update docs

hugodutka · hugodutka · commit 6d77c0164ecc · 2025-05-12T14:10:34.000Z
diff --git a/docs/admin/users/github-auth.md b/docs/admin/users/github-auth.md
@@ -5,11 +5,8 @@
 By default, new Coder deployments use a Coder-managed GitHub app to authenticate
 users. We provide it for convenience, allowing you to experiment with Coder
 without setting up your own GitHub OAuth app. Once you authenticate with it, you
-grant Coder server read access to:
-
-- Your GitHub user email
-- Your GitHub organization membership
-- Other metadata listed during the authentication flow
+grant Coder server read access to your GitHub user email and other metadata listed
+during the authentication flow.
 
 This access is necessary for the Coder server to complete the authentication
 process. To the best of our knowledge, Coder, the company, does not gain access
@@ -33,6 +30,15 @@ To limit sign ups to members of specific GitHub organizations, set:
 CODER_OAUTH2_GITHUB_ALLOWED_ORGS="your-org"
 ```
 
+> [!NOTE]
+> This requires the default GitHub app to be installed in the organizations you
+> want to limit sign ups to. You may install the app by visiting
+> [this page](https://github.com/apps/coder/installations/select_target).
+>
+> However, this will technically grant Coder, the company, access to your
+> organization's data as described in the installation flow. We recommend
+> configuring your own GitHub OAuth app as outlined below instead.
+
 For production deployments, we recommend configuring your own GitHub OAuth app
 as outlined below. The default is automatically disabled if you configure your
 own app or set:
