Merge pull request github#15574 from github/repo-sync

repo sync

Author: Octomerger

content/admin/identity-and-access-management/index.md

@@ -9,11 +9,15 @@ versions:
   ghes: '*'
   ghae: '*'
 topics:
+  - Accounts
+  - Authentication
   - Enterprise
+  - SSO
 children:
   - /authenticating-users-for-your-github-enterprise-server-instance
   - /managing-iam-for-your-enterprise
   - /managing-iam-with-enterprise-managed-users
+  - /managing-recovery-codes-for-your-enterprise
   - /configuring-authentication-and-provisioning-with-your-identity-provider
 ---
 

content/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-identity-and-access-management-for-your-enterprise.md

@@ -26,6 +26,8 @@ redirect_from:
 
 {% data reusables.saml.dotcom-saml-explanation %} {% data reusables.saml.about-saml-enterprise-accounts %} For more information, see "[Configuring SAML single sign-on for your enterprise](/admin/authentication/managing-identity-and-access-for-your-enterprise/configuring-saml-single-sign-on-for-your-enterprise)."
 
+{% data reusables.enterprise-accounts.about-recovery-codes %} For more information, see "[Managing recovery codes for your enterprise](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise)."
+
 After you enable SAML SSO, depending on the IdP you use, you may be able to enable additional identity and access management features. {% data reusables.scim.enterprise-account-scim %}
 
 If you use Azure AD as your IDP, you can use team synchronization to manage team membership within each organization. {% data reusables.identity-and-permissions.about-team-sync %} For more information, see "[Managing team synchronization for organizations in your enterprise account](/admin/authentication/managing-identity-and-access-for-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise)."

content/admin/identity-and-access-management/managing-iam-for-your-enterprise/configuring-saml-single-sign-on-for-your-enterprise.md

@@ -86,6 +86,7 @@ For more detailed information about how to enable SAML using Okta, see "[Configu
 ![Drop-downs for the Signature Method and Digest method hashing algorithms used by your SAML issuer](/assets/images/help/saml/saml_hashing_method.png)
 10. Before enabling SAML SSO for your enterprise, click **Test SAML configuration** to ensure that the information you've entered is correct. ![Button to test SAML configuration before enforcing](/assets/images/help/saml/saml_test.png)
 11. Click **Save**.
+{% data reusables.enterprise-accounts.download-recovery-codes %}
 
 {% elsif ghae %}
 

content/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/about-enterprise-managed-users.md

@@ -76,6 +76,8 @@ The setup user's username is your enterprise's shortcode suffixed with `_admin`.
 
 {% data variables.product.prodname_managed_users_caps %} must authenticate through their identity provider. To authenticate, a {% data variables.product.prodname_managed_user %} can visit their IdP application portal or use the login page on {% data variables.product.prodname_dotcom_the_website %}.
 
+{% data reusables.enterprise-accounts.about-recovery-codes %} For more information, see "[Managing recovery codes for your enterprise](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise)."
+
 ### Authenticating as a {% data variables.product.prodname_managed_user %} via {% data variables.product.prodname_dotcom_the_website %}
 
 1. Navigate to [https://github.com/login](https://github.com/login).

content/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md

@@ -23,7 +23,7 @@ With {% data variables.product.prodname_emus %}, your enterprise uses SAML SSO t
 
 {% data reusables.enterprise-accounts.emu-supported-idps %}
 
-After you configure SAML SSO, we recommend storing your recovery codes so you can recover access to your enterprise in the event that your identity provider is unavailable. For more information, see "[Saving your recovery codes](#saving-your-recovery-codes)."
+After you configure SAML SSO, we recommend storing your recovery codes so you can recover access to your enterprise in the event that your identity provider is unavailable.
 
 {% data reusables.saml.cannot-update-existing-saml-settings %}
 
@@ -102,23 +102,10 @@ After you install and configure the {% data variables.product.prodname_emu_idp_a
 
     {% endnote %}
 
-1. To ensure you can still access your enterprise in the event that your identity provider is ever unavailable in the future, click **Download**, **Print**, or **Copy** to save your recovery codes.
-![Button to test SAML configuration before enforcing](/assets/images/help/saml/saml_recovery_code_options.png)
+{% data reusables.enterprise-accounts.download-recovery-codes %}
+
 
 ### Enabling provisioning
 
 After you enable SAML SSO, enable provisioning. For more information, see "[Configuring SCIM provisioning for enterprise managed users](/github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users)."
 
-## Saving your recovery codes
-
-In the event that your identity provider is unavailable, you can use the setup user and a recovery code to sign in and access your enterprise. If you did not save your recovery codes when you configured SAML SSO, you can still access them from your enterprise's settings.
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.security-tab %}
-
-1. Under "Require SAML authentication", click **Save your recovery codes**.
-![Button to test SAML configuration before enforcing](/assets/images/help/enterprises/saml-recovery-codes-link.png)
-
-2. To save your recovery codes, click **Download**, **Print**, or **Copy**.
-![Button to test SAML configuration before enforcing](/assets/images/help/saml/saml_recovery_code_options.png)

content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable.md

@@ -0,0 +1,28 @@
+---
+title: Accessing your enterprise account if your identity provider is unavailable
+shortTitle: Access your enterprise account
+intro: "You can sign into {% data variables.product.product_name %} even if your identity provider is unavailable by bypassing SAML single sign-on (SSO) with a recovery code."
+versions:
+  ghec: '*'
+type: how_to
+topics:
+  - Accounts
+  - Authentication
+  - Enterprise
+  - SSO
+permissions: "Enterprise owners can use a recovery code to access an enterprise account."
+---
+
+You can use a recovery code to access your enterprise account when a SAML configuration error or an issue with your identity provider (IdP) prevents you from using SAML SSO. 
+
+In order to access your enterprise account this way, you must have previously downloaded and stored the recovery codes for your enterprise. For more information, see "[Downloading your enterprise account's SAML single sign-on recovery codes](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-saml-single-sign-on-recovery-codes)."
+
+{% data reusables.saml.recovery-code-caveats %}
+
+{% note %}
+
+**Note:** If your enterprises uses {% data variables.product.prodname_emus %}, you must sign in as the setup user to use a recovery code.
+
+{% endnote %}
+
+{% data reusables.saml.recovery-code-access %}

content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-saml-single-sign-on-recovery-codes.md

@@ -0,0 +1,28 @@
+---
+title: Downloading your enterprise account's SAML single sign-on recovery codes
+shortTitle: Download recovery codes
+intro: "To ensure that you can access {% data variables.product.product_name %} if your identity provider (IdP) is unavailable, you should download your enterprise account's SAML single sign-on (SSO) recovery codes."
+versions:
+  ghec: '*'
+type: how_to
+topics:
+  - Accounts
+  - Authentication
+  - Enterprise
+  - SSO
+permissions: "Enterprise owners can download the SAML SSO recovery codes for the enterprise account."
+---
+
+In the event that your IdP is unavailable, you can use a recovery code to sign in and access your enterprise on {% data variables.product.product_location %}. For more information, see "[Accessing your enterprise account if your identity provider is unavailable](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable)."
+
+If you did not save your recovery codes when you configured SAML SSO, you can still access the codes from your enterprise's settings.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.security-tab %}
+
+1. Under "Require SAML authentication", click **Save your recovery codes**.
+![Screenshot of the button to test SAML configuration before enforcing](/assets/images/help/enterprises/saml-recovery-codes-link.png)
+
+2. To save your recovery codes, click **Download**, **Print**, or **Copy**.
+![Screenshot of the buttons to download, print, or copy your recovery codes](/assets/images/help/saml/saml_recovery_code_options.png)

content/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/index.md

@@ -0,0 +1,16 @@
+---
+title: Managing recovery codes for your enterprise
+shortTitle: Manage recovery codes
+intro: "With SAML single sign-on recovery codes, you can access your enterprise account even when your identity provider is unavailable."
+versions:
+  ghec: '*'
+topics:
+  - Accounts
+  - Authentication
+  - Enterprise
+  - SSO
+children:
+  - /downloading-your-enterprise-accounts-saml-single-sign-on-recovery-codes
+  - /accessing-your-enterprise-account-if-your-identity-provider-is-unavailable
+---
+

content/organizations/managing-saml-single-sign-on-for-your-organization/accessing-your-organization-if-your-identity-provider-is-unavailable.md

@@ -14,20 +14,9 @@ shortTitle: Unavailable identity provider
 
 Organization administrators can use [one of their downloaded or saved recovery codes](/articles/downloading-your-organization-s-saml-single-sign-on-recovery-codes) to bypass single sign-on. You may have saved these to a password manager, such as [LastPass](https://lastpass.com/) or [1Password](https://1password.com/).
 
-{% note %}
+{% data reusables.saml.recovery-code-caveats %}
 
-**Note:** You can only use recovery codes once and you must use them in consecutive order. Recovery codes grant access for 24 hours.
-
-{% endnote %}
-
-1. At the bottom of the single sign-on dialog, click **Use a recovery code** to bypass single sign-on.
-![Link to enter your recovery code](/assets/images/help/saml/saml_use_recovery_code.png)
-2. In the "Recovery Code" field, type your recovery code.
-![Field to enter your recovery code](/assets/images/help/saml/saml_recovery_code_entry.png)
-3. Click **Verify**.
-![Button to verify your recovery code](/assets/images/help/saml/saml_verify_recovery_codes.png)
-
-After you've used a recovery code, make sure to note that it's no longer valid. You will not be able to reuse the recovery code.
+{% data reusables.saml.recovery-code-access %}
 
 ## Further reading
 

data/reusables/enterprise-accounts/about-recovery-codes.md

@@ -0,0 +1 @@
+If a SAML configuration error or an issue with your identity provider (IdP) prevents you from using SAML SSO, you can use a recovery code to access your enterprise.