You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-access-to-githubcom-using-a-corporate-proxy.md
+11-7Lines changed: 11 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,17 +7,21 @@ versions:
7
7
ghec: '*'
8
8
---
9
9
10
-
>[!NOTE] The header for restricting access to {% data variables.product.prodname_dotcom_the_website %} is currently in {% data variables.release-phases.public_preview %} and subject to change. Although preview releases are not typically supported by {% data variables.product.company_short %} Support (see [AUTOTITLE](/get-started/using-github/exploring-early-access-releases-with-feature-preview#githubs-release-cycle)), this feature is supported by {% data variables.product.company_short %} Support while in {% data variables.release-phases.public_preview %}.
11
-
12
10
If you use {% data variables.product.prodname_emus %}, you can block users on your network from authenticating to {% data variables.product.prodname_dotcom_the_website %} with accounts that are not members of your enterprise. This helps reduce the risk of your company's data being exposed to the public.
13
11
14
12
To enforce this restriction, you will configure your network proxy or firewall to inject a header into your users' web and API requests to {% data variables.product.prodname_dotcom_the_website %}.
15
13
16
14
This feature requires an external firewall or proxy. {% data variables.contact.github_support %} cannot assist with setup or troubleshooting for external tools such as these. For more about scope of support, see [AUTOTITLE](/support/learning-about-github-support/about-github-support#scope-of-support).
17
15
18
-
## Requesting access
16
+
## Enabling access restrictions
17
+
18
+
This feature is not enabled by default. An enterprise owner can enable the feature for your enterprise.
19
+
20
+
{% data reusables.enterprise-accounts.access-enterprise-emu %}
21
+
{% data reusables.enterprise-accounts.settings-tab %}
1. In the "Enterprise access restrictions" section, select **Enable enterprise access restrictions**.
19
24
20
-
This feature is not enabled by default. To request access, contact your account manager in {% data variables.product.github %}'s Sales team or [sign up here](https://github.com/features/preview/enterprise-access-restrictions).
21
25
22
26
## Prerequisites
23
27
@@ -27,7 +31,7 @@ This feature is not enabled by default. To request access, contact your account
27
31
* To enforce the restriction, all traffic must flow through a proxy or firewall. The proxy or firewall must:
28
32
* Be capable of intercepting and editing traffic, commonly called a "break and inspect" proxy
29
33
* Support arbitrary header injection
30
-
*{% data variables.product.company_short %} must have granted you access to this feature.
34
+
*Your enterprise owner has enabled this feature.
31
35
32
36
## Finding the header
33
37
@@ -42,8 +46,8 @@ An enterprise owner can identify the correct enterprise ID to use in the header
42
46
{% data reusables.enterprise-accounts.access-enterprise-emu %}
43
47
{% data reusables.enterprise-accounts.settings-tab %}
1. In the "Enterprise access restrictions" section, find the header for your enterprise. This section is only visible for enterprises with the feature enabled.
46
-
49
+
1. In the "Enterprise access restrictions" section, find the header for your enterprise.
50
+
47
51
## Using the header
48
52
49
53
For best results, configure your proxy to inject the header into all traffic to the following **supported endpoints**.
0 commit comments