Coexisting with SAML SSO enabled personal accounts and SAML SSO enabled enterprise managed users

[jcasale]

Select Topic Area

Question

Body

I need to start transitioning an enterprise with several orgs that currently uses SAML SSO enabled personal accounts to SAML SSO enabled enterprise managed users. I can swing the migration in advance.

Is this a supported configuration?

[thevibingteen]

Yes — this is a supported transition path, but there are some important limitations to understand.

GitHub allows you to run SAML SSO–enabled personal accounts and Enterprise Managed Users (EMU) side-by-side temporarily during migration. However:

EMU users are fully isolated from personal GitHub accounts

EMU users cannot be added to organizations that still rely on personal accounts

You’ll need to migrate orgs one-by-one to the EMU enterprise

Teams, permissions, and repo access must be re-mapped during migration

Recommended approach:

Create your EMU enterprise and connect IdP

Pilot migration with a test org

Move orgs incrementally

Decommission SAML-on-personal-account orgs after validation

Important: Direct “in-place conversion” of users is not supported — EMU identities are created fresh from your IdP.

GitHub Enterprise Support should be involved for planning and execution, especially for production enterprises.

This setup is supported short-term for migration, but not intended as a permanent mixed-access model.

Hope this helps 👍

[jcasale]

Thank you very much for the detailed information.