Merge branch 'main' into document-npm-run-build

.github/allowed-actions.js

@@ -4,17 +4,13 @@
 // can be added it this list.
 
 module.exports = [
-  'actions/cache@70655ec8323daeeaa7ef06d7c56e1b9191396cbe',
-  'actions/cache@d1255ad9362389eac595a9ae406b8e8cb3331f16',
-  'actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675',
-  'actions/github-script@5d03ada4b0a753e9460b312e61cc4f8fdeacf163',
-  'actions/github-script@6e5ee1dc1cb3740e5e5e76ad668e3f526edbfe45',
-  'actions/github-script@44b873bc975058192f5279ebe7579496381f575d',
-  'actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9',
-  'actions/labeler@5f867a63be70efff62b767459b009290364495eb',
-  'actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d',
-  'actions/setup-ruby@5f29a1cd8dfebf420691c4c9a0e832e2fae5a526',
-  'actions/stale@44f9eae0adddf72dbf3eedfacc999f70afcec1a8',
+  'actions/cache@d1255ad9362389eac595a9ae406b8e8cb3331f16', //actions/cache@v2.1.2
+  'actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675', //actions/checkout@v2.3.3
+  'actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9', //actions/script@v3.0.0
+  'actions/labeler@5f867a63be70efff62b767459b009290364495eb', //actions/labeler@v2.2.0
+  'actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d', //actions/setup-node@v1.4.4
+  'actions/setup-ruby@5f29a1cd8dfebf420691c4c9a0e832e2fae5a526', //actions/setup-ruby@v1.1.2
+  'actions/stale@44f9eae0adddf72dbf3eedfacc999f70afcec1a8', //actions/stale@v3.0.12
   'crowdin/github-action@fd9429dd63d6c0f8a8cb4b93ad8076990bd6e688',
   'dawidd6/action-delete-branch@47743101a121ad657031e6704086271ca81b1911',
   'docker://chinthakagodawita/autoupdate-action:v1',

.github/workflows/codeql.yml

@@ -8,10 +8,6 @@ on:
 
 jobs:
   build:
-
-    strategy:
-      fail-fast: false
-
     runs-on: ubuntu-latest 
 
     steps:

.github/workflows/dry-run-sync-algolia-search-indices.yml

@@ -0,0 +1,31 @@
+name: (Dry run) Algolia
+
+on:
+  workflow_dispatch:
+
+jobs:
+  updateIndices:
+    name: (Dry run) Update indices
+    if: github.repository == 'github/docs-internal'
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout
+      uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
+    - uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
+      with:
+        node-version: 14.x
+    - name: cache node modules
+      uses: actions/cache@d1255ad9362389eac595a9ae406b8e8cb3331f16
+      with:
+        path: ~/.npm
+        key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-node-
+    - name: npm ci
+      run: npm ci
+    - name: (Dry run) sync indices
+      env:
+        ALGOLIA_APPLICATION_ID: ${{ secrets.ALGOLIA_APPLICATION_ID }}
+        ALGOLIA_API_KEY: ${{ secrets.ALGOLIA_API_KEY }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: npm run sync-search-dry-run

.github/workflows/first-responder-docs-content.yml

@@ -11,7 +11,7 @@ jobs:
 
     steps:
     - name: Check if the event originated from a team member
-      uses: actions/github-script@44b873bc975058192f5279ebe7579496381f575d
+      uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
       id: set-result
       with:
         github-token: ${{secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES}}
@@ -53,12 +53,12 @@ jobs:
 
   first-responder-remove-pr:
     name: Remove PR from FR project board
-    if: github.repository == 'github/docs-internal' && (github.event.label.name == 'docs-content-fr' && github.event.action == 'unlabeled') || github.event.action == 'closed'
+    if: github.repository == 'github/docs-internal' && ((github.event.label.name == 'docs-content-fr' && github.event.action == 'unlabeled') || github.event.action == 'closed')
     runs-on: ubuntu-latest
 
     steps:
     - name: Remove card from project
-      uses: actions/github-script@44b873bc975058192f5279ebe7579496381f575d
+      uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
       with:
         github-token: ${{secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES}}
         result-encoding: string

.github/workflows/send-eng-issues-to-backlog.yml

@@ -12,7 +12,7 @@ jobs:
     steps:
     - name: Add issues with engineering label to project board
       if: contains(github.event.issue.labels.*.name, 'engineering') || contains(github.event.issue.labels.*.name, 'design') || contains(github.event.issue.labels.*.name, 'Design')
-      uses: actions/github-script@44b873bc975058192f5279ebe7579496381f575d
+      uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
       with:
           github-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }} 
           script: |

.github/workflows/start-new-engineering-pr-workflow.yml

@@ -1,7 +1,7 @@
 name: Start new engineering PR workflow
 
 on: 
-  pull_request: 
+  pull_request_target:
     types: [opened, reopened]
     
 jobs:
@@ -12,8 +12,7 @@ jobs:
       DRAFT_COLUMN_ID: 10095775
       REGULAR_COLUMN_ID: 10095779
     steps:
-    - name: 
-      uses: actions/github-script@44b873bc975058192f5279ebe7579496381f575d
+    - uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
       continue-on-error: true
       with:
           github-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}

.github/workflows/sync-algolia-search-indices.yml

@@ -18,7 +18,7 @@ jobs:
       with:
         node-version: 14.x
     - name: cache node modules
-      uses: actions/cache@70655ec8323daeeaa7ef06d7c56e1b9191396cbe
+      uses: actions/cache@d1255ad9362389eac595a9ae406b8e8cb3331f16
       with:
         path: ~/.npm
         key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}

.github/workflows/test-translations.yml

@@ -77,3 +77,5 @@ jobs:
 
       - name: Run tests
         run: npx jest tests/${{ matrix.test-group }}/
+        env:
+          NODE_OPTIONS: "--max_old_space_size=4096"

.github/workflows/test-windows.yml

@@ -47,3 +47,5 @@ jobs:
 
       - name: Run tests
         run: npx jest tests/${{ matrix.test-group }}/
+        env:
+          NODE_OPTIONS: "--max_old_space_size=4096"

.github/workflows/test.yml

@@ -116,6 +116,8 @@ jobs:
       - if: ${{ needs.see_if_should_skip.outputs.should_skip != 'true' }}
         name: Run tests
         run: npx jest tests/${{ matrix.test-group }}/
+        env:
+          NODE_OPTIONS: "--max_old_space_size=4096"
 
       - name: Send Slack notification if workflow fails
         uses: rtCamp/action-slack-notify@e17352feaf9aee300bf0ebc1dfbf467d80438815

.github/workflows/translations.yml

@@ -24,7 +24,7 @@ jobs:
         branch: translations
     - if: ${{ steps.pr.outputs.number }}
       name: Check if already labeled
-      uses: actions/github-script@5d03ada4b0a753e9460b312e61cc4f8fdeacf163
+      uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
       id: has-label
       with:
         script: |
@@ -44,7 +44,7 @@ jobs:
         number: ${{ steps.pr.outputs.number }}
     - if: ${{ !steps.has-label.outputs.result }}
       name: Add automerge label
-      uses: actions/github-script@5d03ada4b0a753e9460b312e61cc4f8fdeacf163
+      uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
         script: |

.github/workflows/triage-issue-comments.yml

@@ -10,7 +10,7 @@ jobs:
 
     steps:
     - name: Check if the event originated from a team member
-      uses: actions/github-script@6e5ee1dc1cb3740e5e5e76ad668e3f526edbfe45
+      uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
       id: is-internal-contributor
       with:
         github-token: ${{secrets.GITHUB_TOKEN}}

CONTRIBUTING.md

@@ -45,7 +45,7 @@ When you're done making changes and you'd like to propose them for review, use t
 ### Your PR is merged!
 Congratulations! The whole GitHub community thanks you. :sparkles:
 
-Once your PR is merged, you can be added as a contributor in the [readme](README.md#contributors-).
+Once your PR is merged, you will be proudly listed as a contributor in the [contributor chart](https://github.com/github/docs/graphs/contributors).
 
 ### Keep contributing as you use GitHub Docs
 

content/README.md

@@ -166,6 +166,12 @@ featuredLinks:
 - Type: `Boolean`. Default is `false`.
 - Optional.
 
+### `changelog`
+
+- Purpose: Render a list of changelog items with timestamps on product pages (ex: `layouts/product-landing.html`)
+- Type: `Array`, items are objects `{ href: string, title: string, date: 'YYYY-MM-DD' }`
+- Optional.
+
 ### Escaping single quotes
 
 If you see two single quotes in a row (`''`) in YML frontmatter where you might expect to see one (`'`), this is the YML-preferred way to escape a single quote. From [the YAML spec](https://yaml.org/spec/history/2001-12-10.html):

content/actions/guides/about-continuous-integration.md

@@ -14,7 +14,7 @@ versions:
 
 {% data reusables.actions.enterprise-beta %}
 {% data reusables.actions.enterprise-github-hosted-runners %}
-
+ 
 ### About continuous integration
 
 Continuous integration (CI) is a software practice that requires frequently committing code to a shared repository. Committing code more often detects errors sooner and reduces the amount of code a developer needs to debug when finding the source of an error. Frequent code updates also make it easier to merge changes from different members of a software development team. This is great for developers, who can spend more time writing code and less time debugging errors or resolving merge conflicts.

content/actions/guides/building-and-testing-powershell.md

@@ -0,0 +1,236 @@
+---
+title: Building and testing PowerShell
+intro: You can create a continuous integration (CI) workflow to build and test your PowerShell project.
+product: '{% data reusables.gated-features.actions %}'
+versions:
+  free-pro-team: '*'
+  enterprise-server: '>=2.22'
+---
+
+{% data reusables.actions.enterprise-beta %}
+{% data reusables.actions.enterprise-github-hosted-runners %}
+
+### Introduction
+
+This guide shows you how to use PowerShell for CI. It describes how to use Pester, install dependencies, test your module, and publish to the PowerShell Gallery.
+
+{% data variables.product.prodname_dotcom %}-hosted runners have a tools cache with pre-installed software, which includes PowerShell and Pester. For a full list of up-to-date software and the pre-installed versions of PowerShell and Pester, see "[Specifications for {% data variables.product.prodname_dotcom %}-hosted runners](/actions/reference/specifications-for-github-hosted-runners/#supported-software)".
+
+### Prerequisites
+
+You should be familiar with YAML and the syntax for {% data variables.product.prodname_actions %}. For more information, see "[Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)."
+
+We recommend that you have a basic understanding of PowerShell and Pester. For more information, see:
+- [Getting started with PowerShell](https://docs.microsoft.com/en-us/powershell/scripting/learn/ps101/01-getting-started)
+- [Pester](https://pester.dev)
+
+{% data reusables.actions.enterprise-setup-prereq %}
+
+### Adding a workflow for Pester
+
+To automate your testing with PowerShell and Pester, you can add a workflow that runs every time a change is pushed to your repository. In the following example, `Test-Path` is used to check that a file called `resultsfile.log` is present. 
+
+This example workflow file must be added to your repository's `.github/workflows/` directory:
+
+{% raw %}
+```yaml
+name: Test PowerShell on Ubuntu
+on: push
+
+jobs:
+  pester-test:
+    name: Pester test
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out repository code
+      uses: actions/checkout@v2
+    - name: Perform a Pester test from the command-line
+      shell: pwsh
+      run: Test-Path resultsfile.log | Should -Be $true
+    - name: Perform a Pester test from the Tests.ps1 file
+      shell: pwsh
+      run: |
+        Invoke-Pester Unit.Tests.ps1 -Passthru
+```
+{% endraw %}
+
+* `shell: pwsh` - Configures the job to use PowerShell when running the `run` commands.
+* `run: Test-Path resultsfile.log` - Check whether a file called `resultsfile.log` is present in the repository's root directory. 
+* `Should -Be $true` - Uses Pester to define an expected result. If the result is unexpected, then {% data variables.product.prodname_actions %} flags this as a failed test. For example:
+
+  ![Failed Pester test](/assets/images/help/repository/actions-failed-pester-test.png)
+
+* `Invoke-Pester Unit.Tests.ps1 -Passthru` - Uses Pester to execute tests defined in a file called `Unit.Tests.ps1`. For example, to perform the same test described above, the `Unit.Tests.ps1` will contain the following:
+  ```
+  Describe "Check results file is present" {
+      It "Check results file is present" {
+          Test-Path resultsfile.log | Should -Be $true
+      }
+  }
+  ```
+
+### PowerShell module locations
+
+The table below describes the locations for various PowerShell modules in each {% data variables.product.prodname_dotcom %}-hosted runner.
+
+|| Ubuntu | macOS | Windows |
+|------|-------|------|----------|
+|**PowerShell system modules** |`/opt/microsoft/powershell/7/Modules/*`|`/usr/local/microsoft/powershell/7/Modules/*`|`C:\program files\powershell\7\Modules\*`|
+|**PowerShell add-on modules**|`/usr/local/share/powershell/Modules/*`|`/usr/local/share/powershell/Modules/*`|`C:\Modules\*`|
+|**User-installed modules**|`/home/runner/.local/share/powershell/Modules/*`|`/Users/runner/.local/share/powershell/Modules/*`|`C:\Users\runneradmin\Documents\PowerShell\Modules\*`|
+
+### Installing dependencies
+
+{% data variables.product.prodname_dotcom %}-hosted runners have PowerShell 7 and Pester installed. You can use `Install-Module` to install additional dependencies from the PowerShell Gallery before building and testing your code. 
+
+{% note %}
+
+**Note:** The pre-installed packages (such as Pester) used by {% data variables.product.prodname_dotcom %}-hosted runners are regularly updated, and can introduce signficant changes. As a result, it is recommended that you always specify the required package versions by using `Install-Module` with `-MaximumVersion`.
+
+{% endnote %}
+
+You can also cache dependencies to speed up your workflow. For more information, see "[Caching dependencies to speed up your workflow](/actions/automating-your-workflow-with-github-actions/caching-dependencies-to-speed-up-workflows)."
+
+For example, the following job installs the `SqlServer` and `PSScriptAnalyzer` modules:
+
+{% raw %}
+```yaml
+jobs:
+  install-dependencies:
+    name: Install dependencies
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Install from PSGallery
+      shell: pwsh
+      run: |
+        Set-PSRepository PSGallery -InstallationPolicy Trusted
+        Install-Module SqlServer, PSScriptAnalyzer
+```
+{% endraw %}
+
+{% note %}
+
+**Note:** By default, no repositories are trusted by PowerShell. When installing modules from the PowerShell Gallery, you must explicitly set the installation policy for `PSGallery` to `Trusted`.
+
+{% endnote %}
+
+#### Caching dependencies
+
+You can cache PowerShell dependencies using a unique key, which allows you to restore the dependencies for future workflows with the [`cache`](https://github.com/marketplace/actions/cache) action. For more information, see "[Caching dependencies to speed up workflows](/actions/automating-your-workflow-with-github-actions/caching-dependencies-to-speed-up-workflows)."
+
+PowerShell caches its dependencies in different locations, depending on the runner's operating system. For example, the `path` location used in the following Ubuntu example will be different for a Windows operating system.
+
+{% raw %}
+```yaml
+steps:
+  - uses: actions/checkout@v2
+  - name: Setup PowerShell module cache
+    id: cacher
+    uses: actions/cache@v2
+    with:
+      path: "~/.local/share/powershell/Modules"
+      key: ${{ runner.os }}-SqlServer-PSScriptAnalyzer
+  - name: Install required PowerShell modules
+    if: steps.cacher.outputs.cache-hit != 'true'
+    shell: pwsh
+    run: |
+      Set-PSRepository PSGallery -InstallationPolicy Trusted
+      Install-Module SqlServer, PSScriptAnalyzer -ErrorAction Stop
+```
+{% endraw %}
+
+### Testing your code
+
+You can use the same commands that you use locally to build and test your code.
+
+#### Using PSScriptAnalyzer to lint code
+
+The following example installs `PSScriptAnalyzer` and uses it to lint all `ps1` files in the repository. For more information, see [PSScriptAnalyzer on GitHub](https://github.com/PowerShell/PSScriptAnalyzer).
+
+{% raw %}
+```yaml
+  lint-with-PSScriptAnalyzer:
+    name: Install and run PSScriptAnalyzer
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Install PSScriptAnalyzer module
+      shell: pwsh
+      run: |
+            Set-PSRepository PSGallery -InstallationPolicy Trusted
+            Install-Module PSScriptAnalyzer -ErrorAction Stop
+    - name: Lint with PSScriptAnalyzer
+      shell: pwsh
+      run: |
+            Invoke-ScriptAnalyzer -Path *.ps1 -Recurse -Outvariable issues
+            $errors   = $issues.Where({$_.Severity -eq 'Error'})
+            $warnings = $issues.Where({$_.Severity -eq 'Warning'})
+            if ($errors) {
+                Write-Error "There were $($errors.Count) errors and $($warnings.Count) warnings total." -ErrorAction Stop
+            } else {
+                Write-Output "There were $($errors.Count) errors and $($warnings.Count) warnings total."
+            }
+```
+{% endraw %}
+
+### Packaging workflow data as artifacts
+
+You can upload artifacts to view after a workflow completes. For example, you may need to save log files, core dumps, test results, or screenshots. For more information, see "[Persisting workflow data using artifacts](/github/automating-your-workflow-with-github-actions/persisting-workflow-data-using-artifacts)."
+
+The following example demonstrates how you can use the `upload-artifact` action to archive the test results received from `Invoke-Pester`. For more information, see the [`upload-artifact` action](https://github.com/actions/upload-artifact).
+
+{% raw %}
+```yaml
+name: Upload artifact from Ubuntu
+
+on: [push]
+
+jobs:
+  upload-pester-results:
+    name: Run Pester and upload results
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Test with Pester
+      shell: pwsh
+      run: Invoke-Pester Unit.Tests.ps1 -Passthru | Export-CliXml -Path Unit.Tests.xml
+    - name: Upload test results
+      uses: actions/upload-artifact@v2
+      with:
+        name: ubuntu-Unit-Tests
+        path: Unit.Tests.xml
+    if: ${{ always() }}
+```
+{% endraw %}
+
+The `always()` function configures the job to continue processing even if there are test failures. For more information, see "[always](/actions/reference/context-and-expression-syntax-for-github-actions#always)."
+
+### Publishing to PowerShell Gallery
+
+You can configure your workflow to publish your PowerShell module to the PowerShell Gallery when your CI tests pass. You can use repository secrets to store any tokens or credentials needed to publish your package. For more information, see "[Creating and using encrypted secrets](/github/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)."
+
+The following example creates a package and uses `Publish-Module` to publish it to the PowerShell Gallery:
+
+{% raw %}
+```yaml
+name: Publish PowerShell Module
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  publish-to-gallery:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Build and publish
+      env:
+        NUGET_KEY: ${{ secrets.NUGET_KEY }}
+      shell: pwsh
+      run: |
+        ./build.ps1 -Path /tmp/samplemodule
+        Publish-Module -Path /tmp/samplemodule -NuGetApiKey $env:NUGET_KEY -Verbose
+```
+{% endraw %}

content/actions/guides/index.md

@@ -29,6 +29,7 @@ You can use {% data variables.product.prodname_actions %} to create custom conti
 {% link_in_list /about-continuous-integration %}
 {% link_in_list /setting-up-continuous-integration-using-workflow-templates %}
 {% link_in_list /building-and-testing-nodejs %}
+{% link_in_list /building-and-testing-powershell %}
 {% link_in_list /building-and-testing-python %}
 {% link_in_list /building-and-testing-java-with-maven %}
 {% link_in_list /building-and-testing-java-with-gradle %}

content/actions/hosting-your-own-runners/about-self-hosted-runners.md

@@ -113,7 +113,7 @@ api.github.com
 *.actions.githubusercontent.com
 ```
 
-If you use an IP address allow list for your {% data variables.product.prodname_dotcom %} organization or enterprise account, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)" or "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise-account/enforcing-security-settings-in-your-enterprise-account#using-github-actions-with-an-ip-allow-list)".
+If you use an IP address allow list for your {% data variables.product.prodname_dotcom %} organization or enterprise account, you must add your self-hosted runner's IP address to the allow list. For more information, see "[Managing allowed IP addresses for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-allowed-ip-addresses-for-your-organization#using-github-actions-with-an-ip-allow-list)" or "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account#using-github-actions-with-an-ip-allow-list)".
 
 {% else %}
 

content/actions/hosting-your-own-runners/adding-self-hosted-runners.md

@@ -50,16 +50,11 @@ You can add self-hosted runners to an enterprise, where they can be assigned to
 
 {% if currentVersion == "free-pro-team@latest" %}
 To add a self-hosted runner to an enterprise account, you must be an enterprise owner.
-{% else if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
+{% elsif enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
 To add a self-hosted runner at the enterprise level of {% data variables.product.product_location %}, you must be a site administrator.
 {% endif %}
 
-{% if currentVersion == "free-pro-team@latest" %}
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% else if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.business %}
-{% endif %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.actions-tab %}
 1. Click the **Self-hosted runners** tab.

content/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups.md

@@ -54,12 +54,7 @@ Self-hosted runners are automatically assigned to the default group when created
 
 When creating a group, you must choose a policy that grants access to all organizations in the enterprise or choose specific organizations.
 
-{% if currentVersion == "free-pro-team@latest" %}
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% else if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.business %}
-{% endif %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.actions-tab %}
 1. Click the **Self-hosted runners** tab.

content/actions/hosting-your-own-runners/removing-self-hosted-runners.md

@@ -62,18 +62,14 @@ To remove a self-hosted runner from an organization, you must be an organization
 
 {% if currentVersion == "free-pro-team@latest" %}
 To remove a self-hosted runner from an enterprise account, you must be an enterprise owner. We recommend that you also have access to the self-hosted runner machine.
-{% else if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
+{% elsif enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
 To remove a self-hosted runner at the enterprise level of {% data variables.product.product_location %}, you must be a site administrator. We recommend that you also have access to the self-hosted runner machine.
 {% endif %}
 
 {% data reusables.github-actions.self-hosted-runner-reusing %}
 
-{% if currentVersion == "free-pro-team@latest" %}
+
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% else if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21"%}
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.business %}
-{% endif %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.actions-tab %}
 {% data reusables.github-actions.self-hosted-runner-removing-a-runner %}

content/actions/index.md

@@ -4,17 +4,30 @@ shortTitle: GitHub Actions
 intro: 'Automate, customize, and execute your software development workflows right in your repository with {% data variables.product.prodname_actions %}. You can discover, create, and share actions to perform any job you''d like, including CI/CD, and combine actions in a completely customized workflow.'
 introLinks:
   quickstart: /actions/quickstart
-  learn: /actions/learn-github-actions
+  reference: /actions/reference
 featuredLinks:
+  guides:
+    - /actions/guides/setting-up-continuous-integration-using-workflow-templates
+    - /actions/guides/about-packaging-with-github-actions
   gettingStarted:
     - /actions/managing-workflow-runs
     - /actions/hosting-your-own-runners
-  guide:
-    - /actions/guides/setting-up-continuous-integration-using-workflow-templates
-    - /actions/guides/about-packaging-with-github-actions
   popular:
     - /actions/reference/workflow-syntax-for-github-actions
     - /actions/reference/events-that-trigger-workflows
+changelog:
+  - title: Self-Hosted Runner Group Access Changes
+    date: '2020-10-16'
+    href: https://github.blog/changelog/2020-10-16-github-actions-self-hosted-runner-group-access-changes/
+  - title: Ability to change retention days for artifacts and logs
+    date: '2020-10-08'
+    href: https://github.blog/changelog/2020-10-08-github-actions-ability-to-change-retention-days-for-artifacts-and-logs
+  - title: Deprecating set-env and add-path commands
+    date: '2020-10-01'
+    href: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands
+  - title: Fine-tune access to external actions
+    date: '2020-10-01'
+    href: https://github.blog/changelog/2020-10-01-github-actions-fine-tune-access-to-external-actions
 redirect_from:
   - /articles/automating-your-workflow-with-github-actions/
   - /articles/customizing-your-project-with-github-actions/
@@ -36,44 +49,8 @@ versions:
 <!-- {% link_with_intro /hosting-your-own-runners %} -->
 <!-- {% link_with_intro /reference %} -->
 
-<!-- Article links -->
-<div class="d-lg-flex gutter my-6 py-6">
-  <div class="col-12 col-lg-4 mb-4 mb-lg-0">
-    <div class="featured-links-heading pb-4">
-      <h3 class="f5 text-normal text-mono underline-dashed color-gray-5">{% data ui.toc.guides %}</h3>
-    </div>
-    <ul class="list-style-none">
-      {% for link in featuredLinks.guide %}
-        <li>{% include featured-link %}</li>
-      {% endfor %}
-    </ul>
-  </div>
-
-  <div class="col-12 col-lg-4 mb-4 mb-lg-0">
-    <div class="featured-links-heading pb-4">
-      <h3 class="f5 text-normal text-mono underline-dashed color-gray-5">{% data ui.toc.popular_articles %}</h3>
-    </div>
-    <ul class="list-style-none">
-      {% for link in featuredLinks.popular %}
-        <li>{% include featured-link %}</li>
-      {% endfor %}
-    </ul>
-  </div>
-
-  <div class="col-12 col-lg-4 mb-4 mb-lg-0">
-    <div class="featured-links-heading pb-4">
-      <h3 class="f5 text-normal text-mono underline-dashed color-gray-5">Manage workflows</h3>
-    </div>
-    <ul class="list-style-none">
-      {% for link in featuredLinks.gettingStarted %}
-        <li>{% include featured-link %}</li>
-      {% endfor %}
-    </ul>
-  </div>
-</div>
-
 <!-- Code examples -->
-<div class="mt-6 pt-6">
+<div class="my-6 pt-6">
   <h2 class="mb-2">More guides</h2>
 
   <div class="d-flex flex-wrap gutter">

content/actions/learn-github-actions/introduction-to-github-actions.md

@@ -34,7 +34,7 @@ The workflow is an automated procedure that you add to your repository. Workflow
 
 #### Events
 
-An event is a specific activity that triggers a workflow. For example, activity can originate from {% data variables.product.prodname_dotcom %} when someone pushes a commit to a repository or when an issue or pull request is created. You can also use the repository dispatch webhook to trigger a workflow when an external event occurs. For a complete list of events that can be used to trigger workflows, see [Events that trigger workflows](/actions/reference/events-that-trigger-workflows).
+An event is a specific activity that triggers a workflow. For example, activity can originate from {% data variables.product.prodname_dotcom %} when someone pushes a commit to a repository or when an issue or pull request is created. You can also use the [repository dispatch webhook](/rest/reference/repos#create-a-repository-dispatch-event) to trigger a workflow when an external event occurs. For a complete list of events that can be used to trigger workflows, see [Events that trigger workflows](/actions/reference/events-that-trigger-workflows).
 
 #### Jobs
 

content/actions/learn-github-actions/managing-complex-workflows.md

@@ -24,12 +24,13 @@ This example action demonstrates how to reference an existing secret as an envir
 ```yaml
 jobs:
   example-job:
+    runs-on: ubuntu-latest
     steps:
       - name: Retrieve secret
         env:
           super_secret: ${{ secrets.SUPERSECRET }}
         run: |
-          example-command "$SUPER_SECRET"
+          example-command "$super_secret"
 ```
 {% endraw %}
 
@@ -49,6 +50,7 @@ jobs:
       - run: ./setup_server.sh
   build:
     needs: setup
+    runs-on: ubuntu-latest
     steps:
       - run: ./build_server.sh
   test:
@@ -141,7 +143,7 @@ This example shows how a workflow can use labels to specify the required runner:
 ```yaml
 jobs:
   example-job:
-      runs-on: [self-hosted, linux, x64, gpu]
+    runs-on: [self-hosted, linux, x64, gpu]
 ```
 
 For more information, see  ["Using labels with self-hosted runners](/actions/hosting-your-own-runners/using-labels-with-self-hosted-runners)."

content/actions/learn-github-actions/migrating-from-jenkins-to-github-actions.md

@@ -232,12 +232,19 @@ Jenkins Pipeline
 
   ```yaml
 pipeline {
-  agent none
-  stages {
-    stage('Run Tests') {
-      parallel {
-        stage('Test On MacOS') {
-          agent { label "macos" }
+agent none
+stages {
+  stage('Run Tests') {
+    matrix {
+      axes {
+        axis {
+          name: 'PLATFORM'
+          values: 'macos', 'linux'
+        }
+      }
+      agent { label "${PLATFORM}" }
+      stages {
+        stage('test') {
           tools { nodejs "node-12" }
           steps {
             dir("scripts/myapp") {
@@ -246,19 +253,10 @@ pipeline {
             }
           }
         }
-        stage('Test On Linux') {
-          agent { label "linux" }
-          tools { nodejs "node-12" }
-          steps {
-            dir("script/myapp") {
-              sh(script: "npm install -g bats")
-              sh(script: "bats tests")
-            }
-          }
-        }
       }
     }
   }
+}
 }
   ```
 

content/actions/reference/usage-limits-billing-and-administration.md

@@ -64,7 +64,7 @@ For more information, see:
 
 - [Configuring the retention period for {% data variables.product.prodname_actions %} for artifacts and logs in your repository](/github/administering-a-repository/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-repository)
 - [Configuring the retention period for {% data variables.product.prodname_actions %} for artifacts and logs in your organization](/github/setting-up-and-managing-organizations-and-teams/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization)
-- [Configuring the retention period for {% data variables.product.prodname_actions %} for artifacts and logs in your enterprise](/github/setting-up-and-managing-your-enterprise-account/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account)
+- [Configuring the retention period for {% data variables.product.prodname_actions %} for artifacts and logs in your enterprise](/github/setting-up-and-managing-your-enterprise/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account)
 {% endif %}
 
 ### Disabling or limiting {% data variables.product.prodname_actions %} for your repository or organization
@@ -74,7 +74,7 @@ For more information, see:
 For more information, see:
 - "[Disabling or limiting {% data variables.product.prodname_actions %} for a repository](/github/administering-a-repository/disabling-or-limiting-github-actions-for-a-repository)"
 - "[Disabling or limiting {% data variables.product.prodname_actions %} for your organization](/github/setting-up-and-managing-organizations-and-teams/disabling-or-limiting-github-actions-for-your-organization)"{% if currentVersion == "free-pro-team@latest" %}
-- "[Enforcing {% data variables.product.prodname_actions %} policies in your enterprise account](/github/setting-up-and-managing-your-enterprise-account/enforcing-github-actions-policies-in-your-enterprise-account)" for {% data variables.product.prodname_ghe_cloud %}{% endif %}
+- "[Enforcing {% data variables.product.prodname_actions %} policies in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-github-actions-policies-in-your-enterprise-account)" for {% data variables.product.prodname_ghe_cloud %}{% endif %}
 
 ### Disabling and enabling workflows
 

content/admin/authentication/about-identity-and-access-management-for-your-enterprise.md

@@ -0,0 +1,27 @@
+---
+title: About identity and access management for your enterprise
+shortTitle: About identity and access management
+intro: 'You can use {% if enterpriseServerVersions contains currentVersion %}{% data variables.product.prodname_ghe_server %}''s built-in authentication, or choose between CAS, LDAP, or SAML{% else %}SAML single sign-on (SSO) and System for Cross-domain Identity Management (SCIM){% endif %} to centrally manage access {% if currentVersion == "free-pro-team@latest" %}to organizations owned by your enterprise on {% data variables.product.prodname_dotcom_the_website %}{% endif %}{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}to {% data variables.product.product_location %}{% endif %}.'
+product: '{% data reusables.gated-features.saml-sso %}'
+versions:
+  github-ae: '*'
+---
+
+### About identity and access management for your enterprise
+
+{% if currentVersion == "github-ae@latest" %}
+
+{% data reusables.saml.ae-uses-saml-sso %} {% data reusables.saml.ae-enable-saml-sso-during-bootstrapping %}
+
+After you configure the application for {% data variables.product.product_name %} on your IdP, you can grant access to {% data variables.product.product_location %} by assigning the application to users on your IdP. For more information about SAML SSO for {% data variables.product.product_name %}, see "[Configuring SAML single sign-on for your enterprise](/admin/authentication/configuring-saml-single-sign-on-for-your-enterprise)."
+
+{% data reusables.scim.after-you-configure-saml %} For more information, see "[Configuring user provisioning for your enterprise](/admin/authentication/configuring-user-provisioning-for-your-enterprise)."
+
+To learn how to configure both authentication and user provisioning for {% data variables.product.product_location %} with your specific IdP, see "[Configuring authentication and provisioning with your identity provider](/admin/authentication/configuring-authentication-and-provisioning-with-your-identity-provider)."
+
+{% endif %}
+
+### Further reading
+
+- [SAML Wiki](https://wiki.oasis-open.org/security) on the OASIS website
+- [System for Cross-domain Identity Management: Protocol (RFC 7644)](https://tools.ietf.org/html/rfc7644) on the IETF website

content/admin/authentication/authenticating-users-for-your-github-enterprise-server-instance.md

@@ -1,6 +1,6 @@
 ---
 title: Authenticating users for your GitHub Enterprise Server instance
-intro: 'You can use {% data variables.product.prodname_ghe_server %}''s built-in authentication, or choose between CAS, LDAP, or SAML to integrate your existing accounts and centrally manage user access to {% data variables.product.product_location_enterprise %}.'
+intro: 'You can use {% data variables.product.prodname_ghe_server %}''s built-in authentication, or choose between CAS, LDAP, or SAML to integrate your existing accounts and centrally manage user access to {% data variables.product.product_location %}.'
 redirect_from:
   - /enterprise/admin/categories/authentication/
   - /enterprise/admin/guides/installation/user-authentication/

content/admin/authentication/changing-authentication-methods.md

@@ -7,7 +7,7 @@ redirect_from:
 versions:
   enterprise-server: '*'
 ---
-User accounts on {% data variables.product.product_location_enterprise %} are preserved when you change the authentication method and users will continue to log into the same account as long as their username doesn't change.
+User accounts on {% data variables.product.product_location %} are preserved when you change the authentication method and users will continue to log into the same account as long as their username doesn't change.
 
 If the new method of authentication changes usernames, new accounts will be created. As an administrator, you can rename users through the site admin settings or by using [the User Administration API](/enterprise/{{currentVersion}}/v3/enterprise-admin/users/#rename-an-existing-user).
 
@@ -29,4 +29,4 @@ Other issues you should take into consideration include:
 
 * **Two-factor authentication:** {% data reusables.enterprise_user_management.external_auth_disables_2fa %}
 
-* **Built-in authentication for users outside your identity provider:** You can invite users to authenticate to {% data variables.product.product_location_enterprise %} without adding them to your identity provider. For more information, see "[Allowing built-in authentication for users outside your identity provider](/enterprise/{{ currentVersion }}/admin/guides/user-management/allowing-built-in-authentication-for-users-outside-your-identity-provider)."
+* **Built-in authentication for users outside your identity provider:** You can invite users to authenticate to {% data variables.product.product_location %} without adding them to your identity provider. For more information, see "[Allowing built-in authentication for users outside your identity provider](/enterprise/{{ currentVersion }}/admin/guides/user-management/allowing-built-in-authentication-for-users-outside-your-identity-provider)."

content/admin/authentication/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad.md

@@ -0,0 +1,47 @@
+---
+title: Configuring authentication and provisioning for your enterprise using Azure AD
+shortTitle: Configuring with Azure AD
+intro: You can use a tenant in Azure Active Directory (Azure AD) as an identity provider (IdP) to centrally manage authentication and user provisioning for {% data variables.product.product_location %}.
+permissions: Enterprise owners can configure authentication and provisioning for an enterprise on {% data variables.product.product_name %}.
+product: '{% data reusables.gated-features.saml-sso %}'
+versions:
+  github-ae: '*'
+---
+
+### About authentication and user provisioning with Azure AD
+
+Azure Active Directory (Azure AD) is a service from Microsoft that allows you to centrally manage user accounts and access to web applications. For more information, see [What is Azure Active Directory?](https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis) in the Microsoft Docs.
+
+To manage identity and access for {% data variables.product.product_name %}, you can use an Azure AD tenant as a SAML IdP for authentication. You can also configure Azure AD to automatically provision accounts and access with SCIM. This configuration allows you to assign or unassign the {% data variables.product.prodname_ghe_managed %} application for a user account in your Azure AD tenant to automatically create, grant access to, or deactivate a corresponding user account on {% data variables.product.product_name %}.
+
+For more information about managing identity and access for your enterprise on {% data variables.product.product_location %}, see "[Managing identity and access for your enterprise](/admin/authentication/managing-identity-and-access-for-your-enterprise)."
+
+### Prerequisites
+
+To configure authentication and user provisioning for {% data variables.product.product_name %} using Azure AD, you must have an Azure AD account and tenant. For more information, see the [Azure AD website](https://azure.microsoft.com/en-us/free/active-directory) and [Quickstart: Create an Azure Active Directory tenant](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant) in the Microsoft Docs.
+
+{% data reusables.saml.assert-the-administrator-attribute %} For more information about including the `administrator` attribute in the SAML claim from Azure AD, see [How to: customize claims issued in the SAML token for enterprise applications](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization) in the Microsoft Docs.
+
+{% data reusables.saml.create-a-machine-user %}
+
+### Configuring authentication and user provisioning with Azure AD
+
+{% if currentVersion == "github-ae@latest" %}
+
+1. In Azure AD, add {% data variables.product.ae_azure_ad_app_link %} to your tenant and configure single sign-on.
+
+    | Value in Azure AD | Value from {% data variables.product.prodname_ghe_managed %} |
+    | :- | :- |
+    | Identifier (Entity ID) | <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em><code> |
+    | Reply URL | <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em>/saml/consume</code> |
+    | Sign on URL | <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em>/sso</code> |
+
+1. In {% data variables.product.prodname_ghe_managed %}, enter the details for your Azure AD tenant.
+
+    - {% data reusables.saml.ae-enable-saml-sso-during-bootstrapping %}
+
+    - If you've already configured SAML SSO for {% data variables.product.product_location %} using another IdP and you want to use Azure AD instead, you can edit your configuration. For more information, see "[Configuring SAML single sign-on for your enterprise](/admin/authentication/configuring-saml-single-sign-on-for-your-enterprise#editing-the-saml-sso-configuration)."
+
+1. Enable user provisioning in {% data variables.product.product_name %} and configure user provisioning in Azure AD. For more information, see "[Configuring user provisioning for your enterprise](/admin/authentication/configuring-user-provisioning-for-your-enterprise#enabling-user-provisioning-for-your-enterprise)."
+
+{% endif %}

content/admin/authentication/configuring-authentication-and-provisioning-with-your-identity-provider.md

@@ -0,0 +1,8 @@
+---
+title: Configuring authentication and provisioning with your identity provider
+intro: You can use an identity provider (IdP) that supports both SAML single sign-on (SSO) and System for Cross-domain Identity Management (SCIM) to configure authentication and user provisioning for {% data variables.product.product_location %}.
+mapTopic: true
+versions:
+  github-ae: '*'
+---
+

content/admin/authentication/configuring-saml-single-sign-on-for-your-enterprise.md

@@ -0,0 +1,105 @@
+---
+title: Configuring SAML single sign-on for your enterprise
+shortTitle: Configuring SAML SSO
+intro: You can configure SAML single sign-on (SSO) for your enterprise, which allows you to centrally control authentication for {% data variables.product.product_location %} using your identity provider (IdP).
+product: '{% data reusables.gated-features.saml-sso %}'
+permissions: Enterprise owners can configure SAML SSO for an enterprise on {% data variables.product.product_name %}.
+versions:
+  github-ae: '*'
+---
+
+### About SAML SSO
+
+{% if currentVersion == "github-ae@latest" %}
+
+SAML SSO allows you to centrally control and secure access to {% data variables.product.product_location %} from your SAML IdP. When an unauthenticated user visits {% data variables.product.product_location %} in a browser, {% data variables.product.product_name %} will redirect the user to your SAML IdP to authenticate. After the user successfully authenticates with an account on the IdP, the IdP redirects the user back to {% data variables.product.product_location %}. {% data variables.product.product_name %} validates the response from your IdP, then grants access to the user.
+
+After a user successfully authenticates on your IdP, the user's SAML session for {% data variables.product.product_location %} is active in the browser for 24 hours. After 24 hours, the user must authenticate again with your IdP.
+
+{% data reusables.saml.assert-the-administrator-attribute %}
+
+{% data reusables.scim.after-you-configure-saml %} For more information, see "[Configuring user provisioning for your enterprise](/admin/authentication/configuring-user-provisioning-for-your-enterprise)."
+
+{% endif %}
+
+### Supported identity providers
+
+{% data variables.product.product_name %} supports SAML SSO with IdPs that implement the SAML 2.0 standard. For more information, see the [SAML Wiki](https://wiki.oasis-open.org/security) on the OASIS website.
+
+{% data variables.product.company_short %} has tested SAML SSO for {% data variables.product.product_name %} with the following IdPs.
+
+{% if currentVersion == "github-ae@latest" %}
+- Azure AD
+{% endif %}
+
+### Enabling SAML SSO
+
+{% if currentVersion == "github-ae@latest" %}
+
+{% data reusables.saml.ae-enable-saml-sso-during-bootstrapping %}
+
+During initialization for {% data variables.product.product_name %}, you must configure {% data variables.product.product_name %} as a SAML Service Provider (SP) on your IdP. You must enter several unique values on your IdP to configure {% data variables.product.product_name %} as a valid SP.
+
+| Value | Other names | Description | Example |
+| :- | :- | :- | :- |
+| SP Entity ID | SP URL | Your top-level URL for {% data variables.product.prodname_ghe_managed %} | <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em></code>
+| SP Assertion Consumer Service (ACS) URL | Reply URL | URL where IdP sends SAML responses | <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em>/saml/consume</code> |
+| SP Single Sign-On (SSO) URL | | URL where IdP begins SSO |  <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em>/sso</code> |
+
+{% endif %}
+
+### Editing the SAML SSO configuration
+
+If the details for your IdP change, you'll need to edit the SAML SSO configuration for {% data variables.product.product_location %}. For example, if the certificate for your IdP expires, you can edit the value for the public certificate.
+
+{% if currentVersion == "github-ae@latest" %}
+
+{% note %}
+
+**Note**: {% data reusables.saml.contact-support-if-your-idp-is-unavailable %}
+
+{% endnote %} 
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.security-tab %}
+1. Under "SAML single sign-on", type the new details for your IdP.
+  ![Text entry fields with IdP details for SAML SSO configuration for an enterprise](/assets/images/help/saml/ae-edit-idp-details.png)
+1. Optionally, click {% octicon "pencil" aria-label="The edit icon" %} to configure a new signature or digest method.
+  ![Edit icon for changing signature and digest method](/assets/images/help/saml/ae-edit-idp-details-edit-signature-and-digest.png)
+
+    - Use the drop-down menus and choose the new signature or digest method.
+      ![Drop-down menus for choosing a new signature or digest method](/assets/images/help/saml/ae-edit-idp-details-edit-signature-and-digest-drop-down-menus.png)
+1. To ensure that the information you've entered is correct, click **Test SAML configuration**.
+  !["Test SAML configuration" button](/assets/images/help/saml/ae-edit-idp-details-test-saml-configuration.png)
+1. Click **Save**.
+    !["Save" button for SAML SSO configuration](/assets/images/help/saml/ae-edit-idp-details-save.png)
+1. Optionally, to automatically provision and deprovision user accounts for {% data variables.product.product_location %}, reconfigure user provisioning with SCIM. For more information, see "[Configuring user provisioning for your enterprise](/admin/authentication/configuring-user-provisioning-for-your-enterprise)."
+
+{% endif %}
+
+### Disabling SAML SSO
+
+{% if currentVersion == "github-ae@latest" %}
+
+{% warning %}
+
+**Warning**: If you disable SAML SSO for {% data variables.product.product_location %}, users without existing SAML SSO sessions cannot sign into {% data variables.product.product_location %}. SAML SSO sessions on {% data variables.product.product_location %} end after 24 hours.
+
+{% endwarning %}
+
+{% note %}
+
+**Note**: {% data reusables.saml.contact-support-if-your-idp-is-unavailable %}
+
+{% endnote %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.security-tab %}
+1. Under "SAML single sign-on", unselect **Enable SAML authentication**.
+  ![Checkbox for "Enable SAML authentication"](/assets/images/help/saml/ae-saml-disabled.png)
+1. To disable SAML SSO and require signing in with the built-in user account you created during initialization, click **Save**.
+    !["Save" button for SAML SSO configuration](/assets/images/help/saml/ae-saml-disabled-save.png)
+
+{% endif %}

content/admin/authentication/configuring-user-provisioning-for-your-enterprise.md

@@ -0,0 +1,72 @@
+---
+title: Configuring user provisioning for your enterprise
+shortTitle: Configuring user provisioning
+intro: You can configure System for Cross-domain Identity Management (SCIM) for your enterprise, which automatically provisions user accounts on {% data variables.product.product_location %} when you assign the application for {% data variables.product.product_location %} to a user on your identity provider (IdP).
+permissions: Enterprise owners can configure user provisioning for an enterprise on {% data variables.product.product_name %}.
+product: '{% data reusables.gated-features.saml-sso %}'
+versions:
+  github-ae: '*'
+---
+
+### About user provisioning for your enterprise
+
+{% data reusables.saml.ae-uses-saml-sso %} For more information, see "[Configuring SAML single sign-on for your enterprise](/admin/authentication/configuring-saml-single-sign-on-for-your-enterprise)."
+
+{% data reusables.scim.after-you-configure-saml %} For more information about SCIM, see [System for Cross-domain Identity Management: Protocol (RFC 7644)](https://tools.ietf.org/html/rfc7644) on the IETF website.
+
+{% if currentVersion == "github-ae@latest" %}
+
+Configuring provisioning allows your IdP to communicate with {% data variables.product.product_location %} when you assign or unassign the application for {% data variables.product.product_name %} to a user on your IdP. When you assign the application, your IdP will prompt {% data variables.product.product_location %} to create an account and send an onboarding email to the user. When you unassign the application, your IdP will communicate with {% data variables.product.product_name %} to invalidate any SAML sessions and disable the member's account.
+
+To configure provisioning for your enterprise, you must enable provisioning on {% data variables.product.product_name %}, then install and configure a provisioning application on your IdP.
+
+The provisioning application on your IdP communicates with {% data variables.product.product_name %} via our SCIM API for enterprises. For more information, see "[GitHub Enterprise administration](/rest/reference/enterprise-admin#scim)" in the {% data variables.product.prodname_dotcom %} REST API documentation.
+
+{% endif %}
+
+### Supported identity providers
+
+{% data reusables.scim.supported-idps %}
+
+### Prerequisites
+
+{% if currentVersion == "github-ae@latest" %}
+
+To automatically provision and deprovision access to {% data variables.product.product_location %} from your IdP, you must first configure SAML SSO when you initialize {% data variables.product.product_name %}. For more information, see "[Initializing {% data variables.product.prodname_ghe_managed %}](/admin/configuration/initializing-github-ae)."
+
+You must have administrative access on your IdP to configure the application for user provisioning for {% data variables.product.product_name %}.
+
+{% endif %}
+
+### Enabling user provisioning for your enterprise
+
+{% if currentVersion == "github-ae@latest" %}
+
+1. While signed into {% data variables.product.product_location %} as an enterprise owner, create a personal access token with **admin:enterprise** scope. For more information, see "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)."
+  {% note %}
+
+  **Notes**:
+    - To create the personal access token, we recommend using the account for the first enterprise owner that you created during initialization. For more information, see "[Initializing {% data variables.product.prodname_ghe_managed %}](/admin/configuration/initializing-github-ae)."
+    - You'll need this personal access token to configure the application for SCIM on your IdP. Store the token securely in a password manager until you need the token again later in these instructions.
+
+  {% endnote %}
+  {% warning %}
+
+  **Warning**: If the user account for the enterprise owner who creates the personal access token is deactivated or deprovisioned, your IdP will no longer provision and deprovision user accounts for your enterprise automatically. Another enterprise owner must create a new personal access token and reconfigure provisioning on the IdP.
+
+  {% endwarning %}
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.security-tab %}
+1. Under "SCIM User Provisioning", select **Require SCIM user provisioning**.
+  ![Checkbox for "Require SCIM user provisioning" within enterprise security settings](/assets/images/help/enterprises/settings-require-scim-user-provisioning.png)
+1. Click **Save**.
+  ![Save button under "Require SCIM user provisioning" within enterprise security settings](/assets/images/help/enterprises/settings-scim-save.png)
+1. Configure user provisioning in the application for {% data variables.product.product_name %} on your IdP. The application on your IdP requires two values to provision or deprovision user accounts on {% data variables.product.product_location %}.
+
+  | Value | Other names | Description | Example |
+  | :- | :- | :- | :- |
+  | URL | Tenant URL | URL to the SCIM provisioning API for your enterprise on {% data variables.product.prodname_ghe_managed %} | <code>https://<em>YOUR-GITHUB-AE-HOSTNAME</em>/scim/v2</code> |
+  | Shared secret | Personal access token, secret token | Token for application on your IdP to perform provisioning tasks on behalf of an enterprise owner | Personal access token you created in step 1 |
+
+{% endif %}

content/admin/authentication/index.md

@@ -1,10 +1,11 @@
 ---
 title: Authentication
-intro: 'You can use {% data variables.product.prodname_ghe_server %}''s built-in authentication, or choose between CAS, LDAP, or SAML to integrate your existing accounts and centrally manage user access to {% data variables.product.product_location_enterprise %}.'
+intro: You can configure how users sign into {% data variables.product.product_name %}.
 redirect_from:
   - /enterprise/admin/authentication
 versions:
   enterprise-server: '*'
+  github-ae: '*'
 ---
 
 
@@ -18,5 +19,9 @@ versions:
     {% link_in_list /using-ldap %}
     {% link_in_list /allowing-built-in-authentication-for-users-outside-your-identity-provider %}
     {% link_in_list /changing-authentication-methods %}
-
-
+{% topic_link_in_list /managing-identity-and-access-for-your-enterprise %}
+    {% link_in_list /about-identity-and-access-management-for-your-enterprise %}
+    {% link_in_list /configuring-saml-single-sign-on-for-your-enterprise %}
+    {% link_in_list /configuring-user-provisioning-for-your-enterprise %}
+{% topic_link_in_list /configuring-authentication-and-provisioning-with-your-identity-provider %}
+    {% link_in_list /configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad %}

content/admin/authentication/managing-identity-and-access-for-your-enterprise.md

@@ -0,0 +1,9 @@
+---
+title: Managing identity and access for your enterprise
+shortTitle: Managing identity and access
+intro: You can centrally manage accounts and access to {% data variables.product.product_location %}.
+mapTopic: true
+versions:
+  github-ae: '*'
+---
+

content/admin/authentication/using-built-in-authentication.md

@@ -1,6 +1,6 @@
 ---
 title: Using built-in authentication
-intro: 'When you use the default authentication method, all authentication details are stored within {% data variables.product.product_location_enterprise %}. Built-in authentication is the default method if you don’t already have an established authentication provider, such as LDAP, SAML, or CAS.'
+intro: 'When you use the default authentication method, all authentication details are stored within {% data variables.product.product_location %}. Built-in authentication is the default method if you don’t already have an established authentication provider, such as LDAP, SAML, or CAS.'
 redirect_from:
   - /enterprise/admin/user-management/using-built-in-authentication
   - /enterprise/admin/authentication/using-built-in-authentication

content/admin/authentication/using-cas.md

@@ -32,7 +32,7 @@ The following attributes are available.
 ### Configuring CAS
 {% warning %}
 
-**Warning:** Before configuring CAS on {% data variables.product.product_location_enterprise %}, note that users will not be able to use their CAS usernames and passwords to authenticate API requests or Git operations over HTTP/HTTPS. Instead, they will need to [create an access token](/enterprise/{{ currentVersion }}/user/articles/creating-an-access-token-for-command-line-use).
+**Warning:** Before configuring CAS on {% data variables.product.product_location %}, note that users will not be able to use their CAS usernames and passwords to authenticate API requests or Git operations over HTTP/HTTPS. Instead, they will need to [create an access token](/enterprise/{{ currentVersion }}/user/articles/creating-an-access-token-for-command-line-use).
 
 {% endwarning %}
 

content/admin/authentication/using-ldap.md

@@ -35,7 +35,7 @@ versions:
 {% data reusables.enterprise_user_management.two_factor_auth_header %}
 {% data reusables.enterprise_user_management.2fa_is_available %}
 
-### Configuring LDAP with {% data variables.product.product_location_enterprise %}
+### Configuring LDAP with {% data variables.product.product_location %}
 
 After you configure LDAP, users will be able to sign into your instance with their LDAP credentials. When users sign in for the first time, their profile names, email addresses, and SSH keys will be set with the LDAP attributes from your directory.
 
@@ -43,7 +43,7 @@ When you configure LDAP access for users via the {% data variables.enterprise.ma
 
 {% warning %}
 
-**Warning:** Before configuring LDAP on {% data variables.product.product_location_enterprise %}, make sure that your LDAP service supports paged results.
+**Warning:** Before configuring LDAP on {% data variables.product.product_location %}, make sure that your LDAP service supports paged results.
 
 {% endwarning %}
 
@@ -56,11 +56,11 @@ When you configure LDAP access for users via the {% data variables.enterprise.ma
 5. Add your configuration settings.
 
 ### LDAP attributes
-Use these attributes to finish configuring LDAP for {% data variables.product.product_location_enterprise %}.
+Use these attributes to finish configuring LDAP for {% data variables.product.product_location %}.
 
 | Attribute name           | Type     | Description |
 |--------------------------|----------|-------------|
-| `Host`                   | Required | The LDAP host, e.g. `ldap.example.com` or `10.0.0.30`. If the hostname is only available from your internal network, you may need to configure {% data variables.product.product_location_enterprise %}'s DNS first so it can resolve the hostname using your internal nameservers. |
+| `Host`                   | Required | The LDAP host, e.g. `ldap.example.com` or `10.0.0.30`. If the hostname is only available from your internal network, you may need to configure {% data variables.product.product_location %}'s DNS first so it can resolve the hostname using your internal nameservers. |
 | `Port`                   | Required | The port the host's LDAP services are listening on. Examples include: 389 and 636 (for LDAPS). |
 | `Encryption`             | Required | The encryption method used to secure communications to the LDAP server. Examples include plain (no encryption), SSL/LDAPS (encrypted from the start), and StartTLS (upgrade to encrypted communication once connected). |
 | `Domain search user`     | Optional | The LDAP user that performs user lookups to authenticate other users when they sign in. This is typically a service account created specifically for third-party integrations. Use a fully qualified name, such as `cn=Administrator,cn=Users,dc=Example,dc=com`. With Active Directory, you can also use the `[DOMAIN]\[USERNAME]` syntax (e.g. `WINDOWS\Administrator`) for the domain search user with Active Directory. |
@@ -194,7 +194,7 @@ Unless [LDAP Sync is enabled](#enabling-ldap-sync), changes to LDAP accounts are
 
 You can also [use the API to trigger a manual sync](/enterprise/{{ currentVersion }}/user/rest/reference/enterprise-admin#ldap).
 
-### Revoking access to {% data variables.product.product_location_enterprise %}
+### Revoking access to {% data variables.product.product_location %}
 
 If [LDAP Sync is enabled](#enabling-ldap-sync), removing a user's LDAP credentials will suspend their account after the next synchronization run.
 

content/admin/authentication/using-saml.md

@@ -81,13 +81,13 @@ These attributes are available. You can change the attribute names in the [manag
 
   {% endtip %}
 
-5. Select **Disable administrator demotion/promotion** if you **do not** want your SAML provider to determine administrator rights for users on {% data variables.product.product_location_enterprise %}.
+5. Select **Disable administrator demotion/promotion** if you **do not** want your SAML provider to determine administrator rights for users on {% data variables.product.product_location %}.
 ![SAML disable admin config](/assets/images/enterprise/management-console/disable-admin-demotion-promotion.png)
-6. In the **Single sign-on URL** field, type the HTTP or HTTPS endpoint on your IdP for single sign-on requests. This value is provided by your IdP configuration. If the host is only available from your internal network, you may need to [configure {% data variables.product.product_location_enterprise %} to use internal nameservers](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-dns-nameservers/).
+6. In the **Single sign-on URL** field, type the HTTP or HTTPS endpoint on your IdP for single sign-on requests. This value is provided by your IdP configuration. If the host is only available from your internal network, you may need to [configure {% data variables.product.product_location %} to use internal nameservers](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-dns-nameservers/).
 ![SAML authentication](/assets/images/enterprise/management-console/saml-single-sign-url.png)
-7. Optionally, in the **Issuer** field, type your SAML issuer's name. This verifies the authenticity of messages sent to {% data variables.product.product_location_enterprise %}.
+7. Optionally, in the **Issuer** field, type your SAML issuer's name. This verifies the authenticity of messages sent to {% data variables.product.product_location %}.
 ![SAML issuer](/assets/images/enterprise/management-console/saml-issuer.png)
-8. In the **Signature Method** and **Digest Method** drop-down menus, choose the hashing algorithm used by your SAML issuer to verify the integrity of the requests from {% data variables.product.product_location_enterprise %}. Specify the format with the **Name Identifier Format** drop-down menu.
+8. In the **Signature Method** and **Digest Method** drop-down menus, choose the hashing algorithm used by your SAML issuer to verify the integrity of the requests from {% data variables.product.product_location %}. Specify the format with the **Name Identifier Format** drop-down menu.
 ![SAML method](/assets/images/enterprise/management-console/saml-method.png)
 9. Under **Verification certificate**, click **Choose File** and choose a certificate to validate SAML responses from the IdP.
 ![SAML authentication](/assets/images/enterprise/management-console/saml-verification-cert.png)
@@ -113,7 +113,7 @@ These attributes are available. You can change the attribute names in the [manag
 
 {% endif %}
 
-### Revoking access to {% data variables.product.product_location_enterprise %}
+### Revoking access to {% data variables.product.product_location %}
 
 If you remove a user from your identity provider, you must also manually suspend them. Otherwise, they'll continue to be able to authenticate using access tokens or SSH keys. For more information, see "[Suspending and unsuspending users](/enterprise/admin/guides/user-management/suspending-and-unsuspending-users)".
 

content/admin/configuration/about-enterprise-configuration.md

@@ -0,0 +1,30 @@
+---
+title: About enterprise configuration
+intro: 'You can use the site admin dashboard{% if enterpriseServerVersions contains currentVersion %}, {% data variables.enterprise.management_console %}, and administrative shell (SSH) {% elsif currentVersion == "github-ae@latest" %} and enterprise settings or contact support{% endif %} to manage your enterprise.'
+versions:
+  enterprise-server: '*'
+  github-ae: '*'
+---
+
+{% if enterpriseServerVersions contains currentVersion %}
+{% data reusables.enterprise_site_admin_settings.about-the-site-admin-dashboard %} For more information, see "[Site admin dashboard](/admin/configuration/site-admin-dashboard)."
+
+{% data reusables.enterprise_site_admin_settings.about-the-management-console %} For more information, see "[Accessing the management console](/admin/configuration/accessing-the-management-console)."
+
+{% data reusables.enterprise_site_admin_settings.about-ssh-access %} For more information, see "[Accessing the administrative shell (SSH)](/admin/configuration/accessing-the-administrative-shell-ssh)."
+{% endif %}
+
+{% if currentVersion == "github-ae@latest" %}
+The first time you access your enterprise, you will complete an initial configuration to get {% data variables.product.product_name %} ready to use. The initial configuration includes connecting your enterprise with an idP, authenticating with SAML SSO, and configuring policies for repositories and organizations in your enterprise. For more information, see "[Initializing {% data variables.product.prodname_ghe_managed %}](/admin/configuration/initializing-github-ae)."
+
+For users to receive any emails from {% data variables.product.product_name %} after the initial configuration, you must ask {% data variables.contact.github_support %} to configure outbound email support with your SMTP server. For more information, see "[Configuring email for notifications](/admin/configuration/configuring-email-for-notifications)."
+
+Later, you can use the site admin dashboard and enterprise settings to further configure your enterprise, manage users, organizations and repositories, and set policies that reduce risk and increase quality. 
+
+All enterprises are configured with subdomain isolation and support for TLS 1.2 and higher for encrypted traffic only.
+{% endif %}
+
+### Further reading
+
+- "[Managing users, organizations, and repositories](/admin/user-management)"
+- "[Setting policies for your enterprise](/admin/policies)"

content/admin/configuration/accessing-the-administrative-shell-ssh.md

@@ -10,7 +10,7 @@ redirect_from:
   - /enterprise/admin/2.15/articles/troubleshooting-ssh-permission-denied-publickey/
   - /enterprise/admin/installation/accessing-the-administrative-shell-ssh
   - /enterprise/admin/configuration/accessing-the-administrative-shell-ssh
-intro: 'SSH access allows you to run the {% data variables.product.prodname_ghe_server %} command line utilities and is useful for troubleshooting, running backups, and configuring replication.'
+intro: '{% data reusables.enterprise_site_admin_settings.about-ssh-access %}'
 versions:
   enterprise-server: '*'
 ---
@@ -47,7 +47,7 @@ admin@github-example-com:~$ █
 
 #### Troubleshooting SSH connection problems
 
-If you encounter the `Permission denied (publickey)` error when you try to connect to {% data variables.product.product_location_enterprise %} via SSH, confirm that you are connecting over port 122. You may need to explicitly specify which private SSH key to use.
+If you encounter the `Permission denied (publickey)` error when you try to connect to {% data variables.product.product_location %} via SSH, confirm that you are connecting over port 122. You may need to explicitly specify which private SSH key to use.
 
 To specify a private SSH key using the command line, run `ssh` with the `-i` argument.
 

content/admin/configuration/accessing-the-management-console.md

@@ -1,6 +1,6 @@
 ---
 title: Accessing the management console
-intro: 'Use the {% data variables.enterprise.management_console %} to set up and configure {% data variables.product.product_location %}, schedule maintenance windows, troubleshoot issues, and manage your license.'
+intro: '{% data reusables.enterprise_site_admin_settings.about-the-management-console %}'
 redirect_from:
   - /enterprise/admin/articles/about-the-management-console/
   - /enterprise/admin/articles/management-console-for-emergency-recovery/
@@ -17,15 +17,15 @@ versions:
 ### About the {% data variables.enterprise.management_console %}
 
 Use the {% data variables.enterprise.management_console %} for basic administrative activities:
-- **Initial setup**: Walk through the initial setup process when first launching {% data variables.product.product_location_enterprise %} by visiting {% data variables.product.product_location_enterprise %}'s IP address in your browser.
+- **Initial setup**: Walk through the initial setup process when first launching {% data variables.product.product_location %} by visiting {% data variables.product.product_location %}'s IP address in your browser.
 - **Configuring basic settings for your instance**: Configure DNS, hostname, SSL, user authentication, email, monitoring services, and log forwarding on the Settings page.
-- **Scheduling maintenance windows**: Take your {% data variables.product.product_location_enterprise %} offline while performing maintenance using the {% data variables.enterprise.management_console %} or administrative shell.
+- **Scheduling maintenance windows**: Take your {% data variables.product.product_location %} offline while performing maintenance using the {% data variables.enterprise.management_console %} or administrative shell.
 - **Troubleshooting**: Generate a support bundle or view high level diagnostic information.
 - **License management**: View or update your {% data variables.product.prodname_enterprise %} license.
 
-You can always reach the {% data variables.enterprise.management_console %} using {% data variables.product.product_location_enterprise %}'s IP address, even when the instance is in maintenance mode, or there is a critical application failure or hostname or SSL misconfiguration.
+You can always reach the {% data variables.enterprise.management_console %} using {% data variables.product.product_location %}'s IP address, even when the instance is in maintenance mode, or there is a critical application failure or hostname or SSL misconfiguration.
 
-To access the {% data variables.enterprise.management_console %}, you must use the administrator password established during initial setup of {% data variables.product.product_location_enterprise %}. You must also be able to connect to the virtual machine host on port 8443. If you're having trouble reaching the {% data variables.enterprise.management_console %}, please check intermediate firewall and security group configurations.
+To access the {% data variables.enterprise.management_console %}, you must use the administrator password established during initial setup of {% data variables.product.product_location %}. You must also be able to connect to the virtual machine host on port 8443. If you're having trouble reaching the {% data variables.enterprise.management_console %}, please check intermediate firewall and security group configurations.
 
 ### Accessing the {% data variables.enterprise.management_console %} as a site administrator
 

content/admin/configuration/command-line-utilities.md

@@ -62,7 +62,7 @@ ghe-cleanup-settings
 
 #### ghe-config
 
-With this utility, you can both retrieve and modify the configuration settings of {% data variables.product.product_location_enterprise %}.
+With this utility, you can both retrieve and modify the configuration settings of {% data variables.product.product_location %}.
 
 ```shell
 $ ghe-config <em>core.github-hostname</em>
@@ -393,7 +393,7 @@ This utility allows you to install a custom root CA certificate on your {% data
 
 Run this utility to add a certificate chain for S/MIME commit signature verification. For more information, see "[About commit signature verification](/enterprise/{{ currentVersion }}/user/articles/about-commit-signature-verification/)."
 
-Run this utility when {% data variables.product.product_location_enterprise %} is unable to connect to another server because the latter is using a self-signed SSL certificate or an SSL certificate for which it doesn't provide the necessary CA bundle. One way to confirm this is to run `openssl s_client -connect host:port -verify 0 -CApath /etc/ssl/certs` from {% data variables.product.product_location_enterprise %}. If the remote server's SSL certificate can be verified, your `SSL-Session` should have a return code of 0, as shown below.
+Run this utility when {% data variables.product.product_location %} is unable to connect to another server because the latter is using a self-signed SSL certificate or an SSL certificate for which it doesn't provide the necessary CA bundle. One way to confirm this is to run `openssl s_client -connect host:port -verify 0 -CApath /etc/ssl/certs` from {% data variables.product.product_location %}. If the remote server's SSL certificate can be verified, your `SSL-Session` should have a return code of 0, as shown below.
 
 ```
 SSL-Session:
@@ -451,7 +451,7 @@ $ ghe-storage-extend
 
 #### ghe-version
 
-This utility prints the version, platform, and build of {% data variables.product.product_location_enterprise %}.
+This utility prints the version, platform, and build of {% data variables.product.product_location %}.
 
 ```shell
 $ ghe-version

content/admin/configuration/configuring-a-hostname.md

@@ -9,7 +9,7 @@ versions:
   enterprise-server: '*'
 ---
 
-If you configure a hostname instead of a hard-coded IP address, you will be able to change the physical hardware that {% data variables.product.product_location_enterprise %} runs on without affecting users or client software.
+If you configure a hostname instead of a hard-coded IP address, you will be able to change the physical hardware that {% data variables.product.product_location %} runs on without affecting users or client software.
 
 The hostname setting in the {% data variables.enterprise.management_console %} should be set to an appropriate fully qualified domain name (FQDN) which is resolvable on the internet or within your internal network. For example, your hostname setting could be `github.companyname.com.` We also recommend enabling subdomain isolation for the chosen hostname to mitigate several cross-site scripting style vulnerabilities. For more information on hostname settings, see [Section 2.1 of the HTTP RFC](https://tools.ietf.org/html/rfc1123#section-2).
 
@@ -18,11 +18,11 @@ The hostname setting in the {% data variables.enterprise.management_console %} s
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
 {% data reusables.enterprise_management_console.hostname-menu-item %}
-4. Type the hostname you'd like to set for {% data variables.product.product_location_enterprise %}.
+4. Type the hostname you'd like to set for {% data variables.product.product_location %}.
   ![Field for setting a hostname](/assets/images/enterprise/management-console/hostname-field.png)
 5. To test the DNS and SSL settings for the new hostname, click **Test domain settings**.
   ![Test domain settings button](/assets/images/enterprise/management-console/test-domain-settings.png)
 {% data reusables.enterprise_management_console.test-domain-settings-failure %}
 {% data reusables.enterprise_management_console.save-settings %}
 
-After you configure a hostname, we recommend that you enable subdomain isolation for {% data variables.product.product_location_enterprise %}. For more information, see "[Enabling subdomain isolation](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-subdomain-isolation/)."
+After you configure a hostname, we recommend that you enable subdomain isolation for {% data variables.product.product_location %}. For more information, see "[Enabling subdomain isolation](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-subdomain-isolation/)."

content/admin/configuration/configuring-an-outbound-web-proxy-server.md

@@ -1,6 +1,6 @@
 ---
 title: Configuring an outbound web proxy server
-intro: 'A proxy server provides an additional level of security for {% data variables.product.product_location_enterprise %}.'
+intro: 'A proxy server provides an additional level of security for {% data variables.product.product_location %}.'
 redirect_from:
   - /enterprise/admin/guides/installation/configuring-a-proxy-server/
   - /enterprise/admin/installation/configuring-an-outbound-web-proxy-server
@@ -8,11 +8,11 @@ redirect_from:
 versions:
   enterprise-server: '*'
 ---
-When a proxy server is enabled for {% data variables.product.product_location_enterprise %}, outbound messages sent by {% data variables.product.prodname_ghe_server %} are first sent through the proxy server, unless the destination host is added as an HTTP proxy exclusion. Types of outbound messages include outgoing webhooks, uploading bundles, and fetching legacy avatars. The proxy server's URL is the protocol, domain or IP address, plus the port number, for example `http://127.0.0.1:8123`.
+When a proxy server is enabled for {% data variables.product.product_location %}, outbound messages sent by {% data variables.product.prodname_ghe_server %} are first sent through the proxy server, unless the destination host is added as an HTTP proxy exclusion. Types of outbound messages include outgoing webhooks, uploading bundles, and fetching legacy avatars. The proxy server's URL is the protocol, domain or IP address, plus the port number, for example `http://127.0.0.1:8123`.
 
 {% note %}
 
-**Note:**  To connect {% data variables.product.product_location_enterprise %} to {% data variables.product.prodname_dotcom_the_website %}, your proxy configuration must allow connectivity to `github.com` and `api.github.com`. For more information, see "[Connecting {% data variables.product.prodname_ghe_server %} to {% data variables.product.prodname_dotcom_the_website %}](/enterprise/{{ currentVersion }}/admin/guides/developer-workflow/connecting-github-enterprise-server-to-github-com)."
+**Note:**  To connect {% data variables.product.product_location %} to {% data variables.product.prodname_dotcom_the_website %}, your proxy configuration must allow connectivity to `github.com` and `api.github.com`. For more information, see "[Connecting {% data variables.product.prodname_ghe_server %} to {% data variables.product.prodname_dotcom_the_website %}](/enterprise/{{ currentVersion }}/admin/guides/developer-workflow/connecting-github-enterprise-server-to-github-com)."
 
 {% endnote %}
 

content/admin/configuration/configuring-applications.md

@@ -1,6 +1,6 @@
 ---
 title: Configuring applications
-intro: 'You can configure internal application settings for {% data variables.product.product_location_enterprise %}.'
+intro: 'You can configure internal application settings for {% data variables.product.product_location %}.'
 redirect_from:
   - /enterprise/admin/installation/configuring-applications
   - /enterprise/admin/configuration/configuring-applications
@@ -10,12 +10,12 @@ versions:
 
 ### Adjusting image caching
 
-You can choose the amount of time that {% data variables.product.product_location_enterprise %} caches avatars. When you increase the cache time, you increase the amount of time a user's avatar will take to load. Configuring the cache time with too low a value can overload {% data variables.product.product_location_enterprise %} work processes. 
+You can choose the amount of time that {% data variables.product.product_location %} caches avatars. When you increase the cache time, you increase the amount of time a user's avatar will take to load. Configuring the cache time with too low a value can overload {% data variables.product.product_location %} work processes. 
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
 3. In the left sidebar, click **Applications**.
 ![Applications tab in the settings sidebar](/assets/images/enterprise/management-console/sidebar-applications.png)
-4. Under "Avatar image cache time (seconds)", type the number of seconds that you would like {% data variables.product.product_location_enterprise %} to cache avatar images.
+4. Under "Avatar image cache time (seconds)", type the number of seconds that you would like {% data variables.product.product_location %} to cache avatar images.
 ![Avatar image caching form field](/assets/images/enterprise/management-console/add-image-caching-value-field.png)
 {% data reusables.enterprise_management_console.save-settings %}

content/admin/configuration/configuring-backups-on-your-appliance.md

@@ -12,14 +12,14 @@ redirect_from:
   - /enterprise/admin/guides/installation/backups-and-disaster-recovery/
   - /enterprise/admin/installation/configuring-backups-on-your-appliance
   - /enterprise/admin/configuration/configuring-backups-on-your-appliance
-intro: 'As part of a disaster recovery plan, you can protect production data on {% data variables.product.product_location_enterprise %} by configuring automated backups.'
+intro: 'As part of a disaster recovery plan, you can protect production data on {% data variables.product.product_location %} by configuring automated backups.'
 versions:
   enterprise-server: '*'
 ---
 
 ### About {% data variables.product.prodname_enterprise_backup_utilities %}
 
-{% data variables.product.prodname_enterprise_backup_utilities %} is a backup system you install on a separate host, which takes backup snapshots of {% data variables.product.product_location_enterprise %} at regular intervals over a secure SSH network connection. You can use a snapshot to restore an existing {% data variables.product.prodname_ghe_server %} instance to a previous state from the backup host.
+{% data variables.product.prodname_enterprise_backup_utilities %} is a backup system you install on a separate host, which takes backup snapshots of {% data variables.product.product_location %} at regular intervals over a secure SSH network connection. You can use a snapshot to restore an existing {% data variables.product.prodname_ghe_server %} instance to a previous state from the backup host.
 
 Only data added since the last snapshot will transfer over the network and occupy additional physical storage space. To minimize performance impact, backups are performed online under the lowest CPU/IO priority. You do not need to schedule a maintenance window to perform a backup.
 
@@ -27,11 +27,11 @@ For more detailed information on features, requirements, and advanced usage, see
 
 ### Prerequisites
 
-To use {% data variables.product.prodname_enterprise_backup_utilities %}, you must have a Linux or Unix host system separate from {% data variables.product.product_location_enterprise %}.
+To use {% data variables.product.prodname_enterprise_backup_utilities %}, you must have a Linux or Unix host system separate from {% data variables.product.product_location %}.
 
 You can also integrate {% data variables.product.prodname_enterprise_backup_utilities %} into an existing environment for long-term permanent storage of critical data.
 
-We recommend that the backup host and {% data variables.product.product_location_enterprise %} be geographically distant from each other. This ensures that backups are available for recovery in the event of a major disaster or network outage at the primary site.
+We recommend that the backup host and {% data variables.product.product_location %} be geographically distant from each other. This ensures that backups are available for recovery in the event of a major disaster or network outage at the primary site.
 
 Physical storage requirements will vary based on Git repository disk usage and expected growth patterns:
 
@@ -59,7 +59,7 @@ More resources may be required depending on your usage, such as user activity an
 3. Set the `GHE_HOSTNAME` value to your primary {% data variables.product.prodname_ghe_server %} instance's hostname or IP address.
 4. Set the `GHE_DATA_DIR` value to the filesystem location where you want to store backup snapshots.
 5. Open your primary instance's settings page at `https://HOSTNAME/setup/settings` and add the backup host's SSH key to the list of authorized SSH keys. For more information, see [Accessing the administrative shell (SSH)](/enterprise/{{ currentVersion }}/admin/guides/installation/accessing-the-administrative-shell-ssh/).
-5. Verify SSH connectivity with {% data variables.product.product_location_enterprise %} with the `ghe-host-check` command.
+5. Verify SSH connectivity with {% data variables.product.product_location %} with the `ghe-host-check` command.
   ```shell
   $ bin/ghe-host-check		  
   ```		  
@@ -78,9 +78,9 @@ If backup attempts overlap, the `ghe-backup` command will abort with an error me
 
 ### Restoring a backup
 
-In the event of prolonged outage or catastrophic event at the primary site, you can restore {% data variables.product.product_location_enterprise %} by provisioning another {% data variables.product.prodname_enterprise %} appliance and performing a restore from the backup host. You must add the backup host's SSH key to the target {% data variables.product.prodname_enterprise %} appliance as an authorized SSH key before restoring an appliance.
+In the event of prolonged outage or catastrophic event at the primary site, you can restore {% data variables.product.product_location %} by provisioning another {% data variables.product.prodname_enterprise %} appliance and performing a restore from the backup host. You must add the backup host's SSH key to the target {% data variables.product.prodname_enterprise %} appliance as an authorized SSH key before restoring an appliance.
 
-To restore {% data variables.product.product_location_enterprise %} from the last successful snapshot, use the `ghe-restore` command. You should see output similar to this:
+To restore {% data variables.product.product_location %} from the last successful snapshot, use the `ghe-restore` command. You should see output similar to this:
 
 ```shell
 $ ghe-restore -c 169.154.1.1

content/admin/configuration/configuring-built-in-firewall-rules.md

@@ -1,6 +1,6 @@
 ---
 title: Configuring built-in firewall rules
-intro: 'You can view default firewall rules and customize rules for {% data variables.product.product_location_enterprise %}.'
+intro: 'You can view default firewall rules and customize rules for {% data variables.product.product_location %}.'
 redirect_from:
   - /enterprise/admin/guides/installation/configuring-firewall-settings/
   - /enterprise/admin/installation/configuring-built-in-firewall-rules
@@ -9,7 +9,7 @@ versions:
   enterprise-server: '*'
 ---
 
-### About {% data variables.product.product_location_enterprise %}'s firewall
+### About {% data variables.product.product_location %}'s firewall
 
 {% data variables.product.prodname_ghe_server %} uses Ubuntu's Uncomplicated Firewall (UFW) on the virtual appliance. For more information see "[UFW](https://help.ubuntu.com/community/UFW)" in the Ubuntu documentation. {% data variables.product.prodname_ghe_server %} automatically updates the firewall allowlist of allowed services with each release.
 
@@ -66,7 +66,7 @@ The UFW firewall also opens several other ports that are required for {% data va
   $ sudo cp -r /lib/ufw ~/ufw.backup
   ```
 
-After you upgrade {% data variables.product.product_location_enterprise %}, you must reapply your custom firewall rules. We recommend that you create a script to reapply your firewall custom rules.
+After you upgrade {% data variables.product.product_location %}, you must reapply your custom firewall rules. We recommend that you create a script to reapply your firewall custom rules.
 
 ### Restoring the default firewall rules
 

content/admin/configuration/configuring-code-scanning-for-your-appliance.md

@@ -1,7 +1,7 @@
 ---
 title: Configuring code scanning for your appliance
 shortTitle: Configuring code scanning
-intro: 'You can enable, configure and disable {% data variables.product.prodname_code_scanning %} for {% data variables.product.product_location_enterprise %}. {% data variables.product.prodname_code_scanning_capc %} allows users to scan code for vulnerabilities and errors.'
+intro: 'You can enable, configure and disable {% data variables.product.prodname_code_scanning %} for {% data variables.product.product_location %}. {% data variables.product.prodname_code_scanning_capc %} allows users to scan code for vulnerabilities and errors.'
 product: '{% data reusables.gated-features.code-scanning %}'
 miniTocMaxHeadingLevel: 4
 redirect_from:
@@ -20,7 +20,7 @@ The table below summarizes the available types of analysis for {% data variables
 
 {% data reusables.code-scanning.enabling-options %}
 
-For the users of {% data variables.product.product_location_enterprise %} to be able to enable and use {% data variables.product.prodname_code_scanning %} in their repositories, you need, as a site administrator, to enable this feature for the whole appliance.
+For the users of {% data variables.product.product_location %} to be able to enable and use {% data variables.product.prodname_code_scanning %} in their repositories, you need, as a site administrator, to enable this feature for the whole appliance.
 
 ### How do I know if {% data variables.product.prodname_code_scanning %} is enabled for my appliance
 
@@ -55,18 +55,18 @@ You must ensure that Git is in the PATH variable on any self-hosted runners you
 To run {% data variables.product.prodname_code_scanning %} on {% data variables.product.prodname_ghe_server %} with {% data variables.product.prodname_actions %}, the appropriate action must be available locally. You can make the action available in three ways.
 
 - **Recommended** You can use [{% data variables.product.prodname_github_connect %}](/enterprise/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud) to automatically download actions from {% data variables.product.prodname_dotcom_the_website %}. The machine that hosts your instance must be able to access {% data variables.product.prodname_dotcom_the_website %}. This approach ensures that you get the latest software automatically. For more information, see "[Configuring {% data variables.product.prodname_github_connect %} to sync {% data variables.product.prodname_actions %}](/enterprise/admin/configuration/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions)."
-- If you want to use the {% data variables.product.prodname_codeql_workflow %}, you can sync the repository from {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.prodname_ghe_server %}, by using the {% data variables.product.prodname_codeql %} Action sync tool available at [https://github.com/github/codeql-action-sync-tool](https://github.com/github/codeql-action-sync-tool/). You can use this tool regardless of whether {% data variables.product.product_location_enterprise %} or your {% data variables.product.prodname_actions %} runners have access to the internet, as long as you can access both {% data variables.product.product_location_enterprise %} and {% data variables.product.prodname_dotcom_the_website %} simultaneously on your computer.
+- If you want to use the {% data variables.product.prodname_codeql_workflow %}, you can sync the repository from {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.prodname_ghe_server %}, by using the {% data variables.product.prodname_codeql %} Action sync tool available at [https://github.com/github/codeql-action-sync-tool](https://github.com/github/codeql-action-sync-tool/). You can use this tool regardless of whether {% data variables.product.product_location %} or your {% data variables.product.prodname_actions %} runners have access to the internet, as long as you can access both {% data variables.product.product_location %} and {% data variables.product.prodname_dotcom_the_website %} simultaneously on your computer.
 - You can create a local copy of the action's repository on your server, by cloning the {% data variables.product.prodname_dotcom_the_website %} repository with the action. For example, if you want to use the {% data variables.product.prodname_codeql %} action, you can create a repository in your instance called `github/codeql-action`, then clone the [repository](https://github.com/github/codeql-action) from {% data variables.product.prodname_dotcom_the_website %}, and then push that repository to your instance's `github/codeql-action` repository. You will also need to download any of the releases from the repository on {% data variables.product.prodname_dotcom_the_website %} and upload them to your instance's `github/codeql-action` repository as releases. 
 
 
 ##### Configuring {% data variables.product.prodname_github_connect %} to sync {% data variables.product.prodname_actions %}
 
 1. If you want to download action workflows on demand from {% data variables.product.prodname_dotcom_the_website %}, you need to enable {% data variables.product.prodname_github_connect %}. For more information, see "[Enabling {% data variables.product.prodname_github_connect %}](/enterprise/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud#enabling-github-connect)."
-2. You'll also need to enable {% data variables.product.prodname_actions %} for {% data variables.product.product_location_enterprise %}. For more information, see "[Enabling {% data variables.product.prodname_actions %} and configuring storage](/enterprise/admin/github-actions/enabling-github-actions-and-configuring-storage)."
+2. You'll also need to enable {% data variables.product.prodname_actions %} for {% data variables.product.product_location %}. For more information, see "[Enabling {% data variables.product.prodname_actions %} and configuring storage](/enterprise/admin/github-actions/enabling-github-actions-and-configuring-storage)."
 3. The next step is to configure access to actions on {% data variables.product.prodname_dotcom_the_website %} using {% data variables.product.prodname_github_connect %}. For more information, see "[Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/enterprise/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect)."
 4. Add a self-hosted runner to your repository, organization, or enterprise account. For more information, see "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."
 
-After you configure a self-hosted runner, users can enable {% data variables.product.prodname_code_scanning %} for individual repositories on {% data variables.product.product_location_enterprise %}. For more information, see "[Enabling {% data variables.product.prodname_code_scanning %} for a repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository)."
+After you configure a self-hosted runner, users can enable {% data variables.product.prodname_code_scanning %} for individual repositories on {% data variables.product.product_location %}. For more information, see "[Enabling {% data variables.product.prodname_code_scanning %} for a repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository)."
 
 ### Running {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql_runner %}
 If your organization isn't taking part in the beta for {% data variables.product.prodname_actions %}, or if you don't want to use {% data variables.product.prodname_actions %}, you can run {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql_runner %}. 

content/admin/configuration/configuring-data-encryption-for-your-enterprise.md

@@ -0,0 +1,71 @@
+---
+title: Configuring data encryption for your enterprise
+shortTitle: Configuring data encryption
+intro: 'For encryption at rest, you can provide your own encryption key to encrypt your data under your encryption policies.'
+versions:
+  github-ae: '*'
+---
+
+{% note %}
+
+**Note:** Configuring encryption at rest with a customer-managed key is currently in beta and subject to change.
+
+{% endnote %}
+
+### About data encryption
+
+To provide a high level of security, {% data variables.product.product_name %} encrypts your data while at rest in the data centers and while your data is in transit between users' machines and the data centers.
+
+For encryption in transit, {% data variables.product.product_name %} uses Transport Layer Security (TLS). For encryption at rest, {% data variables.product.product_name %} provides a default RSA key. After you've initialized your enterprise, you can choose to provide your own key instead. Your key should be a 2048 bit RSA private key in PEM format.
+
+The key that you provide is stored in a hardware security module (HSM) in a key vault that {% data variables.product.company_short %} manages.
+
+To configure your encryption key, use the REST API. There are a number of API endpoints, for example to check the status of encryption, update your encryption key, and delete your encryption key. Note that deleting your key will freeze your enterprise. For more information about the API endpoints, see "[Encryption at rest](/rest/reference/enterprise-admin#encryption-at-rest)" in the REST API documentation.
+
+### Adding or updating an encryption key
+
+You can add a new encryption key as often as you need. When you add a new key, the old key is discarded. Your enterprise won't experience downtime when you update the key.
+
+Your 2048 bit RSA private key should be in PEM format, for example in a file called _private-key.pem_.
+   
+   ```
+   -----BEGIN RSA PRIVATE KEY-----
+   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+   -----END RSA PRIVATE KEY-----
+   ```
+
+1. To add your key, use the `PATCH /enterprise/encryption` endpoint, replacing *~/private-key.pem* with the path to your private key.
+
+   ```shell
+   curl -X PATCH http(s)://<em>hostname</em>/api/v3/enterprise/encryption \
+     -d "{ \"key\": \"$(awk '{printf "%s\\n", $0}' ~/private-key.pem)\" }"
+   ```
+
+2. Optionally, check the status of the update operation.
+
+   ```shell
+   curl -X GET http(s)://<em>hostname</em>/api/v3/enterprise/encryption/status/<em>request_id</em>
+   ```
+
+### Deleting your encryption key
+
+To freeze your enterprise, for example in the case of a breach, you can disable encryption at rest by deleting your encryption key.
+
+To unfreeze your enterprise after you've deleted your encryption key, contact support. For more information, see "[About {% data variables.contact.enterprise_support %}](/admin/enterprise-support/about-github-enterprise-support)."
+
+1. To delete your key and disable encryption at rest, use the `DELETE /enterprise/encryption` endpoint.
+
+   ```shell
+   curl -X DELETE http(s)://<em>hostname</em>/api/v3/enterprise/encryption
+   ```
+
+2. Optionally, check the status of the delete operation.
+
+   ```shell
+   curl -X GET http(s)://<em>hostname</em>/api/v3/enterprise/encryption/status/<em>request_id</em>
+   ```
+
+### Further reading
+
+- "[Encryption at rest](/rest/reference/enterprise-admin#encryption-at-rest)" in the REST API documentation 

content/admin/configuration/configuring-dns-nameservers.md

@@ -9,7 +9,7 @@ versions:
   enterprise-server: '*'
 ---
 
-The nameservers you specify must resolve {% data variables.product.product_location_enterprise %}'s hostname.
+The nameservers you specify must resolve {% data variables.product.product_location %}'s hostname.
 
 {% data reusables.enterprise_installation.changing-hostname-not-supported %}
 
@@ -28,7 +28,7 @@ The nameservers you specify must resolve {% data variables.product.product_locat
   ```
 3. Append any `nameserver` entries, then save the file.
 4. After verifying your changes, save the file.
-5. To add your new nameserver entries to {% data variables.product.product_location_enterprise %}, enter:
+5. To add your new nameserver entries to {% data variables.product.product_location %}, enter:
   ```shell
   $ sudo service resolvconf restart
   ```

content/admin/configuration/configuring-email-for-notifications.md

@@ -6,11 +6,25 @@ redirect_from:
   - /enterprise/admin/articles/troubleshooting-email/
   - /enterprise/admin/articles/email-configuration-and-troubleshooting/
   - /enterprise/admin/user-management/configuring-email-for-notifications
-intro: 'To make it easy for users to respond quickly to activity on {% data variables.product.prodname_ghe_server %}, you can configure your instance to send email notifications on issue, pull request, and commit comments, as well as additional settings to allow inbound email replies. Notification emails are sent if there is activity on a repository a user is watching, if there is activity in a pull request or issue they are participating in, or if the user or team they''re a member of are @mentioned in a comment.'
+intro: 'To make it easy for users to respond quickly to activity on {% data variables.product.product_name %}, you can configure your enterprise to send email notifications on issue, pull request, and commit comments{% if enterpriseServerVersions contains currentVersion %}, as well as additional settings to allow inbound email replies{% endif %}.'
 versions:
   enterprise-server: '*'
+  github-ae: '*'
 ---
 
+Notification emails are sent if there is activity on a repository a user is watching, if there is activity in a pull request or issue they are participating in, or if the user or team they're a member of are @mentioned in a comment.
+
+{% if currentVersion == "github-ae@latest" %}
+Your dedicated technical account manager in {% data variables.contact.github_support %} can configure email for notifications to be sent through your SMTP server. Make sure you include the following details in your support request.
+
+- Your SMTP server address
+- The port your SMTP server uses to send email
+- The domain name that your SMTP server will send with a HELO response, if any
+- The type of encryption used by your SMTP server
+- The no-reply email address to use in the `From` and `To` field for all notifications
+
+For more information about contacting support, see "[About {% data variables.contact.enterprise_support %}](/enterprise/admin/guides/enterprise-support/about-github-enterprise-support)."
+{% else %}
 ### Configuring SMTP
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}
@@ -120,7 +134,7 @@ This log shows that the appliance:
 * The `login` authentication type was performed (`<- "AUTH LOGIN\r\n"`).
 * The SMTP Server rejected the authentication as invalid (`-> "535-5.7.1 Username and Password not accepted.`).
 
-#### Check {% data variables.product.product_location_enterprise %} logs
+#### Check {% data variables.product.product_location %} logs
 
 If you need to verify that your inbound email is functioning, there are two logfiles that you can examine on your instance: To verify that */var/log/mail.log* and */var/log/mail-replies/metroplex.log*.
 
@@ -155,8 +169,9 @@ In order to properly process inbound emails, you must configure a valid A Record
 
 #### Check firewall or AWS Security Group settings
 
-If {% data variables.product.product_location_enterprise %} is behind a firewall or is being served through an AWS Security Group, make sure port 25 is open to all mail servers that send emails to `reply@reply.[hostname]`.
+If {% data variables.product.product_location %} is behind a firewall or is being served through an AWS Security Group, make sure port 25 is open to all mail servers that send emails to `reply@reply.[hostname]`.
 
 #### Contact support
 
 If you're still unable to resolve the problem, contact {% data variables.contact.contact_ent_support %}. Please attach the output file from `http(s)://[hostname]/setup/diagnostics` to your email to help us troubleshoot your problem.
+{% endif %}

content/admin/configuration/configuring-github-pages-for-your-enterprise.md

@@ -0,0 +1,68 @@
+---
+title: Configuring GitHub Pages for your enterprise
+intro: 'You can enable or disable {% data variables.product.prodname_pages %} for your enterprise and choose whether to make sites publicly accessible.'
+redirect_from:
+  - /enterprise/admin/guides/installation/disabling-github-enterprise-pages/
+  - /enterprise/admin/guides/installation/configuring-github-enterprise-pages/
+  - /enterprise/admin/installation/configuring-github-pages-on-your-appliance
+  - /enterprise/admin/configuration/configuring-github-pages-on-your-appliance
+  - /admin/configuration/configuring-github-pages-on-your-appliance
+  - /enterprise/admin/guides/installation/configuring-github-pages-for-your-enterprise/
+versions:
+  enterprise-server: '*'
+  github-ae: '*'
+---
+
+### Enabling public sites for {% data variables.product.prodname_pages %}
+
+{% if enterpriseServerVersions contains currentVersion %}If private mode is enabled on your enterprise, the {% else %}The {% endif %}public cannot access {% data variables.product.prodname_pages %} sites hosted by your enterprise unless you enable public sites.
+
+{% warning %}
+
+**Warning:** If you enable public sites for {% data variables.product.prodname_pages %}, every site in every repository on your enterprise will be accessible to the public.
+
+{% endwarning %}
+
+{% if enterpriseServerVersions contains currentVersion %}
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+{% data reusables.enterprise_site_admin_settings.management-console %}
+{% data reusables.enterprise_management_console.pages-tab %}
+4. Select **Public Pages**.
+  ![Checkbox to enable Public Pages](/assets/images/enterprise/management-console/public-pages-checkbox.png)
+{% data reusables.enterprise_management_console.save-settings %}
+{% elsif currentVersion == "github-ae@latest" %}
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.pages-tab %}
+5. Under "Pages policies", select **Public {% data variables.product.prodname_pages %}**.
+  ![Checkbox to enable public {% data variables.product.prodname_pages %}](/assets/images/enterprise/business-accounts/public-github-pages-checkbox.png)
+{% data reusables.enterprise-accounts.pages-policies-save %}
+{% endif %}
+
+### Disabling {% data variables.product.prodname_pages %} for your enterprise
+
+{% if enterpriseServerVersions contains currentVersion %}
+If subdomain isolation is disabled for your enterprise, you should also disable {% data variables.product.prodname_pages %} to protect yourself from potential security vulnerabilities. For more information, see "[Enabling subdomain isolation](/admin/configuration/enabling-subdomain-isolation)."
+{% endif %}
+
+{% if enterpriseServerVersions contains currentVersion %}
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+{% data reusables.enterprise_site_admin_settings.management-console %}
+{% data reusables.enterprise_management_console.pages-tab %}
+4. Unselect **Enable Pages**.
+  ![Checkbox to disable {% data variables.product.prodname_pages %}](/assets/images/enterprise/management-console/pages-select-button.png)
+{% data reusables.enterprise_management_console.save-settings %}
+{% elsif currentVersion == "github-ae@latest" %}
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.pages-tab %}
+5. Under "Pages policies", deselect **Enable {% data variables.product.prodname_pages %}**.
+  ![Checkbox to disable {% data variables.product.prodname_pages %}](/assets/images/enterprise/business-accounts/enable-github-pages-checkbox.png)
+{% data reusables.enterprise-accounts.pages-policies-save %}
+{% endif %}
+
+{% if enterpriseServerVersions contains currentVersion %}
+### Further reading
+
+- "[Enabling private mode](/admin/configuration/enabling-private-mode)"
+{% endif %}

content/admin/configuration/configuring-github-pages-on-your-appliance.md

@@ -1,43 +0,0 @@
----
-title: Configuring GitHub Pages on your appliance
-intro: 'You can enable or disable {% data variables.product.prodname_pages %} on your instance. You can also choose to make {% data variables.product.prodname_pages %} sites publicly accessible.'
-redirect_from:
-  - /enterprise/admin/guides/installation/disabling-github-enterprise-pages/
-  - /enterprise/admin/guides/installation/configuring-github-enterprise-pages/
-  - /enterprise/admin/installation/configuring-github-pages-on-your-appliance
-  - /enterprise/admin/configuration/configuring-github-pages-on-your-appliance
-versions:
-  enterprise-server: '*'
----
-
-### Making {% data variables.product.prodname_pages %} publicly accessible
-
-If private mode is enabled on your instance, the public cannot access {% data variables.product.prodname_pages %} sites hosted on {% data variables.product.product_location_enterprise %}.
-
-{% warning %}
-
-**Warning:** If you enable public {% data variables.product.prodname_pages %} sites, every {% data variables.product.prodname_pages %} site in every repository on your instance will be accessible to the public.
-
-{% endwarning %}
-
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.management-console %}
-{% data reusables.enterprise_management_console.pages-tab %}
-4. Select **Public Pages**.
-![Checkbox to enable Public Pages](/assets/images/enterprise/management-console/public-pages-checkbox.png)
-{% data reusables.enterprise_management_console.save-settings %}
-
-### Disabling {% data variables.product.prodname_pages %} on {% data variables.product.product_location_enterprise %}
-
-If subdomain isolation is disabled for {% data variables.product.product_location_enterprise %}, you should also disable {% data variables.product.prodname_pages %} to protect yourself from potential security vulnerabilities. For more information, see "[Enabling subdomain isolation](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-subdomain-isolation)."
-
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.management-console %}
-{% data reusables.enterprise_management_console.pages-tab %}
-4. Unselect **Enable Pages**.
-![Checkbox to disable {% data variables.product.prodname_pages %}](/assets/images/enterprise/management-console/pages-select-button.png)
-{% data reusables.enterprise_management_console.save-settings %}
-
-### Further reading
-
-- "[Enabling private mode](/enterprise/{{ currentVersion }}/admin/guides/installation/enabling-private-mode)"

content/admin/configuration/configuring-rate-limits.md

@@ -31,7 +31,7 @@ You can exempt a list of users from API rate limits using the `ghe-config` utili
 
 ### Enabling abuse rate limits
 
-Setting abuse rate limits protects the overall level of service on {% data variables.product.product_location_enterprise %}.
+Setting abuse rate limits protects the overall level of service on {% data variables.product.product_location %}.
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}

content/admin/configuration/configuring-tls.md

@@ -1,6 +1,6 @@
 ---
 title: Configuring TLS
-intro: 'You can configure Transport Layer Security (TLS) on {% data variables.product.product_location_enterprise %} so that you can use a certificate that is signed by a trusted certificate authority.'
+intro: 'You can configure Transport Layer Security (TLS) on {% data variables.product.product_location %} so that you can use a certificate that is signed by a trusted certificate authority.'
 redirect_from:
   - /enterprise/admin/articles/ssl-configuration/
   - /enterprise/admin/guides/installation/about-tls/
@@ -54,9 +54,9 @@ Let's Encrypt is a public certificate authority that issues free, automated TLS
 
 {% data reusables.enterprise_installation.lets-encrypt-prerequisites %}
 
-When you enable automation of TLS certificate management using Let's Encrypt, {% data variables.product.product_location_enterprise %} will contact the Let's Encrypt servers to obtain a certificate. To renew a certificate, Let's Encrypt servers must validate control of the configured domain name with inbound HTTP requests.
+When you enable automation of TLS certificate management using Let's Encrypt, {% data variables.product.product_location %} will contact the Let's Encrypt servers to obtain a certificate. To renew a certificate, Let's Encrypt servers must validate control of the configured domain name with inbound HTTP requests.
 
-You can also use the `ghe-ssl-acme` command line utility on {% data variables.product.product_location_enterprise %} to automatically generate a Let's Encrypt certificate. For more information, see "[Command-line utilities](/enterprise/{{ currentVersion }}/admin/guides/installation/command-line-utilities#ghe-ssl-acme)."
+You can also use the `ghe-ssl-acme` command line utility on {% data variables.product.product_location %} to automatically generate a Let's Encrypt certificate. For more information, see "[Command-line utilities](/enterprise/{{ currentVersion }}/admin/guides/installation/command-line-utilities#ghe-ssl-acme)."
 
 ### Configuring TLS using Let's Encrypt
 

content/admin/configuration/configuring-your-enterprise.md

@@ -1,6 +1,6 @@
 ---
 title: Configuring your enterprise
-intro: 'Once {% data variables.product.prodname_ghe_server %} is up and running, you can configure the appliance to suit your organization''s needs.'
+intro: "After {% data variables.product.product_name %} is up and running, you can configure your enterprise to suit your organization's needs."
 redirect_from:
   - /enterprise/admin/guides/installation/basic-configuration/
   - /enterprise/admin/guides/installation/administrative-tools/
@@ -11,5 +11,6 @@ redirect_from:
 mapTopic: true
 versions:
   enterprise-server: '*'
+  github-ae: '*'
 ---
 

content/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud.md

@@ -41,8 +41,7 @@ For more information about managing enterprise accounts using the GraphQL API, s
 ### Enabling {% data variables.product.prodname_github_connect %}
 
 1. Sign in to {% data variables.product.product_location_enterprise %} and {% data variables.product.prodname_dotcom_the_website %}.
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.business %}
+{% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.github-connect-tab %}
 5. Under "{% data variables.product.prodname_dotcom_the_website %} is not enabled yet", click **Enable {% data variables.product.prodname_github_connect %}**. By clicking **Enable {% data variables.product.prodname_github_connect %}**, you agree to the  <a href="/articles/github-connect-addendum-to-the-github-enterprise-license-agreement/" class="dotcom-only">{% data variables.product.prodname_github_connect %} Addendum to the {% data variables.product.prodname_enterprise %} License Agreement</a>.
@@ -54,8 +53,7 @@ For more information about managing enterprise accounts using the GraphQL API, s
 
 When you disconnect from {% data variables.product.prodname_ghe_cloud %}, the {% data variables.product.prodname_github_connect %} {% data variables.product.prodname_github_app %} is deleted from your enterprise account or organization and credentials stored on {% data variables.product.product_location_enterprise %} are deleted.
 
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.business %}
+{% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.github-connect-tab %}
 5. Next to the enterprise account or organization you'd like to disconnect, click **Disable {% data variables.product.prodname_github_connect %}**.