diff --git a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md b/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md index d9c4c16dba5b..9fcbaf6235c8 100644 --- a/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md +++ b/content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/about-support-for-your-idps-conditional-access-policy.md @@ -24,6 +24,10 @@ redirect_from: For more information about using OIDC with {% data variables.product.prodname_emus %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-oidc-for-enterprise-managed-users)" and "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-from-saml-to-oidc)." +## About CAP and deploy keys + +A deploy key is an SSH key that grants access to an individual repository. Because deploy keys do not perform operations on behalf of a user, CAP IP conditions do not apply to any requests authenticated with a deploy key. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys)." + ## Considerations for integrations and automations {% data variables.product.prodname_dotcom %} sends the originating IP address to your IdP for validation against your CAP. To make sure actions and apps are not blocked by your IdP's CAP, you will need to make changes to your configuration. @@ -49,3 +53,7 @@ When {% data variables.product.prodname_github_apps %} call {% data variables.pr You can contact the owners of the apps you want to use, ask for their IP ranges, and configure your IdP's CAP to allow access from those IP ranges. If you're unable to contact the owners, you can review your IdP sign-in logs to review the IP addresses seen in the requests, then allow-list those addresses. If you do not wish to allow all of the IP ranges for all of your enterprise's apps, you can also exempt installed {% data variables.product.prodname_github_apps %} and authorized {% data variables.product.prodname_oauth_apps %} from the IdP allow list. If you do so, these apps will continue working regardless of the originating IP address. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#allowing-access-by-github-apps)." + +## Further reading + +- [Using the location condition in a Conditional Access policy](https://learn.microsoft.com/entra/identity/conditional-access/location-condition) on Microsoft Learn diff --git a/content/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise.md b/content/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise.md index 67227be8740f..19d6889a0ba3 100644 --- a/content/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise.md +++ b/content/billing/managing-licenses-for-visual-studio-subscriptions-with-github-enterprise/about-visual-studio-subscriptions-with-github-enterprise.md @@ -51,6 +51,12 @@ You can view the number of {% data variables.product.prodname_enterprise %} lice You can also see pending {% data variables.product.prodname_enterprise %} invitations to subscribers in {% data variables.visual_studio.prodname_vss_admin_portal_with_url %}. +## About licenses for {% data variables.product.prodname_ghe_server %} + +{% data reusables.enterprise.ghe-includes-ghec-and-ghes %} For more information, see "[AUTOTITLE](/admin/overview/about-github-for-enterprises#about-deployment-options)." + +If you use {% data variables.product.prodname_ghe_server %}, you can ensure that each {% data variables.product.prodname_vs %} subscriber consumes only one license seat, regardless of whether the subscriber uses {% data variables.product.prodname_ghe_server %}, {% data variables.product.prodname_ghe_cloud %}, or both. If a subscriber only uses {% data variables.product.prodname_ghe_server %}, the subscriber does not also need a user account for {% data variables.product.prodname_ghe_cloud %}. For more information, see "[AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud)." + ## Further reading - [{% data variables.product.prodname_vs %} subscriptions with {% data variables.product.prodname_enterprise %}](https://docs.microsoft.com/visualstudio/subscriptions/access-github) in Microsoft Docs diff --git a/content/billing/managing-your-license-for-github-enterprise/about-licenses-for-github-enterprise.md b/content/billing/managing-your-license-for-github-enterprise/about-licenses-for-github-enterprise.md index 020de78f1b43..253cac854e80 100644 --- a/content/billing/managing-your-license-for-github-enterprise/about-licenses-for-github-enterprise.md +++ b/content/billing/managing-your-license-for-github-enterprise/about-licenses-for-github-enterprise.md @@ -21,7 +21,7 @@ shortTitle: About licenses {% endif %} -{% data reusables.enterprise-licensing.unique-user-licensing-model %} +{% data reusables.enterprise-licensing.unique-user-licensing-model %} For more information about per-user pricing, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/about-per-user-pricing)." For more about the price of {% data variables.product.prodname_enterprise %} licenses, see [Pricing](https://github.com/pricing) on the {% data variables.product.prodname_dotcom %} website. To ensure the same user isn't consuming more than one license for multiple enterprise deployments, you can synchronize license usage between your {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %} deployments. diff --git a/content/repositories/creating-and-managing-repositories/about-repositories.md b/content/repositories/creating-and-managing-repositories/about-repositories.md index 532556e7e99c..440415f9463d 100644 --- a/content/repositories/creating-and-managing-repositories/about-repositories.md +++ b/content/repositories/creating-and-managing-repositories/about-repositories.md @@ -110,15 +110,8 @@ All enterprise members have read permissions to the internal repository, but int {% data reusables.repositories.internal-repo-default %} -{% ifversion ghec %}Unless your enterprise uses {% data variables.product.prodname_emus %}, members{% else %}Members{% endif %} of the enterprise can fork any internal repository owned by an organization in the enterprise. The forked repository will belong to the member's personal account, and the visibility of the fork will be private. If a user is removed from all organizations owned by the enterprise, that user's forks of internal repositories are removed automatically. +By default, enterprise members can fork an internal repository into any organization where the user can create repositories. Organization owners can also allow users to create a fork owned by a user account, and can manage the forking policy for an organization. Enterprise owners can manage the forking policy for some or all organizations within an enterprise. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization)" and "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-forking-private-or-internal-repositories)." -{% ifversion ghec %} -{% note %} - -**Note:** {% data variables.enterprise.prodname_managed_users_caps %} cannot fork internal repositories. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users#abilities-and-restrictions-of-managed-user-accounts)." - -{% endnote %} -{% endif %} {% endif %} ## Next steps diff --git a/data/features/team-discussions-migration.yml b/data/features/team-discussions-migration.yml index 3539cc34e01f..76d52b36b53f 100644 --- a/data/features/team-discussions-migration.yml +++ b/data/features/team-discussions-migration.yml @@ -1,4 +1,4 @@ # Reference: #8869 # Team Discussions migration and eventual deprecation announcement (for GHES - already deprecated for Dotcom and GHEC) versions: - ghes: '>3.9' + ghes: '>3.9 <3.13' diff --git a/data/features/team-discussions.yml b/data/features/team-discussions.yml index e806eec45691..987327616b72 100644 --- a/data/features/team-discussions.yml +++ b/data/features/team-discussions.yml @@ -1,4 +1,4 @@ # Reference: #8869 # Versions for which team discussions is still supported (deprecated for all other versions) versions: - ghes: '<3.12' + ghes: '<3.13' diff --git a/data/release-notes/enterprise-server/3-10/0.yml b/data/release-notes/enterprise-server/3-10/0.yml index 0d5167c36d27..5951f2c86de1 100644 --- a/data/release-notes/enterprise-server/3-10/0.yml +++ b/data/release-notes/enterprise-server/3-10/0.yml @@ -316,4 +316,4 @@ sections: - heading: Upcoming deprecation of team discussions notes: - | - GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.12. In GitHub Enterprise Server 3.10, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)." + GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.10, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)." [Updated: 2024-03-04] diff --git a/data/release-notes/enterprise-server/3-11/0.yml b/data/release-notes/enterprise-server/3-11/0.yml index 35414ac9d085..6513ebc2e717 100644 --- a/data/release-notes/enterprise-server/3-11/0.yml +++ b/data/release-notes/enterprise-server/3-11/0.yml @@ -353,5 +353,11 @@ sections: For more information about Python releases, see [Status of Python versions](https://devguide.python.org/versions) on the Python website. For more information about supported package managers for Dependabot, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#supported-repositories-and-ecosystems)." + # https://github.com/github/releases/issues/2605 + - heading: Upcoming deprecation of team discussions + notes: + - | + GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.11, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)." [Updated: 2024-03-04] + errata: - 'The "[Changes](/admin/release-notes#3.11.0-changes)" section previously indicated that users should update GitHub Actions workflows and actions to run on Node.js 16. Node.js 16 has reached end of life, and users should instead update actions and workflows to run on Node.js 20 or later. [Updated: 2024-03-05]' diff --git a/data/release-notes/enterprise-server/3-12/0-rc1.yml b/data/release-notes/enterprise-server/3-12/0-rc1.yml index 93597ffcfcf9..615ebe8068dd 100644 --- a/data/release-notes/enterprise-server/3-12/0-rc1.yml +++ b/data/release-notes/enterprise-server/3-12/0-rc1.yml @@ -178,3 +178,11 @@ sections: {% data reusables.release-notes.2023-11-cluster-ha-failover-git-push-failure %} - | Restoring backups with `ghe-restore` on a GHES cluster will exit prematurely if `redis` has not restarted properly. + + deprecations: + # https://github.com/github/releases/issues/2605 + - heading: Upcoming deprecation of team discussions + notes: + - | + GitHub will deprecate team discussions for users in GitHub Enterprise Server 3.13. In GitHub Enterprise Server 3.12, a banner appears atop teams' discussions with information about the deprecation, including a link to tooling to migrate existing team discussions to GitHub Discussions. For more information, see "[AUTOTITLE](/organizations/collaborating-with-your-team/about-team-discussions)" and "[AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions)." [Updated: 2024-03-04] + diff --git a/data/reusables/enterprise-accounts/emu-cap-validates.md b/data/reusables/enterprise-accounts/emu-cap-validates.md index f362c9b0abde..36ddb549cf68 100644 --- a/data/reusables/enterprise-accounts/emu-cap-validates.md +++ b/data/reusables/enterprise-accounts/emu-cap-validates.md @@ -1 +1 @@ -When your enterprise uses OIDC SSO, {% data variables.product.prodname_dotcom %} will automatically use your IdP's conditional access policy (CAP) IP conditions to validate user interactions with {% data variables.product.prodname_dotcom %}, when members change IP addresses, and each time a {% data variables.product.pat_generic %} or SSH key is used. +When your enterprise uses OIDC SSO, {% data variables.product.prodname_dotcom %} will automatically use your IdP's conditional access policy (CAP) IP conditions to validate interactions with {% data variables.product.prodname_dotcom %} when members change IP addresses, and for each authentication with a {% data variables.product.pat_generic %} or SSH key associated with a user account. diff --git a/data/reusables/enterprise_clustering/network-latency.md b/data/reusables/enterprise_clustering/network-latency.md index 321218c196d3..c1e8fc8f7313 100644 --- a/data/reusables/enterprise_clustering/network-latency.md +++ b/data/reusables/enterprise_clustering/network-latency.md @@ -1 +1 @@ -For high availability, the latency between the network with the active nodes and the network with the replica nodes must be less than 70 milliseconds. We don't recommend configuring a firewall between the two networks. +The latency between primary and replica nodes must be less than 70 milliseconds. We don't recommend configuring a firewall between the nodes' networks. diff --git a/data/reusables/organizations/team-discussions-api-deprecation.md b/data/reusables/organizations/team-discussions-api-deprecation.md index f734cb0d1959..e9f8c629b306 100644 --- a/data/reusables/organizations/team-discussions-api-deprecation.md +++ b/data/reusables/organizations/team-discussions-api-deprecation.md @@ -2,7 +2,7 @@ {% note %} -The team discussions and team discussion comments endpoints will be deprecated in {% data variables.product.prodname_ghe_server %} 3.12 in favor of {% data variables.product.prodname_discussions %}. For more information about {% data variables.product.prodname_discussions %}, see "[AUTOTITLE](/discussions)." +The team discussions and team discussion comments endpoints will be deprecated in {% data variables.product.prodname_ghe_server %} 3.13 in favor of {% data variables.product.prodname_discussions %}. For more information about {% data variables.product.prodname_discussions %}, see "[AUTOTITLE](/discussions)." {% endnote %} diff --git a/data/reusables/organizations/team-discussions-migration.md b/data/reusables/organizations/team-discussions-migration.md index aaec4b5c7dfc..d6b3f9dbcbfb 100644 --- a/data/reusables/organizations/team-discussions-migration.md +++ b/data/reusables/organizations/team-discussions-migration.md @@ -1,7 +1,7 @@ {% note %} -**Note**: Team discussions will be deprecated in {% data variables.product.prodname_ghe_server %} 3.12 in favor of {% data variables.product.prodname_discussions %}. You can transfer your existing team discussions to a repository's discussions by using a migration tool that allows team admins to migrate both public and private team discussions. Click the "Transfer" button in the banner at the top of your team discussions page, then choose the repository in your organization that you want to migrate the discussions to. +**Note**: Team discussions will be deprecated in {% data variables.product.prodname_ghe_server %} 3.13 in favor of {% data variables.product.prodname_discussions %}. You can transfer your existing team discussions to a repository's discussions by using a migration tool that allows team admins to migrate both public and private team discussions. Click the "Transfer" button in the banner at the top of your team discussions page, then choose the repository in your organization that you want to migrate the discussions to. For more information about {% data variables.product.prodname_discussions %}, see "[AUTOTITLE](/discussions)."