Skip to content

Latest commit

 

History

History
113 lines (73 loc) · 5.41 KB

week-2-admin-to-users.md

File metadata and controls

113 lines (73 loc) · 5.41 KB

Admin to users

To send from admins to engineers in week 2

Dear Engineers,

As the GitHub Administrators (+ SAML administrators, + IT Security team), we are planning a roll-out of SAML authentication with GitHub Enterprise. This will take place over the next 6 weeks. We would like to share the anticipated plan, to ensure the smoothest transition possible.

Why are we doing this?

SAML is a secure authentication method with many benefits to our organization. We already have SAML configured for some of our services. To maximize the benefits and security, we will be configuring SAML with GitHub Enterprise.

How will engineers be affected

Once we start this process, GitHub users will need to authenticate to GitHub through SAML. There will be a short window to do this before SAML authentication is enforced, so it is very important to do this promptly. This is planned in week 5 of our transition.

We will also need to identify and manage all service or bot accounts. Engineers are responsible for communicating these accounts with us, so we can grant then the proper access and their use can continue uninterrupted.

Timeline

For a detailed view, please see the roll-out plan.

Most important events to be aware of are:

  • Week 1
    • Admins communicating with managers
  • Week 2
    • Admins communicating with engineers in week 2
    • Users to share admin access information, and bot/service account information with admins
    • Admins configure SAML in testing environment in week 2
  • Week 3
    • Admins to configure in production in week 3
    • Admins to enable first test users in week 3
  • Week 4
    • Admins to mark bot users as outside collaborators, remove inactive admins, bots, and users in week 4
    • Admins to enable SAML authentication with GitHub for all users in week 4
  • Week 5
    • All users must authenticate with SAML to maintain access in week 5
  • Week 6
    • Admins to enforce SAML authentication with GitHub in week 6

Action needed

Bot/service accounts

If you or your team is responsible for, relying on, or generally aware of any service or bot accounts on GitHub, please respond to this email in detail. GitHub administrators will curate a list of these accounts and manage their access so that they can continue to be available during and after the transition to SAML enforcement.

Maintaining admin access

If there is any administrator access necessary for you or your team that falls outside of a general organizational expectation, please respond to this email in detail. Permissions may be changed for admins that appear inactive or to have inappropriate access.

Pool of test users

If you or your team would be willing to be in a test early adoption group, please respond to this email in detail.

In raw format, for easier copy and paste

Dear Engineers,

As the GitHub Administrators (+ SAML administrators, + IT Security team), we are planning a roll-out of SAML authentication with GitHub Enterprise. This will take place over the next 6 weeks. We would like to share the anticipated plan, to ensure the smoothest transition possible.

**Why are we doing this?**

SAML is a secure authentication method with many benefits to our organization. We already have SAML configured for some of our services. To maximize the benefits and security, we will be configuring SAML with GitHub Enterprise.

**How will engineers be affected**

Once we start this process, GitHub users will need to authenticate to GitHub through SAML. There will be a short window to do this before SAML authentication is enforced, so it is very important to do this promptly. This is planned in week 5 of our transition.

We will also need to identify and manage all service or bot accounts. Engineers are responsible for communicating these accounts with us, so we can grant then the proper access and their use can continue uninterrupted.

**Timeline**

For a detailed view, please see the roll-out plan.

Most important events to be aware of are:

- Week 1
  - Admins communicating with managers
- Week 2
  - Admins communicating with engineers in week 2
  - **Users to share admin access information, and bot/service account information with admins**
  - Admins configure SAML in testing environment in week 2
- Week 3
  - Admins to configure in production in week 3
  - Admins to enable first test users in week 3
- Week 4
  - Admins to mark bot users as outside collaborators, remove inactive admins, bots, and users in week 4
  - Admins to enable SAML authentication with GitHub for all users in week 4
- Week 5
  - **All users must authenticate with SAML to maintain access in week 5**
- Week 6
  - Admins to enforce SAML authentication with GitHub in week 6

**Action needed**

**Bot/service accounts**

If you or your team is responsible for, relying on, or generally aware of any service or bot accounts on GitHub, please respond to this email in detail. GitHub administrators will curate a list of these accounts and manage their access so that they can continue to be available during and after the transition to SAML enforcement.

**Maintaining admin access**

If there is any administrator access necessary for you or your team that falls outside of a general organizational expectation, please respond to this email in detail. Permissions may be changed for admins that appear inactive or to have inappropriate access.

**Pool of test users**

If you or your team would be willing to be in a test early adoption group, please respond to this email in detail.