For GitHub Enterprise Cloud customers, team sync no longer invites members to organizations by default. For existing team sync customers we have added a configuration option to disable automatic organization provisioning for users that are synced from your identity provider groups. Team sync will not remove users from an organization when they are removed from a team.
For additional information and instructions to opt out of the default behavior, learn more in our team sync documentation.
GitHub organization owners can now opt-in to a public beta to display organization members' IP addresseses in audit logs events. When enabled, IP addresses will be displayed for all audit log events performed by organization members on organization assets other than public repositories, which will be treated differently due to privacy obligations.
The inclusion of IP addresses in audit logs helps software developers and administrators protect their systems and data from potential threats and improve their overall security posture by providing the source of an action or event within a system or network. This information is crucial for troubleshooting issues or investigating security incidents. IP addresses are often used in forensic investigations to trace the origin of cyberattacks, unauthorized access, or other malicious activities.
For additional information and instructions for enabling this feature, read about displaying IP addresses in the audit log for your organization.
The GitHub Enterprise Cloud Dormant Users report is now generally available. This report shows enterprise members who have not been active in the last 90 days.
To learn more, read about managing dormant users.
The recently enhanced GitHub Enterprise "consumed licenses" report and new "enterprise members" report are now generally available. These reports provide more insight into who has access to an enterprise, what level of access, and whether a license is consumed:
To learn more about these reports and how to access them, read our documents about viewing license usage for GitHub Enterprise and exporting membership information about your enterprise.
GitHub Enterprise Cloud administrators who have IP allow lists set up for their enterprises, organizations, or GitHub Apps can now check whether an IP address is permitted within the IP allow list.
To learn more, read our 'Checking if an IP address is permitted' documentation for enterprises and organizations.
We’ve made a series of improvements to the GitHub Connect license sync feature in addition to the "Sync now" button we recently added in GHES:
saml_name_id and the GitHub Enterprise Cloud email address (for verified domains only) for each user;consumed-licenses: returns the same Consumed License data found in the CSV downloadlicense-sync-status: returns information related to the license sync job statusGitHub Enterprise Cloud customers can elect to participate in a public beta to configure audit log streaming to AWS S3 with OpenID Connect (OIDC). Audit log streaming configured with OIDC eliminates storage of long-lived cloud secrets on GitHub by using short-lived tokens exchanged via REST/JSON message flows for authentication.
For additional information, please follow the instructions for setting up audit log streaming to AWS S3 with OpenID Connect.
The ability for GitHub Enterprise Cloud owners to display members’ IP addresses for all audit logs events for private repositories and other enterprise assets, such as issues and projects, is generally available.
These IP addresses can be used to improve threat analyses and further secure your software. Note, IP addresses will continue to not be displayed for activity related to public repositories.
For additional information, read about displaying IP addresses in the audit log for your enterprise.
GitHub Enterprise Cloud (GHEC) customers can now participate in a private beta enabling audit log streaming to a Datadog endpoint. Audit log streaming to Datadog not only allows enterprises to satisfy long-term data retention goals but also analyze GitHub audit log data using the tools offered by Datadog.
GHEC administrators interested in participating in the private beta should reach out to your GitHub account manager or contact our sales team to make the feature available for your enterprise. Once enabled, administrators can follow the instructions for setting up streaming to Datadog and provide feedback on their experience at the audit log streaming to Datadog community discussion.
GitHub Enterprise Cloud customers can elect to participate in a private beta to configure audit log streaming to AWS S3 with OpenID Connect (OIDC). Audit log streaming configured with OIDC eliminates storage of long-lived cloud secrets on GitHub by using short-lived tokens exchanged via REST/JSON message flows for authentication.
If interested in participating in the private beta, please reach out to your GitHub account manager or contact our sales team to make the feature available for your enterprise. For additional information on configuring OIDC, read about setting up audit log streaming to AWS S3 with OpenID Connect.
Enterprises that use Enterprise Managed Users (EMUs) to authenticate their accounts via Azure Active Directory can now use Azure AD location-based Conditional Access policies to protect the use of PATs and SSH keys. This requires the use of a new OpenID Connect-based application rather than a SAML integration. To learn more, read about enforcing Azure AD Conditional Access for PATs and SSH keys.
Note: this feature is currently in public beta for new and existing Azure AD EMU enterprises.
For more information:
Via our new beta feature, enterprise owners can now revoke pending member invitations from the pending invitations page within the enterprise account: https://github.com/enterprises/<enterprise>/pending_members. This beta feature only applies to enterprise member invitations not invites for enterprise administrators and outside collaborators.
To learn more, please read about viewing people in your enterprise.
Enterprise administrators can now view a quick summary of the members associated with their enterprise on the enterprise account's member's page: https://github.com/enterprises/<enterprise>/people. This new summary section breaks down user counts across roles, licenses, and deployments applicable to your enterprise.
Enterprise owners can now access reports about dormant users on GitHub Enterprise Cloud. To learn more, read about managing dormant users.
Note: this feature is currently in beta.