Enterprise Managed Users: Guest role users cannot see internal repositories #549
Labels
admin-cloud
Feature area: Cloud administration
beta
Feature phase: Beta
cloud
Available on Cloud
github enterprise
Product SKU: GitHub Enterprise
Comments
github-product-roadmap
added
admin-cloud
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
github-product-roadmap commentedAug 17, 2022
Summary
Enterprise Managed Users provides an enterprise with an isolated set of organizations and repositories, that are not visible unless you're a member of the enterprise. They support only
internalandprivaterepositories, and users must sign in from the linked IdP in order to access them.This improvement introduces a new user role,
guest, alongside the existing member and admin roles. The role is set by the IdP at provisioning time, and limits these users to seeing repositories they are added to only. They can not seeinternalrepositories by default.Intended Outcome
Companies can safely inner-source their code using the
internalaccess level, while also allowing guests into their environment to work on select parts of the codebase.How will it work?
Users provisioned to an EMU enterprise as "Guests" will have access only to orgs and repos they are explicitly added to. They will not automatically receive access to
internalrepositories just by being a member of the parent org.Users will still need to sign in from the linked IdP in order to access the enterprise, in order to keep access control at the IdP. Provisioning rules can be set up to automatically apply the Guest role to guests in the tenant, pivoting off of the user type stored in the IdP.
The text was updated successfully, but these errors were encountered: