Skip to content

Clarify SSO credential authorization as GitHub Enterprise Cloud–only in credential types reference#43860

Open
Copilot wants to merge 5 commits intomainfrom
copilot/update-sso-authorization-for-ec
Open

Clarify SSO credential authorization as GitHub Enterprise Cloud–only in credential types reference#43860
Copilot wants to merge 5 commits intomainfrom
copilot/update-sso-authorization-for-ec

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 17, 2026
edited
Loading

The SSO authorization section in github-credential-types.md was rendered for all versions, which made GHES readers see guidance for UI/API options they do not have. This update tightens scope language so SSO credential authorization behavior is explicitly GHEC-only and explicitly excluded for GHES.

  • Scope corrections in SSO authorization content

    • Updated the ## SSO authorization intro to start with GHEC context and explicitly state non-applicability to GHES.
    • Updated the SSO footnote ([^1]) to scope automatic app authorization behavior to GHEC.

  • Scope corrections where SSO behavior is referenced outside the section

    • Updated SSO-related bullets in OAuth app and GitHub App user token revocation sections to begin with GHEC context and state GHES exclusion.
    • Updated revocation guidance under ### Revoking SSO authorization so REST/UI/bulk statements are explicitly GHEC-scoped.

  • No version-conditional rendering changes

    • Applied prose-only clarification (no {% ifversion %} changes), preserving article structure and availability across versions.
On {% data variables.product.prodname_ghe_cloud %}, when single sign-on (SSO) ...
... SSO credential authorization does not apply to {% data variables.product.prodname_ghe_server %}.
Original prompt

The SSO authorization section in content/organizations/managing-programmatic-access-to-your-organization/github-credential-types.md currently renders for all versions (including GitHub Enterprise Server), but actually only applies to GitHub Enterprise Cloud. To address this:

  • Edit the relevant section(s) so it's clear SSO credential authorization features only apply to GitHub Enterprise Cloud.
  • For affected paragraphs/steps, begin with wording such as "On GitHub Enterprise Cloud".
  • Explicitly state that SSO credential authorization does not apply to GitHub Enterprise Server anywhere this context is needed.
  • Do NOT add {% ifversion %} tags—use only prose.
  • Ensure the scope is clear anywhere SSO authorization behavior is described or referenced.

Reference Slack thread discussion: Customers are confused because docs show SSO authorization guidance in GHES versions where those options are not present, and GHEC-specific links are hardcoded/unhelpful for GHES readers.

Do not change unrelated content. Only clarify the scope as described above.

This pull request was created from Copilot chat.

Copilot AI changed the title [WIP] Clarify SSO authorization features for GitHub Enterprise Cloud Clarify SSO credential authorization as GitHub Enterprise Cloud–only in credential types reference Apr 17, 2026
Copilot AI requested a review from myarb April 17, 2026 14:27
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 17, 2026
edited
Loading

How to review these changes 👓

Thank you for your contribution. To review these changes, choose one of the following options:

A Hubber will need to deploy your changes internally to review.

Table of review links

Note: Please update the URL for your staging server or codespace.

The table shows the files in the content directory that were changed in this pull request. This helps you review your changes on a staging server. Changes to the data directory are not included in this table.

Source Review Production What Changed
organizations/managing-programmatic-access-to-your-organization/github-credential-types.md fpt
ghec
ghes@ 3.20 3.19 3.18 3.17 3.16 3.15 3.14
fpt
ghec
ghes@ 3.20 3.19 3.18 3.17 3.16 3.15 3.14

Key: fpt: Free, Pro, Team; ghec: GitHub Enterprise Cloud; ghes: GitHub Enterprise Server

🤖 This comment is automatically generated.

@jc-clark jc-clark requested a review from wilsonwong1990 April 17, 2026 16:26
jc-clark
jc-clark previously approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jc-clark jc-clark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM from a docs perspective. @wilsonwong1990, this is the PR Copilot opened from the Slack thread. What do you think of these changes?

@jc-clark jc-clark marked this pull request as ready for review April 17, 2026 16:27
Copilot AI review requested due to automatic review settings April 17, 2026 16:27
Copilot AI reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR clarifies that SSO credential authorization behavior described in the credential types reference applies to {% data variables.product.prodname_ghe_cloud %} only, so readers on {% data variables.product.prodname_ghe_server %} don’t interpret cloud-only UI/API options as available on server.

Changes:

  • Updated SSO authorization section intro and footnote to explicitly scope behavior to {% data variables.product.prodname_ghe_cloud %} and exclude {% data variables.product.prodname_ghe_server %}.
  • Updated SSO-related revocation bullets (OAuth app tokens, GitHub App user access tokens) to add explicit {% data variables.product.prodname_ghe_cloud %}-only context.
  • Updated “Revoking SSO authorization” guidance to clearly scope UI/REST/bulk actions to {% data variables.product.prodname_ghe_cloud %}.
Show a summary per file
File Description
content/organizations/managing-programmatic-access-to-your-organization/github-credential-types.md Adds explicit cloud-only scoping for SSO credential authorization/revocation guidance throughout the reference.

Copilot's findings

  • Files reviewed: 1/1 changed files
  • Comments generated: 2

Comment thread ...t/organizations/managing-programmatic-access-to-your-organization/github-credential-types.md Outdated
Comment thread ...t/organizations/managing-programmatic-access-to-your-organization/github-credential-types.md Outdated
@myarb
Apply suggestions from code review
7599677 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
myarb
myarb approved these changes Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@myarb myarb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your review, @jc-clark ! I applied some of Copilot's suggestions so approving here.

wilsonwong1990
wilsonwong1990 approved these changes Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown

@wilsonwong1990 wilsonwong1990 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for fixing this. It will definitely help clarify for our users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jc-clark jc-clark jc-clark left review comments

+2 more reviewers

@myarb myarb myarb approved these changes

@wilsonwong1990 wilsonwong1990 wilsonwong1990 approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@myarb myarb

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@myarb @wilsonwong1990 @jc-clark