This article is part of a series of GitHub Administration best practices to think about and implement when working with your GitHub Enterprise or Organization.
Below are some quick tips to either check you are already practicing, or to quickly implement as an administrator.
Enable SAML Single Sign-On
Turn on SSO to secure access to code and private data for your GitHub Organizations. SAML single sign-on provides an extra layer of security to your organizations. SSO also provides protection from SSH and personal access tokens (PAT), meaning they need to be authorized before use. Also, if you generated them before enabling SSO, users have to reauthorize them.
The following GitHub link provides steps to enabling SSO: Enable SAML
Enable Two-Factor Authentication
Enforcing two-factor authentication for your organizations provides another layer of security by adding a second step to confirm the identity of a user. To enable two-factor authentication, use the following GitHub link: 2FA
Additionally, when using 2FA, use an app-time based token instead of SMS. You can use Microsoft’s Authenticator app to simply authenticate your GitHub credentials or other Apps.
Have as Few Organizations as Possible
It is a good rule of thumb to always generate as few organizations in your GitHub Enterprise. If possible, just one. Note that organizations are silos. Communication across organizations is easy, but not between organizations. For example, a team on Organization 1 cannot send a notification to a team on Organization 2.
Also, having a single organization promotes inner sourcing, increased search functionality, and collaboration as all your repositories, code, or data, live in a single entity.
Do not use organizations as a folder for repositories, but instead think about how you can leverage GitHub Teams or repository permissions to administer access to code. Siloes should be siloed on purpose. Organizations should be created because it makes sense as a separate entity.