pull base content,head:MicrosoftDocs:main,into:wwlpublishsync

Author: wwlpublish

learn-pr/github/authenticate-authorize-user-identities-github/1-introduction.yml

@@ -4,7 +4,7 @@ title: Introduction
 metadata:
   title: Introduction
   description: Learn how to manage the authentication and authorization of user identities on GitHub.
-  ms.date: 04/09/2024
+  ms.date: 04/09/2025
   author: a-a-ron
   ms.author: aastewar
   ms.topic: unit

learn-pr/github/authenticate-authorize-user-identities-github/2-user-identity-access-management.yml

@@ -4,7 +4,7 @@ title: User identity and access management
 metadata:
   title: User identity and access management
   description: Learn how to manage the authentication and authorization of user identities on GitHub.
-  ms.date: 04/09/2024
+  ms.date: 04/09/2025
   author: a-a-ron
   ms.author: aastewar
   ms.topic: unit

learn-pr/github/authenticate-authorize-user-identities-github/3-authentication.yml

@@ -4,7 +4,7 @@ title: User authentication
 metadata:
   title: User authentication
   description: Learn the different ways to authenticate a user in GitHub.
-  ms.date: 04/09/2024
+  ms.date: 04/09/2025
   author: a-a-ron
   ms.author: aastewar
   ms.topic: unit

learn-pr/github/authenticate-authorize-user-identities-github/4-authorization.yml

@@ -4,7 +4,7 @@ title: User authorization
 metadata:
   title: User authorization 
   description: Learn the different ways to authorize a user in GitHub.
-  ms.date: 04/09/2024
+  ms.date: 04/09/2025
   author: a-a-ron
   ms.author: aastewar
   ms.topic: unit

learn-pr/github/authenticate-authorize-user-identities-github/5-team-synchronization.yml

@@ -4,7 +4,7 @@ title: Team synchronization
 metadata:
   title: Team synchronization
   description: Learn about the team synchronization feature within GitHub.
-  ms.date: 04/09/2024
+  ms.date: 04/09/2025
   author: a-a-ron
   ms.author: aastewar
   ms.topic: unit

learn-pr/github/authenticate-authorize-user-identities-github/6-knowledge-check.yml

@@ -4,7 +4,7 @@ title: Module assessment
 metadata:
   title: Module assessment
   description: Review what you learned.
-  ms.date: 04/09/2024
+  ms.date: 04/09/2025
   author: a-a-ron
   ms.author: aastewar
   ms.topic: unit
@@ -60,4 +60,4 @@ quiz:
           explanation: "This form of 2FA relies on the assumption that the user is the only person with access to their mobile device."
         - content: "Security Key"
           isCorrect: false
-          explanation: "A user can register a new security key through accessing their profile settings and following the security key’s documentation."
+          explanation: "A user can register a new security key through accessing their profile settings and following the security key's documentation."

learn-pr/github/authenticate-authorize-user-identities-github/7-summary.yml

@@ -4,7 +4,7 @@ title: Summary
 metadata:
   title: Summary
   description: Recap the content taught in this module.
-  ms.date: 04/09/2024
+  ms.date: 04/09/2025
   author: a-a-ron
   ms.author: aastewar
   ms.topic: unit

learn-pr/github/authenticate-authorize-user-identities-github/includes/3-authentication.md

@@ -1,20 +1,20 @@
-Here, you'll learn about two recommended authentication systems  GitHub Enterprises employ. You'll also learn how to do a basic but important 2FA audit for user compliance.
+Here, you'll learn about two recommended authentication systems  GitHub Enterprises employ. You'll also learn how to do a basic—but important—2FA audit for user compliance.
 
 When it comes to user authentication, security should be the number one consideration that comes to mind. Strong security is essential. It seems like every month or so, a company reports a data breach. Credentials are stolen because of inefficient security processes, or simply because of a lack of up-to-date security features within the company. Establishing secure user authentication can be a difficult task if user adoption requires long and frustrating steps to authenticate. Ask any security professional and they'll mention several ways that companies authenticate their users.
 
 There are two recommended authentication methods you can implement when authenticating your users on GitHub: SAML SSO and multifactor authentication, also known as 2FA or MFA.
 
 ## Authentication with SAML SSO
 
-SAML authentication is a process used to verify user identity and credentials against a known identity provider. Nowadays, your company might likely already be using this form of authentication. If so, you can link your existing IdP to GitHub for user sign-in management. The following is a high-level overview of the process that occurs with enabled SAML SSO within your GitHub Enterprise:
+SAML authentication is a process used to verify user identity and credentials against a known identity provider. Nowadays, your company might already be using this form of authentication. If so, you can link your existing IdP to GitHub for user sign-in management. The following is a high-level overview of the process that occurs with enabled SAML SSO within your GitHub Enterprise:
 
 - Before enabling SAML SSO with your GitHub Enterprise, an Administrator needs to connect the GitHub organization to a supported IdP.
 - Next, when a member accesses resources within an organization that uses SAML SSO, GitHub redirects the member to the IdP to authenticate.
 - After successful authentication, the IdP redirects the member back to GitHub, where the member can access the organization's resources. The result means that even after configuring SAML SSO, the GitHub organization's members will continue to be prompted to log into their user accounts on GitHub.
 
 ### Enforce SAML SSO for your organization
 
-It's important to note that if you have enabled SAML SSO across your organization, you'll need to enforce authentication after the setting has been enabled. This enforcement makes the authentication process a requirement. As the organization administrator, you can enforce this setting by selecting **Your organizations**, then selecting **Settings**, then choosing **Organization security**. Under SAML single sign-on, select **Require SAML SSO authentication for all members of the organization**.
+It's important to note that if you have enabled SAML SSO across your organization, you'll need to enforce authentication after the setting has been enabled. This enforcement makes the authentication process a requirement. As the organization administrator, you can enforce this setting by selecting **Your organizations**, then selecting **Settings**, then choosing **Authentication security**. Under SAML single sign-on, select **Require SAML SSO authentication for all members of the organization**.
 
 :::image type="content" source="../media/require-saml-sso-authentication.png" alt-text="Screenshot of the setting to require SSO authentication for all members of an organization." :::
 

learn-pr/github/authenticate-authorize-user-identities-github/includes/4-authorization.md

@@ -13,7 +13,7 @@ SCIM is a protocol that tells the directory an account has been created and allo
 > [!NOTE]
 > If you use SAML SSO without implementing SCIM, you won't have automatic deprovisioning.
 
-SCIM integrations allow the secure exchange of user identity data between your IdP and your enterprise on GitHub. SCIM was developed to allow the synchronization of information between an IdP and multiple applications. When organization members' sessions expire after their access is removed from the IdP, they aren't automatically removed from the organization. Authorized tokens grant access to the organization even after their sessions expire. To remove this access, you can either manually remove the authorized token from the organization or automate its removal with SCIM.
+SCIM integrations allow the secure exchange of user identity data between your IdP and your enterprise on GitHub. SCIM was developed to allow synchronizing information between an IdP and multiple applications. When organization members' sessions expire after their access is removed from the IdP, they aren't automatically removed from the organization. Authorized tokens grant access to the organization even after their sessions expire. To remove this access, you can either manually remove the authorized token from the organization or automate its removal with SCIM.
 
 ### SSH key and PAT with SAML SSO
 
@@ -23,9 +23,11 @@ To access your organization's protected resources using the API and Git on the c
 
 :::image type="content" source="../media/saml-sso-ssh-key-example.png" alt-text="Screenshot of the SSH key." :::
 
-After you enable SAML SSO, there are multiple ways you can add new members to your organization. Organization owners can invite new members manually on GitHub or by using the API. To provision new users without an invitation from an organization owner, you can use the URL `https://github.com/orgs/ORGANIZATION/sso/sign_up`, replacing *ORGANIZATION* with the name of your organization. For example, you can configure your IdP so that anyone with access to the IdP can click a link on the IdP's dashboard to join your GitHub organization.
+After you enable SAML SSO, there are multiple ways you can add new members to your organization. Organization owners can invite new members manually on GitHub or by using the API. To provision new users without an invitation from an organization owner, you can use the URL `https://github.com/orgs/ORGANIZATION/sso/sign_up`, replacing *ORGANIZATION* with the name of your organization. For example, you can configure your IdP so that anyone with access to the IdP can select a link on the IdP's dashboard to join your GitHub organization.
 
-SCIM and SAML SSO also have security benefits. The first time a member uses SAML SSO to access your organization, GitHub automatically creates a record that links your organization, the member's GitHub account, and the member's account on your IdP. You can review the SAML SSO identity that a member has linked to their GitHub account. When available, the entry will include SCIM data for the user. You can also view and revoke the linked SAML identity, active sessions, and authorized credentials for members of your organization or enterprise account. When an employee leaves the company, the off-boarding process is automated, and deprovisioning happens automatically. When you unassign the application from a user or deactivate a user's account on your IdP, it will communicate with GitHub.com to invalidate any SAML sessions for that user. Automating these tasks reduces the time required for an administrator to manage user credentials and the risk of error associated with manually entering and updating user information is also mitigated.
+SCIM and SAML SSO also have security benefits. The first time a member uses SAML SSO to access your organization, GitHub automatically creates a record that links your organization, the member's GitHub account, and the member's account on your IdP. You can review the SAML SSO identity that a member has linked to their GitHub account. When available, the entry includes SCIM data for the user. You can also view and revoke the linked SAML identity, active sessions, and authorized credentials for members of your organization or enterprise account.
+
+When an employee leaves the company, the off-boarding process is automated, and deprovisioning happens automatically. When you unassign the application from a user or deactivate a user's account on your IdP, it will communicate with GitHub.com to invalidate any SAML sessions for that user. Automating these tasks reduces the time required for an administrator to manage user credentials and the risk of error associated with manually entering and updating user information is also mitigated.
 
 ### Connect your IdP to your organization
 
@@ -41,7 +43,7 @@ If your support request is outside of the scope of what our team can help you wi
 - Hardware setup
 - CI/CD, such as Jenkins
 - Writing scripts
-- Configuration of external authentication systems, such as SAML identity providers
+- Configuring external authentication systems, such as SAML identity providers
 - Open-source projects
 
 Some companies may have built their own system and synchronize their accounts in a custom way. GitHub doesn't support these custom-created accounts with technical assistance. Technical support by GitHub for changes in the way GitHub.com uses SCIM and SAML is available for enterprises that are using one of the providers listed previously.

learn-pr/github/authenticate-authorize-user-identities-github/includes/5-team-synchronization.md

@@ -36,7 +36,7 @@ You can enable and use team synchronization, but only with the following support
 
 The steps to enable team synchronization depend on the IdP you want to use. There are prerequisites to enable team synchronization that apply to each IdP. To enable team synchronization with your IdP, you must obtain administrative access or work with your IdP administrator to configure the IdP integration and groups. After you enable team synchronization, team maintainers and organization owners can connect a team to an IdP group on GitHub or through the API.
 
-**Microsoft Entra ID**: The GitHub System Admin for the GitHub organization will need to identify and work with the Microsoft Entra Administrator to configure Team Synchronization. On the Microsoft Entra ID side, the service is called "automatic user account provisioning." To enable team synchronization for Microsoft Entra ID, the installation needs the following permissions:
+**Microsoft Entra ID**: The GitHub System Admin for the GitHub organization needs to identify and work with the Microsoft Entra Administrator to configure Team Synchronization. On the Microsoft Entra ID side, the service is called *automatic user account provisioning*. To enable team synchronization for Microsoft Entra ID, the installation needs the following permissions:
 
 - Read all users’ full profiles
 - Sign in and read user profiles
@@ -50,6 +50,6 @@ The steps to enable team synchronization depend on the IdP you want to use. Ther
 
 ## Disable team synchronization
 
-When you disable team synchronization, any team members who were assigned to a GitHub team through the IdP group are removed from the team and may lose access to your organization's repositories. You can disable this feature through the organization settings by selecting **Your organization** and selecting **Settings**. Next, select **Organization security** and choose **Disable team synchronization**.
+When you disable team synchronization, any team members who were assigned to a GitHub team through the IdP group are removed from the team and may lose access to your organization's repositories. You can disable this feature through the organization settings by selecting **Your organization** and selecting **Settings**. Next, select **Authentication security** and choose **Disable team synchronization**.
 
 :::image type="content" source="../media/disable-team-synchronization.png" alt-text="Screenshot of the organization setting to disable team synchronization." :::