Week Three: Authentication and Adoption 🔑 [GitHub Administration Certification Prep Course]

[queenofcorgis]

Welcome to Week Three of the GitHub Administration Exam prep course! You’re almost halfway there. Let’s dig into authentication, adoption, and support.

As a thank you for participating in these discussions, we’ll be awarding 15 GitHub Certification exam vouchers to members who engage with us during the course.

Need a recap or want to catch up?

• Week One’s Discussion
• Week Two’s Discussion

Step One: Prep 📚

We’ve assembled some materials for this first section.

• Microsoft Learn Modules
  • Authenticate and authorize user identities on GitHub
  • GitHub administration for enterprise support and adoption
• Further Reading:
  • Viewing and managing a member's SAML access to your organization from GitHub Docs
  • Synchronizing a team with an identity provider group from GitHub Docs
• Video
  • Hands on with GitHub in the Enterprise

Step Two: Test Your Knowledge ⚡

Question One: Which protocol does GitHub support for automated user provisioning and deprovisioning with enterprise identity providers?
A) LDAP
B) SSO
C) SCIM
D) OAuth

Question Two: What is a consequence of enabling SAML single sign-on (SSO) for an organization?
A) Users can sign in with their GitHub username only to all company tools
B) Users must authenticate through the configured identity provider before accessing organization resources
C) All repositories in the organization are available to authenticated users
D) 2FA is automatically disabled

Question Three: Which authentication method is recommended for secure command-line access to GitHub repositories?
A) Username and password
B) Public access tokens
C) Email verification
D) SSH keys

Question Four: What is the primary difference between authentication and authorization in GitHub?
A) Authentication verifies user identity; authorization determines what resources a user can access
B) Authentication grants access to resources; authorization verifies user identity
C) Authentication manages repository settings; authorization manages user passwords
D) Authentication provides permissions to teams; authorization adds users to organizations

Question Five: What issues should be solved by an administrator vs. GitHub support? Select all that apply.
A) Removing sensitive data from commits
B) Restoring recently deleted branches
C) Recovering recently deleted repositories
D) Managing repository access
E) Restoring force-pushed commits

Question Six: What is a key benefit of deploying multiple organizations within a GitHub Enterprise account?
A) It enables unlimited organization creation helping you get the most value out of your plan
B) It allows every team to have their own organization
C) It creates more complex structure to your enterprise and shows account maturity
D) It provides granular control over permissions and policies for different business units

Question Seven: When an employee leaves an organization, how does EMU help maintain security?
A) The user’s GitHub account is automatically deactivated
B) The user is automatically removed from the enterprise via the identity provider
C) The user triggers an alert to the administrator to manually remove them from the enterprise
D) The user’s permissions are not affected

We’ll be sharing the answers in the comments on Friday 🧠

Use the discussion below to share additional study resources, ask questions for our team to answer, and respond to our prep questions.

*No Purchase Necessary. Open only to Github community members 18+. Game ends 11/1/25. For details, see Official Rules.

[fradel]

Question One
Which protocol does GitHub support for automated user provisioning and deprovisioning with enterprise identity providers?
Answer: C) SCIM
GitHub supports SCIM (System for Cross-domain Identity Management) for automated provisioning and deprovisioning.

Question Two
What is a consequence of enabling SAML single sign-on (SSO) for an organization?
Answer: B) Users must authenticate through the configured identity provider before accessing organization resources
SAML SSO ensures users are verified by the identity provider before accessing GitHub organization resources.

Question Three
Which authentication method is recommended for secure command-line access to GitHub repositories?
Answer: D) SSH keys
SSH keys are the most secure and recommended method for CLI access to GitHub.

Question Four
What is the primary difference between authentication and authorization in GitHub?
Answer: A) Authentication verifies user identity; authorization determines what resources a user can access
Authentication confirms who the user is; authorization defines what they can do.

Question Five
GitHub support is typically needed for:
C) Recovering recently deleted repositories

Question Six
What is a key benefit of deploying multiple organizations within a GitHub Enterprise account?
Answer: D) It provides granular control over permissions and policies for different business units
Multiple organizations allow tailored access and governance across teams.

Question Seven
When an employee leaves an organization, how does EMU help maintain security?
Answer: B) The user is automatically removed from the enterprise via the identity provider
Enterprise Managed Users (EMU) integrates with identity providers to automate user removal.

is that right?

[paulsuv9]

Thanks for posting the full set, @fradel—your breakdown helped validate my own reasoning. Especially appreciated the clarity around EMU and SCIM. Looking forward to your take on Week Four!

[paulsuv9]

✅ Week Three Knowledge Check – GitHub Admin Prep (With Rationale)

Posting my answers for Week Three, along with brief reasoning:

1. C) SCIM
   → GitHub supports SCIM for automated provisioning/deprovisioning with enterprise identity providers.

2. B) Users must authenticate through the configured identity provider before accessing organization resources
   → SAML SSO enforces identity provider authentication before access.

3. D) SSH keys
   → SSH keys are the recommended method for secure CLI access to GitHub.

4. A) Authentication verifies user identity; authorization determines what resources a user can access
   → Authentication = who you are; Authorization = what you can do.

5. C) Recovering recently deleted repositories
   → This is a GitHub support task; others are typically admin responsibilities.

6. D) It provides granular control over permissions and policies for different business units
   → Multiple orgs allow tailored governance across teams.

7. B) The user is automatically removed from the enterprise via the identity provider
   → EMU integrates with identity providers to automate user removal.

Looking forward to Week Four and seeing how others are approaching policy enforcement and repo lifecycle management.