Docs update for retaining membership to orgs without 2FA (#52520)

Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com>
This commit is contained in:
Maya Messinger 2024-11-06 17:01:55 -06:00 коммит произвёл GitHub
Родитель 491718775a
Коммит df6b400c77
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
9 изменённых файлов: 30 добавлений и 37 удалений

Просмотреть файл

@ -37,11 +37,7 @@ Since an email address can only be associated with a single {% data variables.pr
1. Navigate to [https://github.com/login](https://github.com/login).
1. To prompt two-factor authentication, type your username and password, then click **Sign in**.
1. Under "Unable to verify with your security key?", click **Use a recovery code or request a reset**.
{% ifversion 2fa-reconfiguration-inline-update %}
1. Under "Locked out?", click **Recover your account or unlink an email address**.
{% else %}
1. On the "Two-factor recovery" screen, click **Try recovering your account**.
{% endif %}
1. In the modal that appears, click **I understand, get started**.
1. To send an email containing a one-time password to each email address associated with your account, click **Send one-time password**.
1. To verify your identity, type the one-time password from your email in the "One-time password" text field, then click **Verify email address**.

Просмотреть файл

@ -34,9 +34,10 @@ Before you require use of two-factor authentication, we recommend notifying orga
**Warnings:**
* When your require two-factor authentication, members and outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can [reinstate their access privileges and settings](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
* When 2FA is required, organization members or outside collaborators who disable 2FA will automatically be removed from the organization.
* If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization.
* When you require two-factor authentication, members who do not use 2FA will not be able to access your enterprise resources until they enable 2FA on their account. They will retain membership even without 2FA, including occupying seats in your enterprise and organizations.
* When your require two-factor authentication, outside collaborators (including bot accounts) who do not use 2FA will be removed from the enterprise and its organization and lose access to repositories, including their forks of private repositories. If they enable 2FA for their personal account within three months of being removed from the organization, you can [reinstate their access privileges and settings](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).
* When two-factor authentication is required, outside collaborators who disable 2FA will automatically be removed from the enterprise and its organizations. {% ifversion fpt or ghec %}Members and billing managers{% else %}Members{% endif %} who disable 2FA will not be able to access your enterprise and organization resources until they re-enable it.
* If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required 2FA for the organization.
{% endwarning %}
@ -55,17 +56,17 @@ To view people who were automatically removed from your organization for non-com
{% data reusables.audit_log.octicon_icon %}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.audit_log.audit_log_sidebar_for_site_admins %}
1. Enter your search query using `reason:two_factor_requirement_non_compliance`. To narrow your search for:
* Organizations members removed, enter `action:org.remove_member AND reason:two_factor_requirement_non_compliance`
* Outside collaborators removed, enter `action:org.remove_outside_collaborator AND reason:two_factor_requirement_non_compliance`
You can also view people removed from a particular organization by using the organization name in your search:
* `org:octo-org AND reason:two_factor_requirement_non_compliance`
1. Click **Search**.
## Helping removed members and outside collaborators rejoin your organization
## Helping removed outside collaborators rejoin your organization
If any members or outside collaborators are removed from the organization when you enable required use of two-factor authentication, they'll receive an email notifying them that they've been removed. They should then enable 2FA for their personal account, and contact an organization owner to request access to your organization.
If any outside collaborators are removed from the organization when you enable required use of two-factor authentication, they'll receive an email notifying them that they've been removed. They should then enable 2FA for their personal account, and contact an organization owner to request access to your organization.
## Further reading

Просмотреть файл

@ -9,7 +9,9 @@ redirect_from:
- /authentication/securing-your-account-with-two-factor-authentication-2fa/changing-two-factor-authentication-delivery-methods-for-your-mobile-device
- /authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-preferred-two-factor-authentication-method
versions:
feature: 2fa-reconfiguration-inline-update
fpt: '*'
ghes: '*'
ghec: '*'
topics:
- 2FA
shortTitle: Change 2FA method

Просмотреть файл

@ -26,7 +26,7 @@ In addition to securely storing your two-factor authentication (2FA) recovery co
To keep your account secure, don't share or distribute your recovery codes. We recommend saving them with a secure password manager.
If you generate new recovery codes or disable and re-enable 2FA, the recovery codes in your security settings automatically update.{% ifversion 2fa-reconfiguration-inline-update %} Reconfiguring your 2FA settings without disabling 2FA will not change your recovery codes.{% endif %}
If you generate new recovery codes or disable and re-enable 2FA, the recovery codes in your security settings automatically update. Reconfiguring your 2FA settings without disabling 2FA will not change your recovery codes.
{% data reusables.user-settings.access_settings %}
{% data reusables.user-settings.security %}

Просмотреть файл

@ -39,18 +39,18 @@ If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}
{% warning %}
**Warning:**
* If you're a member{% ifversion fpt or ghec %}, billing manager,{% endif %} or outside collaborator to a private repository of an organization that requires two-factor authentication, you must leave the organization before you can disable 2FA.
* If you disable 2FA, you will automatically lose access to the organization and any private forks you have of the organization's private repositories. To regain access to the organization and your forks, re-enable two-factor authentication and contact an organization owner.
* If you're an outside collaborator to a private repository of an organization that requires 2FA, you must leave the organization before you can disable 2FA.
* If you're a member{% ifversion fpt or ghec %} or billing manager{% endif %} of an organization that requires 2FA, you will be unable to access that organization's resources while you have 2FA disabled.
* If you disable 2FA, you will automatically lose access to the organization. To regain access to the organization, if you're a member{% ifversion fpt or ghec %} or billing manager{% endif %}, you must re-enable 2FA. If you're an outside collaborator, you will also lose access to any private forks you have of the organization's private repositories after disabling 2FA, and must re-enable 2FA and contact an organization owner to have access restored.
{% endwarning %}
{% ifversion 2fa-reconfiguration-inline-update %}
{% note %}
**Note:** You can reconfigure your 2FA settings without disabling 2FA entirely, allowing you to keep both your recovery codes and your membership in organizations that require 2FA.
{% endnote %}
{% endif %}
## Configuring two-factor authentication using a TOTP app

Просмотреть файл

@ -40,15 +40,12 @@ To remove yourself from your organization:
{% data reusables.user-settings.access_settings %}
{% data reusables.user-settings.security %}
{% ifversion 2fa-reconfiguration-inline-update %}
1. Hover over **Enabled**, then click **Disable**.
![Screenshot of an account's 2FA settings. A green button labeled "Enabled" is outlined in orange.](/assets/images/help/2fa/disable-two-factor-authentication.png)
1. If necessary, enter your password or perform 2FA once more to disable 2FA for your {% data variables.product.prodname_dotcom %} account.
{% else %}
1. Click **Disable**.
{% endif %}
## Further reading

Просмотреть файл

@ -16,11 +16,13 @@ shortTitle: Prepare to require 2FA
---
We recommend that you notify {% ifversion fpt or ghec %}organization members, outside collaborators, and billing managers{% else %}organization members and outside collaborators{% endif %} at least one week before you require 2FA in your organization.
When you require use of two-factor authentication for your organization, members, outside collaborators, and billing managers (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories.
When you require use of two-factor authentication for your organization, outside collaborators (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories.
Members and billing managers will retain membership but not be able to access your organization resources until they enable 2FA.
Before requiring 2FA in your organization, we recommend that you:
* Enable 2FA on your personal account. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa)."
* Ask the people in your organization to set up 2FA for their accounts
* See whether users in your organization have 2FA enabled. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/viewing-whether-users-in-your-organization-have-2fa-enabled)."
* Enable 2FA for unattended or shared access accounts, such as bots and service accounts. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/managing-bots-and-service-accounts-with-two-factor-authentication)."
* Warn users that once 2FA is enabled, those without 2FA are automatically removed from the organization.
* Warn users that once 2FA is enabled, outside collaborators without 2FA are automatically removed from the organization, and members and billing managers will not be able to access your organization resources until they enable 2FA.

Просмотреть файл

@ -40,10 +40,11 @@ You can also require two-factor authentication for organizations in an enterpris
**Warnings:**
* When you require use of two-factor authentication for your organization, {% ifversion fpt or ghec %}members, outside collaborators, and billing managers{% else %}members and outside collaborators{% endif %} who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable two-factor authentication for their personal account within three months of their removal from your organization. For more information, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization)."
* You will also need to enable 2FA for unattended or shared access accounts, such as bots and service accounts. If you do not configure 2FA for these unattended accounts after you've enabled required two-factor authentication, the accounts will be removed from the organization and lose access to their repositories. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/managing-bots-and-service-accounts-with-two-factor-authentication)."
* If an organization owner, member,{% ifversion fpt or ghec %} billing manager,{% endif %} or outside collaborator disables 2FA for their personal account after you've enabled required two-factor authentication, they will automatically be removed from the organization.
* If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization.
* When you require use of two-factor authentication for your organization, {% ifversion fpt or ghec %}members and billing managers{% else %}members{% endif %} who do not use 2FA will not be able to access your organization's resources until they enable 2FA on their account. They will retain membership even without 2FA, including occupying seats in your organization.
* When you require use of two-factor authentication for your organization, outside collaborators who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable 2FA for their personal account within three months of their removal from your organization. For more information, see "[AUTOTITLE](/organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization)."
* You will also need to enable two-factor authentication for unattended or shared access accounts that are outside collaborators, such as bots and service accounts. If you do not configure 2FA for these unattended outside collaborator accounts after you've enabled required 2FA, the accounts will be removed from the organization and lose access to their repositories. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/managing-bots-and-service-accounts-with-two-factor-authentication)."
* If an outside collaborator disables two-factor authentication for their personal account after you've enabled required 2FA, they will automatically be removed from the organization.
* If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required 2FA for the organization.
{% endwarning %}
@ -51,7 +52,7 @@ You can also require two-factor authentication for organizations in an enterpris
## Prerequisites
Before you can require {% ifversion fpt or ghec %}organization members, outside collaborators, and billing managers{% else %}organization members and outside collaborators{% endif %} to use two-factor authentication, you must enable two-factor authentication for your account on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa)."
Before you can require {% ifversion fpt or ghec %}organization members, outside collaborators, and billing managers{% else %}organization members and outside collaborators{% endif %} to use two-factor authentication, you must enable 2FA for your account on {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa)."
Before you require use of two-factor authentication, we recommend notifying {% ifversion fpt or ghec %}organization members, outside collaborators, and billing managers{% else %}organization members and outside collaborators{% endif %} and asking them to set up 2FA for their accounts. You can see if members and outside collaborators already use 2FA. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/viewing-whether-users-in-your-organization-have-2fa-enabled)."
@ -63,7 +64,7 @@ Before you require use of two-factor authentication, we recommend notifying {% i
{% data reusables.organizations.require_two_factor_authentication %}
{% data reusables.organizations.removed_outside_collaborators %}
{% ifversion fpt or ghec %}
1. If any members or outside collaborators are removed from the organization, we recommend sending them an invitation that can reinstate their former privileges and access to your organization. They must enable two-factor authentication before they can accept your invitation.
1. If any outside collaborators are removed from the organization, we recommend sending them an invitation that can reinstate their former privileges and access to your organization. They must enable two-factor authentication before they can accept your invitation.
{% endif %}
## Viewing people who were removed from your organization
@ -74,15 +75,13 @@ To view people who were automatically removed from your organization for non-com
{% data reusables.profile.org_settings %}
{% data reusables.audit_log.audit_log_sidebar_for_org_admins %}
1. Enter your search query. To search for:
* Organization members removed, use `action:org.remove_member` in your search query
* Outside collaborators removed, use `action:org.remove_outside_collaborator` in your search query{% ifversion fpt or ghec %}
* Billing managers removed, use `action:org.remove_billing_manager`in your search query{% endif %}
* Outside collaborators removed, use `action:org.remove_outside_collaborator` in your search query
You can also view people who were removed from your organization by using a [time frame](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#search-based-on-time-of-action) in your search.
## Helping removed members and outside collaborators rejoin your organization
## Helping removed outside collaborators rejoin your organization
If any members or outside collaborators are removed from the organization when you enable required use of two-factor authentication, they'll receive an email notifying them that they've been removed. They should then enable 2FA for their personal account, and contact an organization owner to request access to your organization.
If any outside collaborators are removed from the organization when you enable required use of two-factor authentication, they'll receive an email notifying them that they've been removed. They should then enable 2FA for their personal account, and contact an organization owner to request access to your organization.
## Further reading

Просмотреть файл

@ -1,7 +1,3 @@
{% ifversion 2fa-reconfiguration-inline-update %}
1. Next to "Recovery codes," click **View**.
![Screenshot of the recovery options in the 2FA settings. A gray button, labeled "View", is outlined in orange.](/assets/images/help/2fa/view-recovery-codes-button.png)
{% else %}
1. Next to "Recovery codes," click **Show**.
{% endif %}