enterprise %} on {% data variables.enterprise.data_residency_site %}, your enterprise's shortcode is randomly generated.
+
+* The shortcode is **not** used as a suffix in the usernames of provisioned users.
+* The only place you are likely to see the shortcode is in the username of the setup admin, which will look like `2abvd19d_admin`.
+
+## About normalized usernames
+
+Usernames are formed by normalizing the SCIM `userName` attribute value sent from the IdP.
 
 | Identity provider                 | {% data variables.product.prodname_dotcom %} username  |
 |-----------------------------------|----------------------|
@@ -92,7 +115,7 @@ When you configure CAS, LDAP, or SAML authentication, {% data variables.product.
 
 ### Examples of username normalization
 
-| Identifier on provider | Normalized username on {% data variables.product.prodname_dotcom %} | Result |
+| Identifier on provider | Normalized username on {% data variables.product.prodname_dotcom_the_website %} | Result |
 | :- | :- | :- |
 | The.Octocat | `the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | This username is created successfully. |
 | !The.Octocat | `-the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | This username is not created, because it starts with a dash. |

content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-pingfederate.md

@@ -1,10 +1,11 @@
 ---
 title: Configuring authentication and provisioning with PingFederate
-intro: 'You can use PingFederate as an identity provider (IdP) to centrally manage authentication and user provisioning for {% data variables.location.product_location %}.'
-permissions: Site administrators with admin access to the IdP
+intro: 'Set up PingFederate as an identity provider (IdP) {% ifversion ghes %}to centrally manage authentication and provisioning for your enterprise{% else %}for {% data variables.product.prodname_emus %} on {% data variables.product.prodname_dotcom_the_website %} or {% data variables.enterprise.data_residency_site %}{% endif %}.'
+permissions: Enterprise owners with admin access to the IdP
 shortTitle: Set up PingFederate
 versions:
   feature: scim-for-ghes-public-beta
+  ghec: '*'
 type: how_to
 topics:
   - Accounts
@@ -16,31 +17,48 @@ topics:
 
 {% data reusables.scim.ghes-beta-note %}
 
-{% data reusables.saml.idp-saml-and-scim-explanation %} For more information, see "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes)."
+{% data reusables.saml.idp-saml-and-scim-explanation %} For more information, see {% ifversion ghec %}"[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users)."{% else %}"[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes)."{% endif %}
 
 ## Overview
 
-This guide will help you to set up both SAML authentication and SCIM provisioning for {% data variables.product.prodname_ghe_server %} on PingFederate.
+This guide will help you to set up both SAML authentication and SCIM provisioning for {% data variables.product.github %} on PingFederate.
 
 Before you start, please note the following:
 
+{%- ifversion ghes %}
 * The use of PingFederate as an IdP for {% data variables.product.prodname_ghe_server %} is in {% data variables.release-phases.public_preview %}. Please contact your account team to provide feedback.
+{%- endif %}
 * This guide is based on PingFederate version 12.1. Instructions may vary for other versions.
-* This guide assumes that you are using an LDAP server as the backing data store. JDBC data stores should work, but the instructions may vary slightly.
 * This guide provides the minimal steps to configure a working setup. Because your identity directory may be connected to PingFederate differently, you’ll need to pick the correct data attributes for SAML and SCIM based on what is available from your backing data store.
 
 ## Prerequisites
 
+{% ifversion ghec %}
+
+If you're configuring SCIM provisioning for a new enterprise, make sure to complete all previous steps in the initial configuration process. See "[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users)."
+
+{% else %}
+
 The general prerequisites for using SCIM on {% data variables.product.product_name %} apply. See the "Prerequisites" section in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users#prerequisites)."
 
+{% endif %}
+
 In addition:
 
+{%- ifversion ghes %}
 * To configure SCIM, you must have completed **steps 1 to 4** in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."
   * You will need the {% data variables.product.pat_v1 %} created for the setup user to authenticate requests from PingFederate.
+{%- endif %}
 * You must have installed the "GitHub EMU connector" on PingFederate. To download and install the connector, see [Install the provisioner](https://docs.pingidentity.com/integrations/github/github_emu_provisioner/wie1563995015164.html) in the PingIdentity documentation.
-  * You may need to configure the firewall in PingFederate to allow outbound connections to the `https://HOSTNAME/api/v3/scim/v2` endpoint on your {% data variables.product.prodname_ghe_server %} instance.
+* To provision users with SCIM, you must use an LDAP server as the backing data store.
+* You may need to configure the firewall in PingFederate to allow outbound connections to {% ifversion ghes %}the `https://HOSTNAME/api/v3/scim/v2` endpoint on your {% data variables.product.prodname_ghe_server %} instance.{% else %}the SCIM endpoints on {% data variables.product.github %}:
+  * For **{% data variables.product.prodname_dotcom_the_website %}**: `https://api.github.com/scim/v2/enterprises/ENTERPRISE`
+  * For **{% data variables.enterprise.data_residency_site %}**: `https://api.SUBDOMAIN.ghe.com/scim/v2/enterprises/SUBDOMAIN`{% endif %}
 * PingFederate's "provisioner mode" must be set to a value that allows SCIM provisioning. See the "Before you begin" section in PingIdentity's [Configuring outbound provisioning settings](https://docs.pingidentity.com/pingfederate/11.2/administrators_reference_guide/help_protocolsettingstasklet_saasglobalprovisioningsettingsstate.html) guide.
 * During this procedure, you will need to upload an X509 certificate to PingFederate. You may want to create and store the certificate before proceeding. You will also need the challenge password for the certificate. See the "[Example of creating an X509 certificate](#example-of-creating-an-x509-certificate)" section later in this article.
+{%- ifversion ghec %}
+* During this procedure, you will need to upload a SAML metadata file to PingFederate. If you're setting up an enterprise that uses **{% data variables.enterprise.data_residency_short %} on {% data variables.enterprise.data_residency_site %}**, it is easiest to create this file before you start. See "[Creating a SAML metadata file for {% data variables.enterprise.data_residency_site %}](#creating-a-saml-metadata-file-for-ghecom)."
+{%- endif %}
 
 ## 1. Configure SAML
 
@@ -50,7 +68,7 @@ In this section you will create a SAML connector in PingFederate, set up an LDAP
 1. [Set up an LDAP IdP adapter instance](#set-up-an-ldap-idp-adapter-instance)
 1. [Manage SAML output from your IdP adapter](#manage-saml-output-from-your-idp-adapter)
 
-Before starting this section, ensure you have followed steps **1 and 2** in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."
+Before starting this section, ensure you have followed {% ifversion ghec %}the previous steps in "[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users)."{% else %}steps **1 and 2** in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."{% endif %}
 
 ### Create a SAML adapter
 
@@ -59,8 +77,20 @@ Before starting this section, ensure you have followed steps **1 and 2** in "[AU
 1. Click **Use a template for this connection**, then select the "GitHub EMU Connector" from the "Connection Template" dropdown.
 
    >[!NOTE] If you don't see this option, the GitHub EMU Connector has not been installed. If you need assistance, contact your Ping representative.
-1. In a new tab, sign in to your {% data variables.product.prodname_ghe_server %} instance as the built-in setup user, then navigate to `https://HOSTNAME/saml/metadata`. Download the page as an XML file.
-1. On the PingFederate "SP Connection" page, upload the file from the previous step as the metadata file. Ensure you do this within 5 minutes of downloading the file.
+
+1. To populate some fields in PingFederate's configuration, you will upload an XML file containing SAML metadata for your enterprise.
+   {%- ifversion ghes %}
+   1. In a new tab, sign in to {% data variables.product.github %} as the built-in setup user.
+   Navigate to your SAML metadata page at `https://HOSTNAME/saml/metadata`.
+   1. Download the page as an XML file.
+   {%- else %}
+   To locate the file:
+
+   * If you're setting up an enterprise on **{% data variables.product.prodname_dotcom_the_website %}**, you will find this file in a ZIP file attached to the "GitHub EMU Connector" on PingFederate.
+   * If you're setting up an enterprise on **{% data variables.enterprise.data_residency_site %}**, you will create the file manually. See "[Creating a SAML metadata file for {% data variables.enterprise.data_residency_site %}](#creating-a-saml-metadata-file-for-ghecom)."
+   {%- endif %}
+
+1. On the PingFederate "SP Connection" page, upload the file from the previous step as the metadata file.{% ifversion ghes %} Ensure you do this within 5 minutes of downloading the file.{% endif %}
 1. Go to the "Connection Type" tab.
 1. Select **Browser SSO Profiles**, and deselect **Outbound provisioning** (this will be enabled later).
 1. Click **Next**.
@@ -68,9 +98,9 @@ Before starting this section, ensure you have followed steps **1 and 2** in "[AU
 1. Click **Next**.
 1. On the "General Info" tab, enter the following details.
 
-   * "Partner’s Entity ID": your {% data variables.product.prodname_ghe_server %} host URL (`https://HOSTNAME.com`)
+   * "Partner’s Entity ID": your {% data variables.product.github %} host URL ({% ifversion ghec %}`https://github.com` or `https://SUBDOMAIN.ghe.com`{% else %}`https://HOSTNAME.com`{% endif %})
    * "Connection Name": A descriptive name for your SP connection within PingFederate
-   * "Base URL": your {% data variables.product.prodname_ghe_server %} host URL (`https://HOSTNAME.com`)
+   * "Base URL": your {% data variables.product.github %} host URL ({% ifversion ghec %}`https://github.com` or `https://SUBDOMAIN.ghe.com`{% else %}`https://HOSTNAME.com`{% endif %})
    * "Transaction Logging": Standard
    * All other fields may be left blank.
 
@@ -83,8 +113,6 @@ Before starting this section, ensure you have followed steps **1 and 2** in "[AU
 
 ### Set up an LDAP IdP adapter instance
 
->[!NOTE] This section applies if you use an LDAP server. If you don't use LDAP, you will need to connect to your adapter using the appropriate settings for your requirements.
-
 1. On the "Create Adapter Instance" page on PingFederate, on the "Type" tab, enter the following details.
 
    * "Instance Name": A name to identify the instance, such as `pfghadapter`
@@ -140,7 +168,7 @@ Before starting this section, ensure you have followed steps **1 and 2** in "[AU
    * "Unique User Key Attribute": `username`
    * Next to the `username` attribute, select "Pseudonym".
 
-   >[!NOTE] This step is important. The adapter attribute is used to uniquely identify a user on your instance during SCIM provisioning.
+   >[!NOTE] This step is important. The adapter attribute is used to uniquely identify a user on {% data variables.product.github %} during SCIM provisioning.
 1. Click **Next**, then **Next** again.
 1. Review your settings on the summary page, then click **Save**.
 1. On the "IdP Adapters" tab, you should see the adapter you just created. Click **Done**.
@@ -153,6 +181,23 @@ Before starting this section, ensure you have followed steps **1 and 2** in "[AU
    >[!NOTE] This step is important. The normalized `SAML_SUBJECT` will need to match the normalized usernames of users provisioned by SCIM.
 1. Click **Next**, **Next** again, then **Done**.
 1. You should be back on the "Authentication Source Mapping" tab, and the "Adapter Instance Name" section should contain the adapter instance that you just created.
+1. Click **Next**.
+1. On the "Protocol Settings" tab, click **Configure Protocol Settings**.
+1. For the "Assertion Consumer Service URL" add a row with the following details:
+
+   * "Default" selected
+   * "Index": 0
+   * "Binding": POST
+   * "Endpoint URL": `{% ifversion ghes %}HOSTNAME{% else %}/enterprises/ENTERPRISE{% endif %}/saml/consume`{% ifversion ghec %}, where ENTERPRISE is your enterprise name or subdomain{% endif %}
+
+1. Click **Next**.
+1. On the "Allowable SAML Bindings" tab, ensure only "POST" and "REDIRECT" are selected.
+1. Click **Next**.
+1. On the "Signature Policy" page, ensure only "SIGN RESPONSE AS REQUIRED" is selected.
+1. Click **Next**.
+1. On the "Encryption Policy" tab, ensure "NONE" is selected.
+1. Click **Next**.
+1. Click **Save**.
 1. Click **Next** and **Done** until you reach the "Credentials" tab.
 1. On the "Credentials" tab, click **Configure Credentials**, then click **Manage Certificates**.
 1. On the "Certificate Management" page, click **Import**, then upload an X509 certificate (for help, see the "[Example of creating an X509 certificate](#example-of-creating-an-x509-certificate)" section).
@@ -171,18 +216,18 @@ Before starting this section, ensure you have followed steps **1 and 2** in "[AU
 
 ### Collect information for your SAML configuration
 
-You will need some details from PingFederate to configure SAML on {% data variables.product.prodname_dotcom %}.
+You will need some details from PingFederate to configure SAML on {% data variables.product.github %}.
 
 1. On the "SP Connections" page, in the row for your new connection, click **Select Action**, then **Export Metadata**.
 1. On the "Metadata Signing" tab, in the row for your new connection, select the signing certificate you created above. To download the certificate, click **Next**, then click **Export**.
-1. On PingFederate, click **System** in the header, then **Server**, then **Protocol Settings**. Check that the `SAML 2.0 ENTITY ID` is defined. Make a note of this, as you will need it for the “Issuer” field in {% data variables.product.prodname_dotcom %}'s SAML settings.
+1. On PingFederate, click **System** in the header, then **Server**, then **Protocol Settings**. Check that the `SAML 2.0 ENTITY ID` is defined. Make a note of this, as you will need it for the “Issuer” field in {% data variables.product.github %}'s SAML settings.
 1. Open the metadata file you downloaded, and have it ready for the next steps.
 
-### Configure {% data variables.product.prodname_ghe_server %}
+### Configure {% data variables.product.github %}
 
-1. Sign in to {% data variables.location.product_location %} as a user with access to the Management Console.
-1. Navigate to the "Authentication" section of the Management Console, then enable SAML. See "[AUTOTITLE](/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise#configuring-saml-sso)."
-1. Enter the following values from the metadata file you downloaded in the previous section.
+1. Sign in to {% data variables.product.github %} as {% ifversion ghec %}the setup user for your enterprise{% else %}a user with access to the Management Console{% endif %}.
+1. Enable SAML in your enterprise settings. See {% ifversion ghec %}"[AUTOTITLE](/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users#configure-saml-sso-for-enterprise-managed-users)."{% else %}"[AUTOTITLE](/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise#configuring-saml-sso)."{% endif %}
+1. Enter the following values from the SAML metadata file from the previous section.
 
    * For the "Single sign-on URL," use the `location` value of the `<md: SingleSignOnService>` field. This should be a URL ending `/idp/SSO.saml2`.
    * For the "Issuer," use the `entityId` value of the `<md: EntityDescriptor>` field (a URL).
@@ -198,7 +243,7 @@ In this section, you'll configure SCIM settings and attribute mapping on PingFed
 1. [Map LDAP fields to SCIM](#map-ldap-fields-to-scim)
 1. [Finish configuration and test](#finish-configuration-and-test)
 
-Before starting this section, ensure you have followed steps **1 to 4** in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."
+Before starting this section, ensure you have followed {% ifversion ghec %}the previous steps in "[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users)."{% else %}steps **1 to 4** in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."{% endif %}
 
 ### Configure SCIM settings
 
@@ -209,8 +254,8 @@ Before starting this section, ensure you have followed steps **1 to 4** in "[AUT
 1. Click **Next** until you reach the "Outbound Provisioning" tab, then click **Configure Provisioning**.
 1. On the "Target" tab, enter the following details.
 
-   * "Base URL": `https://HOSTNAME/api/v3/scim/v2/`
-   * "Access Token": The {% data variables.product.pat_v1 %} created for the built-in setup user
+   * "Base URL": {% ifversion ghes %}`https://HOSTNAME/api/v3/scim/v2`{% else %}`https://api.github.com/scim/v2/enterprises/{enterprise}/` or `https://api.SUBDOMAIN.ghe.com/scim/v2/enterprises/SUBDOMAIN`{% endif %}
+   * "Access Token": The {% data variables.product.pat_v1 %} created for the setup user
 1. Click **Next**.
 1. On the "Manage Channel" tab, click **Create**, then enter a unique channel name, such as `pfghscim`.
 1. Click **Next**.
@@ -222,16 +267,16 @@ Before starting this section, ensure you have followed steps **1 to 4** in "[AUT
 
 ### Map LDAP fields to SCIM
 
-On the "Attribute Mapping" tab, you will need to map fields from your LDAP server to SCIM fields. See the following list for {% data variables.product.prodname_dotcom %}'s supported SCIM fields and the values expected in each one.
+On the "Attribute Mapping" tab, you will need to map fields from your LDAP server to SCIM fields. See the following list for {% data variables.product.github %}'s supported SCIM fields and the values expected in each one.
 
-* **Username**: This will be normalized and used as the {% data variables.product.company_short %} username for the provisioned user. See "[AUTOTITLE](/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication#about-username-normalization)." This must match the normalization of the subject sent with the SAML assertion that you configured with the `SAML_SUBJECT` property in PingFederate.
+* **Username**: This will be normalized and used as the {% data variables.product.github %} username for the provisioned user. See "[AUTOTITLE](/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication#about-username-normalization)." This must match the normalization of the subject sent with the SAML assertion that you configured with the `SAML_SUBJECT` property in PingFederate.
 * **Email**: A field containing the user's email address.
 * **Display Name**: A human-readable name for the user.
 * **Formatted Name**: The user's full name, including all middle names, titles, and suffixes, formatted for display.
 * **First Name**: The first name of the user.
 * **Last Name**: The last name of the user.
 * **External ID**: This identifier is generated by an IdP provider.
-* **Roles**: This field should contain a string that represents the user's intended role on {% data variables.product.prodname_dotcom %}. Valid roles are `enterprise_owner` and `user`.
+* **Roles**: This field should contain a string that represents the user's intended role on {% data variables.product.github %}. Valid roles are {% ifversion ghec %}`enterprise_owner`, `user`, `billing_manager`, and `guest_collaborator`{% else %}`enterprise_owner` and `user`{% endif %}.
 
 When you have finished configuring these settings, click **Next**.
 
@@ -240,14 +285,18 @@ When you have finished configuring these settings, click **Next**.
 1. On the "Activation & Summary" tab, for the "Channel Status," select **Active**.
 1. On the "Manage Channels" tab, click **Done**.
 1. On the "Outbound Provisioning" tab, click **Save**. SCIM is now configured and enabled.
-1. Wait a few minutes for provisioning to run, then open a new private browser window and navigate to your instance at `https://HOSTNAME/login`.
+1. Wait a few minutes for provisioning to run, then open a new private browser window and navigate to {% data variables.product.github %}.
 1. Click **Sign in with SAML**. You should be redirected to the PingFederate login page.
-1. You should be able to sign in with the credentials for a user in the LDAP server that has been provisioned to {% data variables.product.prodname_ghe_server %}.
+1. You should be able to sign in with the credentials for a user in the LDAP server that has been provisioned to {% data variables.product.github %}.
 
 PingFederate provisioning handles users and groups independently. Users must be assigned directly in order to be provisioned. Users who are in an assigned group but not directly assigned will not be provisioned.
 
+{% ifversion ghes %}
+
 When you have finished configuring SCIM, you may want to disable some SAML settings you enabled for the configuration process. See "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users#6-disable-optional-settings)."
 
+{% endif %}
+
 ## Example of creating an X509 certificate
 
 There are multiple ways to create an X509 certificate. Here is an example that may work for your requirements.
@@ -289,3 +338,31 @@ There are multiple ways to create an X509 certificate. Here is an example that m
    ```shell copy
    ls | grep pfgh256.p12
    ```
+
+{% ifversion ghec %}
+
+## Creating a SAML metadata file for {% data variables.enterprise.data_residency_site %}
+
+Because some values differ from the metadata file that PingFederate provides for {% data variables.product.prodname_dotcom_the_website %}, you will create an XML file for your enterprise's SAML metadata manually.
+
+1. Copy the following XML into a text editor.
+
+   ```xml copy
+   <?xml version="1.0"?>
+   <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+     entityID="https://SUBDOMAIN.ghe.com/enterprises/SUBDOMAIN" cacheDuration="PT1440M">
+     <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"
+       AuthnRequestsSigned="false" WantAssertionsSigned="false">
+       <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+       <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+         Location="https://SUBDOMAIN.ghe.com/enterprises/SUBDOMAIN/saml/consume" isDefault="true"
+         index="0"/>
+     </md:SPSSODescriptor>
+   </md:EntityDescriptor>
+   ```
+
+1. Replace all instances of SUBDOMAIN with your enterprise's subdomain of {% data variables.enterprise.data_residency_site %}. For example: `octocorp`.
+1. Save the file as an XML file.
+1. Return to the instructions in "[Creating a SAML adapter](#create-a-saml-adapter)."
+
+{% endif %}

content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md

@@ -120,7 +120,7 @@ To ensure you can continue to sign in and configure settings when SCIM is enable
 ## 4. Enable SCIM on your instance
 
 1. Sign in to your instance as the **built-in setup user** you created earlier.
-{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.access-enterprise-emu %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.security-tab %}
 1. Under "SCIM Configuration", select **Enable SCIM configuration**.
@@ -150,12 +150,12 @@ To use a partner IdP's application both authentication and provisioning, review
 
 {% rowheaders %}
 
-| IdP | SSO method | More information |
+| IdP | SSO method | Instructions |
 |---|---|---|
 | Microsoft Entra ID (previously known as Azure AD) | OIDC | [Tutorial: Configure GitHub Enterprise Managed User (OIDC) for automatic user provisioning](https://docs.microsoft.com/azure/active-directory/saas-apps/github-enterprise-managed-user-oidc-provisioning-tutorial) on Microsoft Learn |
 | Entra ID | SAML | [Tutorial: Configure GitHub Enterprise Managed User for automatic user provisioning](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/github-enterprise-managed-user-provisioning-tutorial) on Microsoft Learn |
 | Okta | SAML | "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users-with-okta)" |
-| PingFederate | SAML | [Configure PingFederate for provisioning and SSO](https://docs.pingidentity.com/integrations/github/github_emu_provisioner/vup1682006069653.html) and [Managing channels](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_saasmanagementtasklet_saasmanagementstate.html) in the PingFederate documentation |
+| PingFederate | SAML | The "Prerequisites" and "2. Configure SCIM" sections in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-pingfederate)" |
 
 {% endrowheaders %}
 
@@ -171,7 +171,7 @@ To use a partner IdP's application for both authentication and provisioning, rev
 
 ### Configuring provisioning for other identity management systems
 
-If you don't use a partner IdP, or if you only use a partner IdP for authentication, you can manage the lifecycle of user accounts using {% data variables.product.company_short %}'s REST API endpoints for SCIM provisioning. These endpoints are in {% data variables.release-phases.public_preview %} and subject to change. See "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api)."
+If you don't use a partner IdP, or if you only use a partner IdP for authentication, you can manage the lifecycle of user accounts using {% data variables.product.company_short %}'s REST API endpoints for SCIM provisioning. See "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api)."
 
 {% ifversion emu-public-scim-schema %}
 
@@ -182,7 +182,7 @@ If you don't use a partner IdP, or if you only use a partner IdP for authenticat
    **Note**: {% data reusables.enterprise-accounts.emu-password-reset-session %}
 
    {% endnote %}
-{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.access-enterprise-emu %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.security-tab %}
 1. Under "Open SCIM Configuration", select "Enable open SCIM configuration".

content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-with-okta.md

@@ -1,7 +1,7 @@
 ---
 title: Configuring {% ifversion ghec %}SCIM{% else %}authentication and{% endif %} provisioning with Okta
 shortTitle: Set up Okta
-intro: 'Learn how to configure Okta to communicate with your enterprise using System for Cross-domain Identity Management (SCIM).'
+intro: 'Learn how to configure Okta to communicate with your enterprise{% ifversion ghec %} on {% data variables.product.prodname_dotcom_the_website %} or {% data variables.enterprise.data_residency_site %}{% endif %}.'
 product: '{% data reusables.gated-features.emus %}'
 permissions: '{% ifversion ghes %}Site administrators{% else %}People{% endif %} with admin access to the IdP'
 allowTitleToDifferFromFilename: true
@@ -63,24 +63,14 @@ In addition:
 * To configure SCIM, you must have completed **steps 1 to 4** in "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users)."
   * You will need the {% data variables.product.pat_v1 %} created for the setup user to authenticate requests from Okta.
 {% else %}
-* {% data variables.product.company_short %} recommends that you only authenticate requests with Okta's SCIM application using a {% data variables.product.pat_v1 %} associated with your enterprise's setup user. The token requires the **scim:enterprise** scope. For more information, see "[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users#create-a-personal-access-token)."
+If you're configuring SCIM provisioning for a new enterprise, make sure to complete all previous steps in the initial configuration process. See "[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users)."
+
+In addition:
 {% endif %}
 * You must use Okta's application for both authentication and provisioning.
 * {% data reusables.scim.your-okta-product-must-support-scim %}
 
-{% ifversion ghec %}
-
-## 1. Set your enterprise name
-
-After your {% data variables.enterprise.prodname_emu_enterprise %} has been created, you can begin to configure provisioning by setting your enterprise name in Okta.
-
-1. Navigate to your {% data variables.product.prodname_emu_idp_application %} application on Okta.
-1. Click the **Sign On** tab.
-1. To make changes, click **Edit**.
-1. Under "Advanced Sign-on Settings", in the "Enterprise Name" text box, type your enterprise name. For example, if you access your enterprise at `https://github.com/enterprises/octoinc`, your enterprise name would be "octoinc".
-1. To save your enterprise name, click **Save**.
-
-{% else %}
+{% ifversion ghes %}
 
 ## 1. Configure SAML
 
@@ -108,11 +98,17 @@ Before starting this section, ensure you have followed steps **1 and 2** in "[AU
 1. Sign in to {% data variables.location.product_location %} as a user with access to the Management Console.
 1. Configure SAML using the information you have gathered. See "[AUTOTITLE](/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise#configuring-saml-sso)."
 
-{% endif %}
-
 ## 2. Configure SCIM
 
-After {% ifversion ghec %}setting your enterprise name{% else %}configuring your SAML settings{% endif %}, you can proceed to configure provisioning settings.
+After configuring your SAML settings, you can proceed to configure provisioning settings.
+
+{% elsif ghec %}
+
+## Configuring SCIM
+
+After you have configured your SAML settings in Okta's app, you can proceed to configure provisioning settings. If you haven't already configured SAML settings, see "[AUTOTITLE](/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-with-okta-for-enterprise-managed-users)."
+
+{% endif %}
 
 {% ifversion ghec %}
 To configure provisioning, the setup user {% ifversion ghec %}with the **@<em>SHORT-CODE</em>_admin** username {% endif %}will need to provide a {% data variables.product.pat_v1 %} with the **scim:enterprise** scope. See "[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users#create-a-personal-access-token)."
@@ -125,7 +121,7 @@ Before starting this section, ensure you have followed steps **1 to 4** in "[AUT
 1. In the settings menu, click **Integration**.
 1. To make changes, click **Edit**.
 1. Click **Configure API integration**.
-1. In the "API Token" field, enter the {% data variables.product.pat_v1 %} with the **admin:enterprise** scope belonging to the setup user.
+1. In the "API Token" field, enter the {% data variables.product.pat_v1 %} belonging to the setup user.
 
    {% data reusables.scim.import-groups-unsupported %}
 
@@ -136,8 +132,12 @@ Before starting this section, ensure you have followed steps **1 to 4** in "[AUT
 1. Select **Enable** to the right of **Create Users**, **Update User Attributes**, and **Deactivate Users**.
 1. To finish configuring provisioning, click **Save**.
 
+{% ifversion ghes %}
+
 When you have finished configuring SCIM, you may want to disable some SAML settings you enabled for the configuration process. See "[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users#6-disable-optional-settings)."
 
+{% endif %}
+
 ## How do I assign users and groups?
 
 {% data reusables.enterprise-managed.assigning-users %}

content/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api.md

@@ -117,6 +117,9 @@ However, you can safely retrieve information from {% data variables.product.comp
 
 * Requests that don't match the API's expectations will return a `400 Bad Request` error.
 * REST API endpoints for provisioning users with SCIM require a `User-Agent` header. {% data variables.product.product_name %} will reject requests without this header.
+{%- ifversion ghec %}
+* If your enterprise is on {% data variables.enterprise.data_residency_site %}, ensure you send API requests to the endpoint for your enterprise at `{% data variables.enterprise.data_residency_api %}`.
+{%- endif %}
 
 ### Provision users before you provision groups
 

content/admin/managing-iam/reconfiguring-iam-for-enterprise-managed-users/migrating-from-saml-to-oidc.md

@@ -66,10 +66,12 @@ To migrate your enterprise from SAML to OIDC, you will disable your existing {%
 
    {% endwarning %}
 1. In a new tab or window, while signed in as the setup user, create a {% data variables.product.pat_v1 %} with the **scim:enterprise** scope and **no expiration** and copy it to your clipboard. For more information about creating a new token, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users#creating-a-personal-access-token)."
-1. In the provisioning settings for the {% data variables.product.prodname_emu_idp_oidc_application %} application in the Microsoft Entra admin center, under "Tenant URL", type `https://api.github.com/scim/v2/enterprises/YOUR_ENTERPRISE`, replacing YOUR_ENTERPRISE with the name of your enterprise account.
+1. In the provisioning settings for the {% data variables.product.prodname_emu_idp_oidc_application %} application in the Microsoft Entra admin center, under "Tenant URL", type the tenant URL for your enterprise:
 
-   For example, if your enterprise account's URL is `https://github.com/enterprises/octo-corp`, the name of the enterprise account is `octo-corp`.
-1. Under "Secret token", paste the {% data variables.product.pat_v1 %} with the **admin:enterprise** scope that you created earlier.
+   * For **{% data variables.product.prodname_dotcom_the_website %}**: `https://api.github.com/scim/v2/enterprises/YOUR_ENTERPRISE`, replacing YOUR_ENTERPRISE with the name of your enterprise account. For example, if your enterprise account's URL is `https://github.com/enterprises/octo-corp`, the name of the enterprise account is `octo-corp`.
+   * For **{% data variables.enterprise.data_residency_site %}**: `https://api.SUBDOMAIN.ghe.com/scim/v2/enterprises/SUBDOMAIN`, where SUBDOMAIN is your enterprise's subdomain on {% data variables.enterprise.data_residency_site %}.
+
+1. Under "Secret token", paste the {% data variables.product.pat_v1 %} with the **scim:enterprise** scope that you created earlier.
 1. To test the configuration, click **Test Connection**.
 1. To save your changes, at the top of the form, click **Save**.
 1. In the Microsoft Entra admin center, copy the users and groups from the old {% data variables.product.prodname_emu_idp_application %} application to the new {% data variables.product.prodname_emu_idp_oidc_application %} application.

content/admin/managing-iam/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts.md

@@ -16,7 +16,7 @@ redirect_from:
 
 With {% data variables.product.prodname_emus %}, you can control the user accounts of your enterprise members through your identity provider (IdP). See "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
 
-{% data variables.enterprise.prodname_managed_users_caps %} can contribute only to private and internal repositories within their enterprise and their own private repositories. They have read-only access to the wider {% data variables.product.prodname_dotcom %} community. These visibility and access restrictions apply to all requests, including API requests.
+{% data variables.enterprise.prodname_managed_users_caps %} can contribute only to private and internal repositories within their enterprise and their own private repositories. On {% data variables.product.prodname_dotcom_the_website %}, they have read-only access to the wider {% data variables.product.prodname_dotcom %} community. These visibility and access restrictions apply to all requests, including API requests.
 
 ## Authentication
 
@@ -42,14 +42,15 @@ With {% data variables.product.prodname_emus %}, you can control the user accoun
 
 ## {% data variables.product.prodname_github_codespaces %}
 
-* {% data variables.enterprise.prodname_managed_users_caps %} can only create codespaces that are owned by the enterprise. This means that {% data variables.enterprise.prodname_managed_users %}:
+* On {% data variables.product.prodname_dotcom_the_website %}, {% data variables.enterprise.prodname_managed_users %} can only create codespaces that are owned by the enterprise. This means that {% data variables.enterprise.prodname_managed_users %}:
   * Can create codespaces for repositories owned by their organization, or forks of these repositories, provided that the organization can pay for {% data variables.product.prodname_github_codespaces %}. See "[AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization)."
   * Cannot create codespaces for their personal repositories, any repositories outside their organizations, or {% data variables.product.company_short %}'s public templates for {% data variables.product.prodname_github_codespaces %}.
   * Cannot publish a codespace created from a template to a new repository.
+* On {% data variables.enterprise.data_residency_site %}, {% data variables.product.prodname_github_codespaces %} is not available to any users.
 
 ## {% data variables.product.prodname_copilot %}
 
-* {% data variables.enterprise.prodname_managed_users_caps %} cannot sign up for {% data variables.product.prodname_copilot_for_individuals %}. To allow a managed user to use {% data variables.product.prodname_copilot_short %}, you must grant the user access to a {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription. See "[AUTOTITLE](/copilot/about-github-copilot#getting-access-to-github-copilot)."
+* {% data variables.enterprise.prodname_managed_users_caps %} cannot sign up for {% data variables.product.prodname_copilot_for_individuals %}. To allow a managed user to use {% data variables.product.prodname_copilot_short %}, you must grant the user access to a {% data variables.product.prodname_copilot_business_short %} or {% data variables.product.prodname_copilot_enterprise_short %} subscription. See "[AUTOTITLE](/copilot/about-github-copilot/what-is-github-copilot#getting-access-to-copilot)."
 
 ## {% data variables.product.prodname_pages %}
 
@@ -57,7 +58,7 @@ With {% data variables.product.prodname_emus %}, you can control the user accoun
 
 ## Interactions
 
-* {% data variables.enterprise.prodname_managed_users_caps %} can view all public repositories, but cannot interact with repositories outside of the enterprise in any of the following ways:
+* On {% data variables.product.prodname_dotcom_the_website %}, {% data variables.enterprise.prodname_managed_users %} can view all public repositories, but cannot interact with repositories outside of the enterprise in any of the following ways:
   * Push code to the repository
   * Create issues or pull requests within the repository
   * Create or comment on discussions within the repository

content/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users.md

@@ -27,7 +27,7 @@ topics:
 allowTitleToDifferFromFilename: true
 ---
 
-With {% data variables.product.prodname_emus %}, you manage the lifecycle and authentication of your users on {% data variables.product.prodname_dotcom %} from an external identity management system, or IdP:
+With {% data variables.product.prodname_emus %}, you manage the lifecycle and authentication of your users on {% data variables.product.prodname_dotcom_the_website %} or {% data variables.enterprise.data_residency_site %} from an external identity management system, or IdP:
 
 * Your IdP **provisions new user accounts** on {% data variables.product.prodname_dotcom %}, with access to your enterprise.
 * Users must **authenticate on your IdP** to access your enterprise's resources on {% data variables.product.prodname_dotcom %}.

content/admin/managing-iam/understanding-iam-for-enterprises/about-identity-and-access-management.md

@@ -58,7 +58,7 @@ You can choose between configuring SAML at the enterprise level, which applies t
 
 ### Authentication with {% data variables.product.prodname_emus %} and federation
 
-If you need more control of the accounts for your enterprise members on {% data variables.product.github %}, you can use {% data variables.product.prodname_emus %}. With {% data variables.product.prodname_emus %}, you provision and manage accounts for your enterprise members on {% data variables.product.github %} using your IdP. Each member signs into an account that you create, and your enterprise manages the account. Contributions to the rest of {% data variables.product.prodname_dotcom_the_website %} are restricted. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
+If you need more control of the accounts for your enterprise members on {% data variables.product.github %}, you can use {% data variables.product.prodname_emus %}. With {% data variables.product.prodname_emus %}, you provision and manage accounts for your enterprise members on {% data variables.product.github %} using your IdP. Each member signs into an account that you create, and your enterprise manages the account. Contributions outside the enterprise are restricted. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
 
 {% elsif ghes %}
 

content/admin/managing-iam/understanding-iam-for-enterprises/about-saml-for-enterprise-iam.md

@@ -26,7 +26,7 @@ redirect_from:
   - /admin/identity-and-access-management/understanding-iam-for-enterprises/about-saml-for-enterprise-iam
 ---
 
-## About SAML SSO for {% ifversion ghec %}your enterprise on {% endif %}{% ifversion ghec or ghes %}{% data variables.location.product_location %}{% endif %}
+## About SAML SSO for your enterprise
 
 {% ifversion ghec %}
 

content/admin/managing-iam/understanding-iam-for-enterprises/choosing-an-enterprise-type-for-github-enterprise-cloud.md

@@ -46,6 +46,12 @@ If you do not choose {% data variables.product.prodname_emus %}:
 
 Consider personal accounts if using your external identity management system as the source of truth for user and access management would add too much complexity. For example, you do not have an established process for onboarding new users in the system.
 
+## Do you need to choose where your data is stored?
+
+To help you meet compliance requirements, {% data variables.product.prodname_ghe_cloud %} includes the option to store your enterprise's code and data in a specific region, on your own subdomain of {% data variables.enterprise.data_residency_site %}. See "[AUTOTITLE](/admin/data-residency/about-github-enterprise-cloud-with-data-residency)."
+
+If you adopt {% data variables.enterprise.data_residency %}, you **must** use {% data variables.product.prodname_emus %}.
+
 ## Is your external identity management system supported?
 
 Consider whether you already use, or can adopt, a supported identity management system.

content/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users.md

@@ -21,11 +21,18 @@ Before your developers can use {% data variables.product.prodname_ghe_cloud %} w
 
 To use {% data variables.product.prodname_emus %}, you need a **separate type of enterprise account** with {% data variables.product.prodname_emus %} enabled.
 
-Start a free 30-day trial of {% data variables.product.prodname_ghe_cloud %}, and choose **Enterprise with managed users**. See "[AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud)."
+* To create an enterprise on {% data variables.product.prodname_dotcom_the_website %}, start a free 30-day trial of {% data variables.product.prodname_ghe_cloud %}, and choose **Enterprise with managed users**. See "[AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud)."
+* If you require {% data variables.enterprise.data_residency_short %}, contact {% data variables.contact.contact_enterprise_sales %}.
+
+### Understand where your enterprise is hosted
+
+{% data variables.product.prodname_emus %} are available on {% data variables.product.prodname_dotcom_the_website %} or, if you use {% data variables.enterprise.data_residency_short %}, on your own subdomain of {% data variables.enterprise.data_residency_site %}.
+
+The setup process for the environments is similar. However, you will need to **pay attention** to where your enterprise is hosted as you follow the process. For example, there may be differences in the application you need to use in your identity provider, or the configuration values you need to provide.
 
 ## Create the setup user
 
-After we create your enterprise, you will receive an email inviting you to choose a password for the setup user, which is used to configure authentication and provisioning. The username is your enterprise's shortcode suffixed with `_admin`, for example `fabrikam_admin`.
+After we create your enterprise, you will receive an email inviting you to choose a password for the setup user, which is used to configure authentication and provisioning. The username is your enterprise's shortcode (chosen by you or randomly generated), suffixed with `_admin`. For example: `fabrikam_admin`.
 
 Using an **incognito or private browsing window**:
 
@@ -37,38 +44,21 @@ Using an **incognito or private browsing window**:
 
 ## Create a {% data variables.product.pat_generic %}
 
-Next, create a {% data variables.product.pat_generic %} that you can use to configure provisioning.
-
-* You must be **signed in as the setup user** when you create the token.
-* The token must have at least the **scim:enterprise** scope.
-* The token must have **no expiration**.
-
-To learn how to create a {% data variables.product.pat_v1 %}, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)."
+{% data reusables.enterprise-accounts.emu-create-a-pat %}
 
 ## Configure authentication
 
-Next, configure how your members will authenticate.
-
-**If you're using Entra ID** as your IdP, you can choose between OpenID Connect (OIDC) and Security Assertion Markup Language (SAML).
-* We recommend OIDC, which includes support for Conditional Access Policies (CAP).
-* If you require multiple enterprises provisioned from one tenant, you must use SAML for each enterprise after the first.
-
-**If you're using another IdP**, like Okta or PingFederate, you must use SAML to authenticate your members.
-
-To get started, read the guide for your chosen authentication method.
-
-* "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users)"
-* "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users)"
+{% data reusables.enterprise-accounts.emu-configure-authentication %}
 
 {% data variables.product.company_short %} offers a "paved-path" integration and full support if you use a partner IdP for both authentication and provisioning. Alternatively, you can use any system, or combination of systems, that conforms to SAML 2.0 and SCIM 2.0. However, support for resolving problems with these systems may be limited. For more details, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#identity-management-systems)."
 
 ## Configure provisioning
 
-After you configure authentication, you can configure SCIM provisioning, which is how your IdP will create {% data variables.enterprise.prodname_managed_users %} on {% data variables.product.prodname_dotcom %}. See "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users)."
+{% data reusables.enterprise-accounts.emu-configure-provisioning %}
 
 ## Manage organization membership
 
-After authentication and provisioning are configured, you can start managing organization membership for your {% data variables.enterprise.prodname_managed_users %} by synchronizing IdP groups with teams. See "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups)."
+{% data reusables.enterprise-accounts.emu-manage-org-membership %}
 
 ## Support developers with multiple user accounts
 

content/admin/managing-your-enterprise-account/changing-the-url-for-your-enterprise.md

@@ -13,7 +13,7 @@ shortTitle: Change enterprise URL
 
 ## About changes to enterprise slugs
 
-When you create an enterprise, you choose a "slug" for the enterprise, which is a string used in the URL for your enterprise. For example, if you chose `octo-enterprise` as the slug, the URL for your enterprise would be `https://github.com/enterprises/octo-enterprise`.
+When you create an enterprise, you choose a "slug" for the enterprise, which is a string used in the URL for your enterprise. For example, if you chose `octo-enterprise` as the slug, the URL for your enterprise on {% data variables.product.prodname_dotcom_the_website %} would be `https://github.com/enterprises/octo-enterprise`.
 
 If your company pays for {% data variables.product.prodname_ghe_cloud %} by credit card or PayPal, you can change the slug in the settings for your enterprise. When you change the slug, {% data variables.product.company_short %} does not set up any redirects from the old URL. Your old enterprise slug will immediately become available for another customer to use.
 

content/admin/managing-your-enterprise-account/creating-a-readme-for-an-enterprise.md

@@ -15,7 +15,7 @@ shortTitle: Create a README
 
 {% data reusables.enterprise.about-readmes %}
 
-The README is displayed on the enterprise's "Overview" page, which is the page you see when you navigate to the enterprise at `{% data variables.product.product_url %}/enterprises/YOUR-ENTERPRISE`. This page is only visible to members of the enterprise.
+The README is displayed on the enterprise's "Overview" page, which is the landing page you see when you navigate to the enterprise. This page is only visible to members of the enterprise.
 
 You can also create READMEs for organizations in your enterprise, visible either publicly or only to members. For more information, see "[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/customizing-your-organizations-profile)."
 

content/admin/managing-your-enterprise-account/creating-an-enterprise-account.md

@@ -28,11 +28,12 @@ In most cases, you can create an enterprise account **yourself**.
 * When you start a free trial of {% data variables.product.prodname_ghe_cloud %}, you'll create an enterprise account as part of the process. See "[AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud)."
 * If you currently use {% data variables.product.prodname_ghe_cloud %} with a single organization, you can upgrade to an enterprise account by following the steps later in this article.
 
-You'll **need help** creating an enterprise account for:
+You'll **need help** creating an enterprise account if you require:
 
 * {% data variables.product.prodname_ghe_server %}
+* {% data variables.enterprise.data_residency %}
 * Invoicing
-* Managing {% data variables.product.prodname_copilot_for_business %} licenses without adopting {% data variables.product.prodname_enterprise %}
+* A dedicated enterprise for managing {% data variables.product.prodname_copilot_for_business %} licenses without adopting {% data variables.product.prodname_enterprise %}
 
 In these cases, contact {% data variables.contact.contact_enterprise_sales %}.
 

content/admin/managing-your-enterprise-account/deleting-an-enterprise-account.md

@@ -14,7 +14,13 @@ redirect_from:
   - /admin/overview/deleting-an-enterprise-account
 ---
 
-## About enterprise account deletion
+## Can I delete my enterprise account?
+
+You can only delete your enterprise account if your enterprise uses personal accounts on {% data variables.product.prodname_dotcom_the_website %}, and your business pays by credit card or PayPal.
+
+If your company uses {% data variables.product.prodname_emus %} or pays via invoice, and you want to stop paying for {% data variables.product.prodname_enterprise %} altogether, contact {% data variables.contact.contact_enterprise_sales %}.
+
+## What happens when I delete the account?
 
 Deleting your enterprise account cancels the enterprise license and removes the enterprise account from {% data variables.product.prodname_dotcom %}.
 
@@ -22,10 +28,6 @@ If there are any outstanding balances on your account, you will be charged a one
 
 When you delete your enterprise account, you lose the policies, billing settings, and user roles you've configured. You do not lose data like repositories or packages, unless you choose to delete the organizations that contain that data.
 
-If you want to restore an enterprise account that you have deleted, you must contact {% data variables.contact.contact_support %}.
-
-You can only delete your enterprise account if your company pays by credit card or PayPal. If your company pays via invoice and you want to stop paying for {% data variables.product.prodname_enterprise %} altogether, contact {% data variables.contact.contact_enterprise_sales %}.
-
 If you upgraded to an enterprise account from a single organization and then delete that enterprise account, the associated billing history will also be deleted. We recommend that you save any important billing information before deleting your enterprise account.
 
 ## Prerequisites
@@ -44,3 +46,5 @@ You must remove, transfer, or delete all organizations in the enterprise before
    {% data reusables.enterprise-accounts.billing-tab %}
    1. At the top of the page, click **Cancel trial** if your trial is active, or click **Delete trial** if your trial is expired.
    1. Follow the prompts.
+
+If you want to restore an enterprise account that you have deleted, you must contact {% data variables.contact.contact_support %}.

content/admin/overview/about-github-enterprise-cloud.md

@@ -9,15 +9,16 @@ topics:
   - Fundamentals
 ---
 
-{% data variables.product.prodname_ghe_cloud %}  is a deployment option for {% data variables.product.prodname_enterprise %}, adding advanced features to {% data variables.product.prodname_dotcom %}, including:
+{% data variables.product.prodname_ghe_cloud %} is a deployment option for {% data variables.product.prodname_enterprise %}, adding advanced features to {% data variables.product.prodname_dotcom %}, including:
 
 * SAML authentication
 * Additional {% data variables.product.prodname_actions %} minutes
-* Restrict email notifications to verified domains
+* Restriction of email notifications to verified domains
 * Privately published {% data variables.product.prodname_pages %} sites
 * {% data variables.enterprise.prodname_managed_users_caps %}
 * Repository rulesets
 * {% data variables.product.company_short %}'s compliance reports
+* The option to host your company's data in a specific region, on a unique subdomain
 
 For a full list of features included with {% data variables.product.product_name %}, see our [Pricing](https://github.com/pricing) page.
 
@@ -40,9 +41,12 @@ Documentation for both administrators and users of {% data variables.product.pro
 
 ## Can I try {% data variables.product.product_name %}?
 
-You can sign up for a free, 30-day trial of {% data variables.product.product_name %}. See "[AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud)."
+You can sign up for a free, 30-day trial of {% data variables.product.product_name %} on {% data variables.product.prodname_dotcom_the_website %}. See "[AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud)."
+
+If you require {% data variables.enterprise.data_residency_short %}, contact {% data variables.contact.contact_enterprise_sales %}.
 
 ## Further reading
 
 * "[AUTOTITLE](/get-started/onboarding/getting-started-with-github-enterprise-cloud)"
+* "[AUTOTITLE](/admin/data-residency/about-github-enterprise-cloud-with-data-residency)"
 * [ {% data variables.product.prodname_roadmap %} ]( {% data variables.product.prodname_roadmap_link %} ) in the  `github/roadmap` repository

content/admin/overview/about-github-enterprise-server.md

@@ -13,6 +13,8 @@ topics:
 
 {% data variables.product.product_name %} is suitable for enterprises that are subject to regulatory compliance. It runs on your infrastructure and is governed by access and security controls that you define, such as firewalls, network policies, IAM, monitoring, and VPNs.
 
+If your main compliance requirement is for your company's data to reside in a specific region, you may want to consider {% data variables.enterprise.data_residency %}. With this option, you won't need to schedule downtime for maintenance or upgrades, and your users will have access to the latest features from {% data variables.product.prodname_dotcom_the_website %}, such as {% data variables.product.prodname_copilot %}. See "[AUTOTITLE](/enterprise-cloud@latest/admin/data-residency/about-github-enterprise-cloud-with-data-residency)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
+
 {% data variables.product.product_name %} is a deployment option for the {% data variables.product.prodname_enterprise %} plan. To learn about available features and assess other deployment options, see "[AUTOTITLE](/admin/overview/about-github-for-enterprises)."
 
 ## Features and releases

content/admin/overview/about-github-for-enterprises.md

@@ -71,8 +71,9 @@ When businesses adopt {% data variables.product.prodname_enterprise %}, their re
 
 **With {% data variables.product.prodname_ghe_cloud %}**:
 
-* Your repositories and other resources are hosted on {% data variables.product.prodname_dotcom_the_website %}.
-* To access your resources, members of your enterprise can use their personal account or, if you use {% data variables.product.prodname_emus %}, you can provision accounts for users using an external system.
+* Your repositories and other resources are hosted by {% data variables.product.company_short %}, and you'll automatically have access to the latest features and bugfixes.
+* You can choose for your enterprise to be hosted on {% data variables.product.prodname_dotcom_the_website %} or, for more control over where your company's code and data reside, on your own subdomain of {% data variables.enterprise.data_residency_site %}.
+* To access your resources, members of your enterprise can use their personal account or, if you use {% data variables.product.prodname_emus %}, you will provision accounts for users using an external system.
 
 **With {% data variables.product.prodname_ghe_server %}**:
 
@@ -94,6 +95,7 @@ When businesses adopt {% data variables.product.prodname_enterprise %}, their re
 ## Further reading
 
 * "[AUTOTITLE](/admin/overview/about-enterprise-accounts)"
+* "[AUTOTITLE](/enterprise-cloud@latest/admin/data-residency/about-github-enterprise-cloud-with-data-residency)"{% ifversion ghes %} in the {% data variables.product.prodname_ghe_cloud %} documentation{% endif %}
 * "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)"
 * "[AUTOTITLE](/support/learning-about-github-support/about-github-premium-support)"
 * "[AUTOTITLE](/enterprise-server@latest/admin/configuration/configuring-github-connect/about-github-connect)"

content/admin/overview/feature-overview-for-github-enterprise-cloud.md

@@ -0,0 +1,45 @@
+---
+title: Feature overview for GitHub Enterprise Cloud
+intro: 'Make the most of {% data variables.product.prodname_ghe_cloud %} by learning about its features.'
+shortTitle: Feature overview
+versions:
+  ghec: '*'
+type: overview
+topics:
+  - Enterprise
+  - Fundamentals
+---
+
+{% data variables.product.prodname_ghe_cloud %} is a developer platform that supports the entire software development lifecycle, including planning work, automating tests and deployments, and keeping code secure.
+
+This article provides an overview and links to more information for some of {% data variables.product.github %}'s major features.
+
+## Features for administrators
+
+| Goal | More information |
+| :- | :- |
+| View people in your enterprise | "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise)" |
+| Implement governance and enforce policies | "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise)" |
+| Communicate information to users | "[AUTOTITLE](/admin/managing-accounts-and-repositories/communicating-information-to-users-in-your-enterprise)"
+| Introduce continuous integration and continuous deployment (CI/CD) at scale | "[AUTOTITLE](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise)" |
+| Ensure code quality and security at scale | "[AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale)" |
+| Audit, understand, and troubleshoot user activity | "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise)" |
+
+## Features for developers
+
+| Goal | More information |
+| :- | :- |
+| Store and collaborate on code | <ul><li>"[AUTOTITLE](/repositories/creating-and-managing-repositories/about-repositories)"</li><li>"[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests)"</li><li>"[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/getting-started/best-practices-for-pull-requests)"</li></ul> |
+| Protect important branches in repositories | "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets)" |
+| Organize and manage access to repositories | <ul><li>"[AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/about-organizations)"</li><li>"[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-organizations-in-your-enterprise/best-practices-for-structuring-organizations-in-your-enterprise)"</li><li>"[AUTOTITLE](/organizations/organizing-members-into-teams/about-teams)"</li></ul> |
+| Receive, customize, triage, and manage updates about activity | "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/about-notifications)" |
+| Format and structure text in comments | "[AUTOTITLE](/get-started/writing-on-github)" |
+| Search for code | "[AUTOTITLE](/search-github/github-code-search/using-github-code-search)" |
+| Configure continuous integration and continuous delivery (CI/CD) using {% data variables.product.prodname_actions %}  | <ul><li>"[AUTOTITLE](/actions/automating-builds-and-tests/about-continuous-integration)"</li><li>"[AUTOTITLE](/actions/deployment/about-deployments/about-continuous-deployment)"</li></ul> |
+| Improve code quality and security | "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security#about-advanced-security-features)" |
+| Plan and track work | <ul><li>"[AUTOTITLE](/issues/tracking-your-work-with-issues/about-issues)"</li><li>"[AUTOTITLE](/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects)"</li></ul> |
+| Subscribe to events using webhooks | "[AUTOTITLE](/webhooks/using-webhooks/creating-webhooks)" |
+| Extend, customize, and automate | "[AUTOTITLE](/rest/overview/comparing-githubs-rest-api-and-graphql-api)" |
+| Triage, collaborate, and manage work using a desktop application | "[AUTOTITLE](/desktop/overview/about-github-desktop)" |
+| Triage, collaborate, and manage work using a mobile application | "[AUTOTITLE](/get-started/using-github/github-mobile)" |
+| Triage, collaborate, and manage work using the command-line interface | "[AUTOTITLE](/github-cli/github-cli/about-github-cli)" |

content/admin/overview/index.md

@@ -10,6 +10,7 @@ children:
   - /about-github-for-enterprises
   - /about-github-enterprise-cloud
   - /setting-up-a-trial-of-github-enterprise-cloud
+  - /feature-overview-for-github-enterprise-cloud
   - /about-github-enterprise-server
   - /setting-up-a-trial-of-github-enterprise-server
   - /about-upgrades-to-new-releases

content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md

@@ -18,6 +18,8 @@ shortTitle: Enterprise Cloud trial
 
 You can set up a trial to evaluate the additional features that come with {% data variables.product.prodname_ghe_cloud %}, such as SAML single sign-on (SSO), internal repositories, and audit log streaming. For a list of available features, see our [Pricing](https://github.com/pricing) page.
 
+Your trial **won't** include {% data variables.enterprise.data_residency_short %} on {% data variables.enterprise.data_residency_site %} or access to {% data variables.product.prodname_ghe_server %}. To test these features, contact {% data variables.contact.contact_enterprise_sales %}.
+
 <a href="https://github.com/account/enterprises/new?ref_cta=GHEC+trial&ref_loc=setting+up+a+trial+of+github+enterprise+cloud&ref_page=docs" target="_blank" class="btn btn-primary mt-3 mr-3 no-underline"><span>Set up a trial of {% data variables.product.prodname_ghe_cloud %}</span> {% octicon "link-external" height:16 %}</a>
 
 To set up a trial, you must be signed in to a personal account. If you don't have a personal account, see "[AUTOTITLE](/free-pro-team@latest/get-started/start-your-journey/creating-an-account-on-github)."
@@ -38,7 +40,6 @@ The trial lasts for **{% data reusables.enterprise.ghec-trial-length %} days** a
 
 ## Features not included in the trial
 
-* {% data variables.product.prodname_ghe_server %}
 * {% data variables.product.prodname_github_codespaces %}
 * {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %}
 * {% data variables.product.prodname_sponsors %}