user-management

Subscribe to all “user-management” posts via RSS or follow GitHub Changelog on Twitter to stay updated on everything we ship.

~ cd github-changelog
~/github-changelog|main git log main
showing all changes successfully

You can now create access tokens with limited scope using the new granular access tokens functionality in npm. With granular access tokens, you can:

  • Restrict which packages and/or scopes a token has access to
  • Grant tokens access to specific organizations for user management
  • Set a token expiration date
  • Limit token access based on IP address ranges
  • Select between read and/or write access

Tokens with least privileges protects your npm packages from accidental or malicious misuse of your token. These tokens also allow you to manage your npm org and teams from a CI/CD pipeline. Granular access tokens are specifically built for automation and do not require 2FA. We recommend using granular access tokens with least privileges while you automate publishing and org management activities.

See more

Enterprises that use Enterprise Managed Users (EMUs) to authenticate their accounts via Azure Active Directory can now use Azure AD location-based Conditional Access policies to protect the use of PATs and SSH keys. This requires the use of a new OpenID Connect-based application rather than a SAML integration. To learn more, read about enforcing Azure AD Conditional Access for PATs and SSH keys.

Note: this feature is currently in public beta for new and existing Azure AD EMU enterprises.

For more information:

See more

Enterprise owners can now prevent organization owners from inviting outside collaborators to repositories in their enterprise. The "Repository outside collaborators" policy includes an additional option, "Enterprise admins only", which restricts the ability to invite outside collaborators only to users with admin permissions to the enterprise. For more info, see "Enforcing a policy for inviting outside collaborators to repositories".

Shows the new option "Enterprise admins only" in the "Repository outside collaborators" policy

See more