Merge pull request #42419 from github/repo-sync

Repo sync

Author: docs-bot

CHANGELOG.md

@@ -1,5 +1,21 @@
 # Docs changelog
 
+**16 January 2026**
+
+We published [About user offboarding on GitHub Enterprise Cloud](https://docs.github.com/en/enterprise-cloud@latest/admin/concepts/identity-and-access-management/user-offboarding) to give enterprise customers clear guidance about offboarding processes. The article covers recommended offboarding methods, the effects of offboarding, and what happens when a user is removed from all organizations in an enterprise.
+
+We also updated [Removing a member from your enterprise](https://docs.github.com/en/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise) and [Removing a member from your organization](https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-membership-in-your-organization/removing-a-member-from-your-organization) to include instructions for enterprises that use Enterprise Managed Users or SCIM for organizations.
+
+<hr>
+
+**13 January 2026**
+
+We've added a new reference article to clarify which of the various types of custom instructions for Copilot are supported by Copilot Chat, Copilot coding agent, and Copilot code review in GitHub.com, Visual Studio Code, Visual Studio, JetBrains IDEs, Eclipse, Xcode, and Copilot CLI.
+
+[Support for different types of custom instructions](https://docs.github.com/copilot/reference/custom-instructions-support)
+
+<hr>
+
 **8 January 2026**
 
 We've added information about permissions to the article [Using GitHub Copilot CLI](https://docs.github.com/copilot/how-tos/use-copilot-agents/use-copilot-cli#permissions).

content/admin/concepts/identity-and-access-management/index.md

@@ -10,6 +10,7 @@ topics:
 children:
   - /identity-and-access-management-fundamentals
   - /enterprise-managed-users
+  - /user-offboarding
 contentType: concepts
 ---
 

content/admin/concepts/identity-and-access-management/user-offboarding.md

@@ -0,0 +1,62 @@
+---
+title: About user offboarding on {% data variables.product.prodname_ghe_cloud %}
+shortTitle: User offboarding
+intro: 'Manage access with confidence by understanding the recommended approach for offboarding users.'
+versions:
+  ghec: '*'
+contentType: concepts
+topics:
+  - Accounts
+  - Authentication
+  - Enterprise
+  - Identity
+  - SSO
+---
+
+## How should I offboard users?
+
+The method for offboarding a user depends on your enterprise type:
+
+* **Personal accounts**: Remove the user from the enterprise account using the {% data variables.product.github %} UI or API.
+  * Outside collaborators are an exception to this process. They cannot be removed in the enterprise settings, and must be removed from each repository instead.
+* **{% data variables.product.prodname_emus %}**: Suspend the user's account by removing the user from the {% data variables.product.github %} application in your identity provider.
+  * The user will show as suspended on your enterprise's "People" page.
+  * It is **not** possible to remove a {% data variables.enterprise.prodname_managed_user %} from the enterprise completely.
+
+For instructions, see [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise).
+
+## What happens when a user is offboarded?
+
+When you offboard a user by following the instructions linked above:
+
+* The offboarded user loses access to private and internal resources in your enterprise and organizations.
+* The user's {% data variables.product.pat_generic_plural %}, SSH keys, and app authorizations can no longer be used to access your enterprise's and organizations' resources. Access to your resources is restored if the user is added back to the enterprise and relevant organizations.
+* The user stops consuming licenses granted from your enterprise, including {% data variables.product.prodname_enterprise %} and {% data variables.product.prodname_copilot %} licenses. This change may not be reflected on your bill until the next billing cycle.
+* If you use {% data variables.product.prodname_emus %}, the user will no longer be able to sign in to their {% data variables.enterprise.prodname_managed_user %}.
+* If you use an enterprise with personal accounts, the user will still be able to sign in to their account and access other resources on {% data variables.product.github %}, even if you have enabled SAML SSO for your enterprise or organizations. This is because SSO only applies to your enterprise- or organization-owned resources.
+* The user's commits, issues, pull requests, comments, and so on are retained in organization-owned repositories. However, the user's username is obfuscated if you use {% data variables.product.prodname_emus %}.
+
+For {% data variables.product.prodname_emus %}, you will find a more exhaustive list of effects of offboarding in [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/deprovisioning-and-reinstating-users).
+
+## What about removing a user from all organizations?
+
+Historically, some enterprises' offboarding processes have relied on removing a user from all organizations in the enterprise. However, in many cases, this approach is **not** sufficient for fully offboarding a user.
+
+### When is a user removed from the enterprise?
+
+If a user loses access to all organizations in an enterprise, the user is also removed from the enterprise account if **all** of the following things are true:
+
+* You use an enterprise with **personal accounts**.
+* Your enterprise has **disabled** the policy described in [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/control-offboarding).
+* The user does **not** have the enterprise owner or enterprise billing manager role.
+
+### What happens if a user remains in the enterprise?
+
+In **any** other situation, a user who loses access to all organizations remains in the enterprise.
+
+* If the user has the enterprise owner or enterprise billing manager role, they remain in the enterprise with this role.
+* If the user doesn't have one of those roles, the user becomes an unaffiliated user.
+
+Users without organization membership cannot access internal repositories in the enterprise. They also do not consume a {% data variables.product.prodname_enterprise %} license, unless they meet another criterion listed in [AUTOTITLE](/billing/reference/github-license-users#organizations-on-github-enterprise-cloud). However, they keep other privileges including enterprise roles and {% data variables.product.prodname_copilot %} licenses granted directly from the enterprise.
+
+For more information, see [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-roles-in-your-enterprise/abilities-of-roles).

content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise.md

@@ -1,7 +1,7 @@
 ---
 title: Removing a member from your enterprise
-intro: You can remove an enterprise member from an enterprise.
-permissions: Enterprise owners can remove an enterprise member from an enterprise.
+intro: Offboard users from an enterprise by following the recommended approach for your enterprise type.
+permissions: Enterprise owners or IdP administrators
 versions:
   feature: remove-enterprise-members
 type: how_to
@@ -12,23 +12,38 @@ redirect_from:
   - /admin/user-management/managing-users-in-your-enterprise/removing-a-member-from-your-enterprise
 ---
 
-## About removal of enterprise members
+The recommended offboarding approach for your enterprise depends on whether you use personal accounts or {% data variables.product.prodname_emus %}. To learn more about the effects of offboarding users, see [AUTOTITLE](/admin/concepts/identity-and-access-management/user-offboarding).
 
-If your enterprise does not use {% data variables.product.prodname_emus %}, you can remove an enterprise member from your enterprise on {% data variables.product.prodname_dotcom_the_website %}. When you remove a member from your enterprise, the member is removed from all organizations owned by your enterprise and loses access to any {% data variables.copilot.copilot_business_short %} licenses assigned through those organizations. Removing a member from your enterprise also removes any of the member's administrative roles, such as the owner or billing manager roles. See [AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise).
+## Removing a member from an enterprise with personal accounts
 
-If the enterprise member you're removing is the last owner of an organization owned by your enterprise, you will become an owner of that organization.
-
-If your enterprise or any of the organizations owned by your enterprise uses an identity provider (IdP) to manage organization membership, the member may be added back to the organization by the IdP. Make sure to also make any necessary changes in your IdP.
+When you remove a member from your enterprise, the member is removed from all organizations owned by your enterprise and loses privileges granted through the enterprise, such as roles or licenses.
 
-If your enterprise does use {% data variables.product.prodname_emus %}, you must remove the enterprise members through your identity provider (IdP) and the SCIM integration instead. See [AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users#about-organization-membership-management).
-
-## Removing a member from your enterprise
+If the enterprise member you're removing is the last owner of an organization owned by your enterprise, you will become an owner of that organization.
 
-> [!NOTE]
-> If an enterprise member uses only {% data variables.product.prodname_ghe_server %}, and not {% data variables.product.prodname_ghe_cloud %}, you cannot remove the enterprise member this way.
+>[!TIP] For automated offboarding, you can also remove users with the GraphQL API. See [AUTOTITLE](/graphql/reference/mutations#removeenterprisemember).
 
-{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.access-enterprise-personal-accounts %}
 {% data reusables.enterprise-accounts.people-tab %}
 1. To the right of the person you want to remove, select the {% octicon "kebab-horizontal" aria-label="Member settings" %} dropdown menu and click **Remove from enterprise**.
 
    ![Screenshot of a user in the list of enterprise members. A dropdown menu, labeled with a kebab icon, is highlighted with an orange outline.](/assets/images/help/business-accounts/remove-member.png)
+
+1. If your enterprise uses SAML SSO, or if any of your organizations use SAML and SCIM provisioning, **remove the user's access to {% data variables.product.github %} apps on your identity provider**. A user may be assigned access directly or via an IdP group assigned to the app: make sure to remove the user from both.  For organizations with SCIM provisioning enabled, this should trigger a SCIM deprovisioning call, which ensures that the user's associated SAML and SCIM identities are fully removed from the organization.
+
+   This is a good practice for security, and it also helps ensure that users cannot rejoin the organization using the SAML endpoint when SAML is configured at the organization level (see [AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on#adding-members-to-an-organization-using-saml-sso)).
+
+If the user is still listed as an enterprise member, this may be because the user is a member of a {% data variables.product.prodname_ghe_server %} instance that is linked to your enterprise via {% data variables.product.prodname_github_connect %}. You will need to remove this user from the {% data variables.product.prodname_ghe_server %} settings.
+
+## Suspending a user with {% data variables.product.prodname_emus %}
+
+With {% data variables.product.prodname_emus %}, including all enterprises on {% data variables.enterprise.data_residency_site %}, you manage user access from your identity provider (IdP).
+
+To offboard a user, you will suspend their account rather than removing them from the enterprise completely.
+
+1. Trigger a deprovisioning call for the user. For more information about the types of deprovisioning and the actions that trigger it for different integrations, see [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/deprovisioning-and-reinstating-users#triggers-of-soft-deprovisioning).
+1. Check if the user's organization membership is managed directly or managed by IdP groups. See [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#filtering-by-member-type-in-an-enterprise-with-managed-users).
+1. If the user's organization membership is managed directly, remove the user manually from all organizations. See [AUTOTITLE](/organizations/managing-membership-in-your-organization/removing-a-member-from-your-organization).
+
+## Removing an outside collaborator
+
+In enterprises that use personal accounts, you cannot remove outside collaborators using the enterprise settings. However, an organization owner can remove an outside collaborator from all repositories in an organization. See [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-outside-collaborators/removing-an-outside-collaborator-from-an-organization-repository).

content/admin/monitoring-and-managing-your-instance/index.md

@@ -15,5 +15,6 @@ children:
   - /configuring-clustering
   - /configuring-high-availability
   - /caching-repositories
+  - /multiple-data-disks
 shortTitle: 'Monitor and manage your instance'
 ---