GitHub Enterprise Managed Users (EMU) requires SAML 2.0 for authentication. When integrating with a partner identity provider (IdP) like Microsoft Entra ID or Okta, administrators can use a pre-configured gallery application. This application streamlines the setup by automating much of the configuration. In contrast, integrating with a non-partner IdP that is SAML 2.0 compliant requires a manual setup process. The administrator must manually copy and paste SAML configuration details, such as the Sign on URL (Assertion Consumer Service URL), Issuer (Entity ID), and the public signing certificate, between GitHub and the identity provider to establish the trust relationship.

A. Enterprise Managed Users exclusively uses the SAML 2.0 protocol for user authentication. OpenID Connect (OIDC) is not a supported authentication protocol for this specific GitHub offering.

C. Both partner and non-partner integrations for Enterprise Managed Users support the exact same authentication method: SAML 2.0 single sign-on. The integration type does not change this.

D. While the partner IdP vendor supports their platform, GitHub provides support for the integration itself. This statement is less precise than option B, which describes a fundamental technical difference in the configuration process.

1. GitHub Docs

"Configuring SAML single sign-on for Enterprise Managed Users": This document outlines the necessary steps for SAML configuration. It specifies the information required from any IdP: "To configure SAML SSO

you must provide GitHub with the details of your SAML IdP. GitHub requires the Sign on URL

Issuer

and Public certificate." This confirms the manual detail exchange for non-templated (non-partner) integrations.

2. GitHub Docs

"About Enterprise Managed Users": Under the "Authentication and user provisioning" section

it is explicitly stated

"With Enterprise Managed Users

your identity provider (IdP) controls user accounts and authentication... GitHub Enterprise Cloud uses SAML for authentication...". This reference invalidates option A

as it confirms SAML is the required protocol

not OIDC.

3. GitHub Docs

"Configuring SAML single sign-on and provisioning for Enterprise Managed Users with Azure AD": This guide for a partner IdP demonstrates a streamlined process using a gallery application ("GitHub Enterprise Managed User")

contrasting with the manual value entry required for a generic

non-partner SAML provider. This implicitly supports the correctness of option B.