Getting started with data residency for GitHub Enterprise Cloud

Set up your enterprise on GHE.com by onboarding users, enabling billing, and migrating data.

この記事の内容

When you adopt GitHub Enterprise Cloud with data residency, you can choose where your company's code and data are stored.

After you have worked with GitHub の営業チーム to create an enterprise account with a dedicated URL on GHE.com, you'll use this guide to set up your enterprise. You will:

  • Add users by configuring authentication and provisioning with an identity management system
  • Set up billing for your enterprise
  • Optionally, migrate data from another platform
  • Learn about available features, including features that work differently or require additional configuration

After this initial setup, you'll be able to create organizations and repositories, collaborate on code, configure policies, and more.

Prerequisites

  • You must have been provisioned with an enterprise on GHE.com.

  • If you intend to pay with a Microsoft Azure subscription, you must have admin access to the Azure portal or work with someone to configure an admin consent workflow. For a full list of prerequisites, see "Azure サブスクリプションを接続する."

  • You must ensure that client systems trust GitHub's SSH key fingerprints and can access certain hostnames and IP addresses. See "GHE.com のネットワークの詳細."

1. Add users to your enterprise

Enterprises on GHE.com use Enterprise Managed Users. To create user accounts and grant access to your new enterprise on GHE.com, you must configure authentication and SCIM provisioning. See "Enterprise Managed Users の概要."

Sign in as the setup user

After we create your enterprise, you will receive an email inviting you to choose a password for the setup user, which is used to configure authentication and provisioning. The username is a randomly generated shortcode, suffixed with _admin.

Using an incognito or private browsing window:

  1. Set the user's password.
  2. Save the user's recovery codes.

セットアップ ユーザーのパスワードをリセットする必要がある場合、GitHub Support ポータル から GitHub Support に問い合わせます。 メール アドレスを指定した通常のパスワードのリセット オプションは機能しません。

Create a personal access token

次に、プロビジョニングの構成に使用できる personal access token を作成します。

  • トークンを作成する際は、セットアップ ユーザーとしてサインインする必要があります。
  • トークンには、少なくとも scim:enterprise スコープが必要です。
  • トークンに有効期限は必要ありません

personal access token (classic) を作成する方法については、「個人用アクセス トークンを管理する」を参照してください。

Configure authentication

Next, configure how your members will authenticate.

If you're using Entra ID as your IdP, you can choose between OpenID Connect (OIDC) and Security Assertion Markup Language (SAML).

  • We recommend OIDC, which includes support for Conditional Access Policies (CAP).
  • If you require multiple enterprises provisioned from one tenant, you can use SAML or OIDC for the first enterprise, but must use SAML for each additional enterprise.

If you're using another IdP, like Okta or PingFederate, you must use SAML to authenticate your members.

To get started, read the guide for your chosen authentication method.

Configure provisioning

After you configure authentication, you can configure SCIM provisioning, which is how your IdP will create マネージド ユーザー アカウント on GitHub. See "Getting started with data residency for GitHub Enterprise Cloud."

Manage organization membership

認証とプロビジョニングが構成されたら、IdP グループをチームと同期することで、マネージド ユーザー アカウントの Organization メンバーシップの管理を開始できます。 「ID プロバイダー グループを使用したチーム メンバーシップの管理」をご覧ください。

2. Set up billing

To pay for licenses and services, you can use a credit card, PayPal, or a Microsoft Azure subscription.

3. Migrate data

Optionally, to migrate existing data to your new enterprise on GHE.com, you can use GitHub's migration tools.

Example script for GitHub Enterprise Importer

The following script demonstrates the use of GitHub Enterprise Importer for migration of an individual source repository from GitHub.com to a target repository on GHE.com. The --target-api-url parameter sets your enterprise on GHE.com as the destination of the migration.

You can use the environment variable definitions in the script as an example to create additional commands that migrate data using GitHub Enterprise Importer.

In the following script, replace the following placeholder text with actual values.

PlaceholderDescription
TARGET-TOKENPersonal access token (PAT) for accessing the target enterprise on GHE.com
SOURCE-TOKENPAT for accessing the source resources on GitHub.com
TARGET-GHE-API-URLThe URL for accessing API endpoints for your enterprise. For example, if your enterprise's subdomain is octocorp, this value must be https://api.octocorp.ghe.com.
SOURCE-GH-ORGANIZATION-NAMEThe name of the source organization on GitHub.com.
SOURCE-GH-REPOSITORY-NAMEThe name of the source repository on GitHub.com.
TARGET-GHE-ORGANIZATION-NAMEThe name of the target organization on GHE.com.
TARGET-GHE-REPOSITORY-NAMEThe name of the target repository on GHE.com.
Bash
#!/bin/sh

export GH_PAT="TARGET-TOKEN"
export GH_SOURCE_PAT="SOURCE-TOKEN"
export TARGET_API_URL="TARGET-GHE-API-URL"
export GITHUB_SOURCE_ORG="SOURCE-GH-ORGANIZATION-NAME"
export SOURCE_REPO="SOURCE-GH-REPOSITORY-NAME"
export GITHUB_TARGET_ORG="TARGET-GHE-ORGANIZATION-NAME"
export TARGET_REPO="TARGET-GHE-REPOSITORY-NAME"

gh gei migrate-repo --target-api-url $TARGET_API_URL --github-source-org $GITHUB_SOURCE_ORG --source-repo $SOURCE_REPO --github-target-org $GITHUB_TARGET_ORG --target-repo $TARGET_REPO --verbose

4. Learn about GitHub's features

When you have completed the initial setup of your enterprise, you and your enterprise's members can start using GitHub's features.

The features available with data residency on GHE.com are similar to the features available to マネージド ユーザー アカウント on GitHub.com, with some additions and exceptions. Some features work differently or require additional configuration compared to the equivalent feature on GitHub.com. See "データ所在地付き GitHub Enterprise Cloud の機能の概要."

Further reading