github
diff --git a/‎.github/CODEOWNERS
+13-1 b/‎.github/CODEOWNERS
+13-1
diff --git a/‎assets/images/help/code-scanning/alert+autofix.png
132 KB b/‎assets/images/help/code-scanning/alert+autofix.png
132 KB
diff --git a/‎assets/images/help/code-scanning/autofix-example.png
228 KB b/‎assets/images/help/code-scanning/autofix-example.png
228 KB
diff --git a/‎assets/images/help/copilot/chat-indexed-message.png
28.2 KB b/‎assets/images/help/copilot/chat-indexed-message.png
28.2 KB
diff --git a/‎assets/images/help/copilot/chat-sources-list.png
131 KB b/‎assets/images/help/copilot/chat-sources-list.png
131 KB
diff --git a/‎assets/images/help/copilot/content-exclusions-last-edited-by.png
38.6 KB b/‎assets/images/help/copilot/content-exclusions-last-edited-by.png
38.6 KB
diff --git a/‎assets/images/help/copilot/copilot-audit-log.png
185 KB b/‎assets/images/help/copilot/copilot-audit-log.png
185 KB
diff --git a/‎assets/images/help/copilot/copilot-button-for-file.png
5.02 KB b/‎assets/images/help/copilot/copilot-button-for-file.png
5.02 KB
diff --git a/‎assets/images/help/copilot/copilot-buttons-inline-code.png
28.8 KB b/‎assets/images/help/copilot/copilot-buttons-inline-code.png
28.8 KB
diff --git a/‎assets/images/help/copilot/copilot-description-suggestion.png
50.9 KB b/‎assets/images/help/copilot/copilot-description-suggestion.png
50.9 KB
diff --git a/‎assets/images/help/copilot/copilot-disabled-for-repo.png
28.4 KB b/‎assets/images/help/copilot/copilot-disabled-for-repo.png
28.4 KB
diff --git a/‎assets/images/help/copilot/copilot-disabled-for-this-file.png
36.2 KB b/‎assets/images/help/copilot/copilot-disabled-for-this-file.png
36.2 KB
diff --git a/‎assets/images/help/copilot/copilot-history-button.png
15.5 KB b/‎assets/images/help/copilot/copilot-history-button.png
15.5 KB
diff --git a/‎assets/images/help/copilot/copilot-immersive-view-button.png
1.52 KB b/‎assets/images/help/copilot/copilot-immersive-view-button.png
1.52 KB
diff --git a/‎assets/images/help/copilot/copilot-references-button.png
15.6 KB b/‎assets/images/help/copilot/copilot-references-button.png
15.6 KB
diff --git a/‎assets/images/help/copilot/copilot-sample-chat-response.png
150 KB b/‎assets/images/help/copilot/copilot-sample-chat-response.png
150 KB
diff --git a/‎assets/images/help/copilot/feedback-form.png
54 KB b/‎assets/images/help/copilot/feedback-form.png
54 KB
diff --git a/‎assets/images/help/copilot/general-coding-chat.png
123 KB b/‎assets/images/help/copilot/general-coding-chat.png
123 KB
diff --git a/‎assets/images/help/copilot/jetbrains-copilot-chat-icon.png
44.7 KB b/‎assets/images/help/copilot/jetbrains-copilot-chat-icon.png
44.7 KB
diff --git a/‎assets/images/help/copilot/jetbrains-share-feedback.png
152 KB b/‎assets/images/help/copilot/jetbrains-share-feedback.png
152 KB
diff --git a/‎assets/images/help/copilot/paths-to-ignore.png
125 KB b/‎assets/images/help/copilot/paths-to-ignore.png
125 KB
diff --git a/‎assets/images/help/repository/secret-scanning-ai-other-toggle.png
52.3 KB b/‎assets/images/help/repository/secret-scanning-ai-other-toggle.png
52.3 KB
diff --git a/‎assets/images/help/repository/secret-scanning-use-regular-expression-generator.png
131 KB b/‎assets/images/help/repository/secret-scanning-use-regular-expression-generator.png
131 KB
diff --git a/‎assets/images/help/security-overview/security-overview-dashboard-filters.png
169 KB b/‎assets/images/help/security-overview/security-overview-dashboard-filters.png
169 KB
diff --git a/‎content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md
+106-38 b/‎content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md
+106-38
diff --git a/‎content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/index.md
+1-1 b/‎content/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/index.md
+1-1
diff --git a/‎content/admin/identity-and-access-management/iam-configuration-reference/saml-configuration-reference.md
+4-2 b/‎content/admin/identity-and-access-management/iam-configuration-reference/saml-configuration-reference.md
+4-2
@@ -14,4 +14,16 @@ src/ghes-releases/lib/enterprise-dates.json @github/docs-content-enterprise
 content/actions/deployment/security-hardening-your-deployments/** @github/oidc
 
 # RAI - CELA
-content/copilot/github-copilot-chat/about-github-copilot-chat.md @github/legal-product
+data/reusables/copilot/about-copilot-chat.md @github/legal-product
+content/copilot/github-copilot-in-the-cli/about-github-copilot-in-the-cli.md @github/legal-product
+
+content/code-security/secret-scanning/about-the-regular-expression-generator-for-custom-patterns @github/legal-product
+data/reusables/secret-scanning/beta-custom-pattern-regular-expression-generator.md @github/legal-product
+
+content/code-security/secret-scanning/about-the-detection-of-generic-secrets-with-secret-scanning.md @github/legal-product
+data/reusables/secret-scanning/generic-secret-detection-ai.md @github/legal-product
+
+content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md @github/legal-product
+data/reusables/rai/ @github/legal-product
+
+content/copilot/github-copilot-enterprise/copilot-pull-request-summaries/about-copilot-pull-request-summaries.md @github/legal-product
@@ -18,61 +18,56 @@ topics:
   - SSO
 ---
 
-## About SAML single sign-on for {% data variables.product.prodname_emus %}
+## About SAML SSO for {% data variables.product.prodname_emus %}
 
-With {% data variables.product.prodname_emus %}, your enterprise uses your corporate identity provider to authenticate all members. Instead of signing in to {% data variables.product.prodname_dotcom %} with a {% data variables.product.prodname_dotcom %} username and password, members of your enterprise will sign in through your IdP.
+With {% data variables.product.prodname_emus %}, access to your enterprise's resources on {% data variables.location.product_location %} must be authenticated through your identity provider (IdP). Instead of signing in to {% data variables.product.prodname_dotcom %} with a {% data variables.product.prodname_dotcom %} username and password, members of your enterprise will sign in through your IdP.
 
-{% data variables.product.prodname_emus %} supports the following IdPs:
-
-{% data reusables.enterprise-accounts.emu-supported-idps %}
-
-After you configure SAML SSO, we recommend storing your recovery codes so you can recover access to your enterprise in the event that your identity provider is unavailable.
+After you configure SAML SSO, we recommend storing your recovery codes so you can recover access to your enterprise in the event that your IdP is unavailable.
 
 {% data reusables.enterprise_user_management.SAML-to-OIDC-migration-for-EMU %}
 
-{% note %}
-
-**Note:** When SAML SSO is enabled, the only setting you can update on {% data variables.product.prodname_dotcom %} for your existing SAML configuration is the SAML certificate. If you need to update the Sign on URL or Issuer, you must first disable SAML SSO and then reconfigure SAML SSO with the new settings.
-
-{% endnote %}
-
-## Configuring SAML single sign-on for {% data variables.product.prodname_emus %}
+## Prerequisites
 
-To configure SAML SSO for your {% data variables.enterprise.prodname_emu_enterprise %}, you must configure an application on your IdP and then configure your enterprise on GitHub.com. After you configure SAML SSO, you can configure user provisioning.
+- Ensure that you understand the integration requirements and level of support for your IdP. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users#about-authentication-and-user-provisioning)."
 
-To install and configure the {% data variables.product.prodname_emu_idp_application %} application on your IdP, you must have a tenant and administrative access on a supported IdP.
+- Your IdP must adhere to the SAML 2.0 specification. For more information, see the [SAML Wiki](https://wiki.oasis-open.org/security) on the OASIS website.
 
-{% note %}
+{% ifversion emu-public-scim-schema %}-{% endif %} To configure your IdP for SAML SSO with {% data variables.product.prodname_emus %}, you must have a tenant and administrative access on your IdP.
 
-{% data reusables.enterprise-accounts.emu-password-reset-session %}
+{%- ifversion emu-public-scim-schema %}
 
-{% endnote %}
+- {% data reusables.enterprise_user_management.authentication-or-provisioning-migration-not-supported %}
+{%- endif %}
 
-1. [Configuring your identity provider](#configuring-your-identity-provider)
-1. [Configuring your enterprise](#configuring-your-enterprise)
-1. [Enabling provisioning](#enabling-provisioning)
+## Configuring SAML SSO for {% data variables.product.prodname_emus %}
 
-### Configuring your identity provider
+To configure SAML SSO for your {% data variables.enterprise.prodname_emu_enterprise %}, you must configure an application on your IdP, then configure your enterprise on {% data variables.location.product_location %}. After you configure SAML SSO, you can configure user provisioning.
 
-To configure your IdP, follow the instructions they provide for configuring the {% data variables.product.prodname_emu_idp_application %} application on your IdP.
+1. [Configure your IdP](#configuring-your-idp)
+1. [Configure your enterprise](#configuring-your-enterprise)
+1. [Enable provisioning](#enabling-provisioning)
 
-1. To install the {% data variables.product.prodname_emu_idp_application %} application, click the link for your IdP below:
+### Configuring your IdP
 
-     - [{% data variables.product.prodname_emu_idp_application %} application on Azure Active Directory](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.githubenterprisemanageduser?tab=Overview)
-     - [{% data variables.product.prodname_emu_idp_application %} application on Okta](https://www.okta.com/integrations/github-enterprise-managed-user)
-     - [{% data variables.product.prodname_emu_idp_application %} connector on PingFederate](https://www.pingidentity.com/en/resources/downloads/pingfederate.html)
+1. {% ifversion emu-public-scim-schema %}If you use a partner IdP, to install the {% data variables.product.prodname_emu_idp_application %} application, click one of the following links.{% else %}To install the GitHub Enterprise Managed User application, click the link for your IdP below:{% endif %}
 
-       To download the PingFederate connector, navigate to the **Add-ons** tab and select **GitHub EMU Connector 1.0**.
+    - [Azure AD application](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.githubenterprisemanageduser?tab=Overview) in Azure Marketplace
+    - [Okta application](https://www.okta.com/integrations/github-enterprise-managed-user) in Okta's integrations directory
+    - [PingFederate downloads website](https://www.pingidentity.com/en/resources/downloads/pingfederate.html)
 
-1. To configure the {% data variables.product.prodname_emu_idp_application %} application and your IdP, click the link below and follow the instructions provided by your IdP:
+      - To download the PingFederate connector, navigate to the **Add-ons** tab and select **GitHub EMU Connector 1.0**.
 
-     - [Azure Active Directory tutorial for {% data variables.product.prodname_emus %}](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/github-enterprise-managed-user-tutorial)
-     - [Okta documentation for {% data variables.product.prodname_emus %}](https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-GitHub-Enterprise-Managed-User.html)
-     - [PingFederate documentation for {% data variables.product.prodname_emus %}](https://docs.pingidentity.com/r/en-us/pingfederate-github-emu-connector/pingfederate_github_emu_connector)
+1. To configure SAML SSO for {% data variables.product.prodname_emus %} on your IdP, read the following documentation. {% ifversion emu-public-scim-schema %}If you don't use a partner IdP, you can use the SAML configuration reference for {% data variables.product.product_name %} to create and configure a generic SAML 2.0 application on your IdP.{% endif %}
 
-1. So you can test and configure your enterprise, assign yourself or the user that will be configuring SAML SSO on {% data variables.product.prodname_dotcom %} to the {% data variables.product.prodname_emu_idp_application %} application on your IdP.
+   - [Azure AD instructions](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/github-enterprise-managed-user-tutorial) in the Azure AD documentation
+   - [Okta instructions](https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-GitHub-Enterprise-Managed-User.html) in the Okta documentation
+   - [PingFederate instructions](https://docs.pingidentity.com/r/en-us/pingfederate-github-emu-connector/pingfederate_github_emu_connector) in the PingIdentity documentation
+   {%- ifversion emu-public-scim-schema %}
+   - "[AUTOTITLE](/admin/identity-and-access-management/iam-configuration-reference/saml-configuration-reference)"
+   {%- endif %}
+1. To test and configure your enterprise, assign yourself or the user that will configure SAML SSO for your enterprise on {% data variables.location.product_location %} to the application you configured for {% data variables.product.prodname_emus %} on your IdP.
 
-1. To enable you to continue configuring your enterprise on {% data variables.product.prodname_dotcom %}, locate and note the following information from the application you installed on your IdP.
+1. To continue configuring your enterprise on {% data variables.location.product_location %}, locate and note the following information from the application you installed on your IdP.
 
     | Value | Other names | Description |
     | :- | :- | :- |
@@ -82,15 +77,23 @@ To configure your IdP, follow the instructions they provide for configuring the
 
 ### Configuring your enterprise
 
-After you install and configure the {% data variables.product.prodname_emu_idp_application %} application on your identity provider, you can configure your enterprise.
+After you configure SAML SSO for {% data variables.product.prodname_emus %} on your IdP, you can configure your enterprise on {% data variables.location.product_location %}.
+
+After the initial configuration of SAML SSO, the only setting you can update on {% data variables.location.product_location %} for your existing SAML configuration is the SAML certificate. If you need to update the sign-on URL or issuer URL, you must first disable SAML SSO, then reconfigure SAML SSO with the new settings. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/disabling-authentication-for-enterprise-managed-users)."
 
 {% data reusables.emus.sign-in-as-setup-user %}
+
+   {% note %}
+
+   **Note**: {% data reusables.enterprise-accounts.emu-password-reset-session %}
+
+   {% endnote %}
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.security-tab %}
 
 1. Under "SAML single sign-on", select **Require SAML authentication**.
-1. Under **Sign on URL**, type the HTTPS endpoint of your IdP for single sign-on requests that you noted while configuring your IdP.
+1. Under **Sign on URL**, type the HTTPS endpoint of your IdP for SSO requests that you noted while configuring your IdP.
 1. Under **Issuer**, type your SAML issuer URL that you noted while configuring your IdP, to verify the authenticity of sent messages.
 1. Under **Public Certificate**, paste the certificate that you noted while configuring your IdP, to verify SAML responses.
 {% data reusables.saml.edit-signature-and-digest-methods %}
@@ -99,7 +102,7 @@ After you install and configure the {% data variables.product.prodname_emu_idp_a
 
     {% note %}
 
-    **Note:** When you require SAML SSO for your enterprise, the setup user will no longer have access to the enterprise but will remain signed in to GitHub. Only {% data variables.enterprise.prodname_managed_users %} provisioned by your IdP will have access to the enterprise.
+    **Note:** After you require SAML SSO for your enterprise, the setup user will no longer have access to the enterprise but will remain signed in to GitHub. Only {% data variables.enterprise.prodname_managed_users %} provisioned by your IdP will have access to the enterprise.
 
     {% endnote %}
 
@@ -108,3 +111,68 @@ After you install and configure the {% data variables.product.prodname_emu_idp_a
 ### Enabling provisioning
 
 After you enable SAML SSO, enable provisioning. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users)."
+
+### Enabling guest collaborators
+
+If your enterprise uses {% data variables.product.prodname_emus %}, you can use the role of guest collaborator to grant limited access to vendors and contractors. Guest collaborators are provisioned by your IdP, and only have access to the specific repositories or organizations you add them to. Guest collaborators only have access to internal repositories within organizations where they are a member and private repositories they are expressly authorized to access. Guest collaborators will never see internal repositories in an organization they are not a member of. For more information, see "[AUTOTITLE](/admin/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise#guest-collaborators)."
+
+If you use Azure AD or Okta for SAML authentication, you may need to update your IdP application to use guest collaborators.
+
+#### Enabling guest collaborators if you use Azure AD
+
+1. Sign into the Azure Portal.
+1. Click **Identity**.
+1. Click **Applications**.
+1. Click **Enterprise applications**.
+1. Click **All applications**.
+1. View the details for your {% data variables.product.prodname_emus %} application
+1. In the left sidebar, click **Users and Groups**.
+1. View the application registration.
+
+   - If the application registration displays the "Restricted User" or "Guest Collaborator" roles, you're ready to invite guest collaborators to your enterprise.
+   - If the application registration does not display the roles, proceed to the next step.
+1. In the Azure Portal, click **App registrations**.
+1. Click **All applications**, then use the search bar to find your application for {% data variables.product.prodname_emus %}.
+1. Click your SAML application.
+1. In the left sidebar, click **Manifest**.
+1. Under "appRoles", add the following:
+
+   ```json
+   {
+     "allowedMemberTypes": [
+       "User"
+     ],
+     "description": "Guest Collaborator",
+     "displayName": "Guest Collaborator",
+     "id": "1ebc4a02-e56c-43a6-92a5-02ee09b90824",
+     "isEnabled": true,
+     "lang": null,
+     "origin": "Application",
+     "value": "null"
+   },
+   ```
+
+   {% note %}
+
+   **Note:** The `id` value is critical. If another `id` value is present, the update will fail.
+
+   {% endnote %}
+1. Click **Save**.
+
+#### Enabling guest collaborators for your enterprise with Okta
+
+To add the guest collaborator role to your Okta application:
+
+1. Navigate to your application for {% data variables.product.prodname_emus %} on Okta.
+1. Click **Provisioning**.
+1. Click **Go to Profile Editor**.
+1. Find "Roles" at the bottom of the profile editor and click the edit icon.
+1. Add a new role.
+
+   - For "Display name", type `Guest Collaborator`.
+   - For "Value", type `guest_collaborator`.
+1. Click **Save**.
+
+#### Adding guest collaborators to your enterprise
+
+After you enable guest collaborators for your enterprise, you can add guest collaborators to your enterprise. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users#assigning-users-and-groups)."
@@ -2,7 +2,7 @@
 title: Configuring authentication for Enterprise Managed Users
 shortTitle: Authentication for managed users
 product: '{% data reusables.gated-features.emus %}'
-intro: 'You can decide whether people use SAML or OIDC to authenticate, learn about support for conditional access policy, see username considerations, or disable authentication for your {% data variables.enterprise.prodname_emu_enterprise %} on {% data variables.product.prodname_dotcom_the_website %}.'
+intro: 'You can decide whether people use SAML or OIDC to authenticate, learn about support for conditional access policy, or disable authentication for your {% data variables.enterprise.prodname_emu_enterprise %} on {% data variables.product.prodname_dotcom_the_website %}.'
 versions:
   ghec: '*'
 topics:
 
@@ -19,9 +19,11 @@ redirect_from:
 
 ## About SAML configuration
 
-To use SAML single sign-on (SSO) for authentication to {% data variables.product.product_name %}, you must configure both your external SAML identity provider (IdP) and {% ifversion ghes %}{% data variables.location.product_location %}{% elsif ghec %}your enterprise or organization on {% data variables.location.product_location %}{% elsif ghae %}your enterprise on {% data variables.product.product_name %}{% endif %}. In a SAML configuration, {% data variables.product.product_name %} functions as a SAML service provider (SP). For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-saml-for-enterprise-iam)."
+To use SAML single sign-on (SSO) for authentication to {% data variables.product.product_name %}, you must configure both your external SAML identity provider (IdP) and {% ifversion ghes %}{% data variables.location.product_location %}{% elsif ghec %}your enterprise or organization on {% data variables.location.product_location %}{% elsif ghae %}your enterprise on {% data variables.product.product_name %}{% endif %}. In a SAML configuration, {% data variables.product.product_name %} functions as a SAML service provider (SP). For more information about authentication for your enterprise, see "[AUTOTITLE](/admin/identity-and-access-management/understanding-iam-for-enterprises/about-identity-and-access-management#authentication-methods)."
 
-You must enter unique values from your SAML IdP when configuring SAML SSO for {% data variables.product.product_name %}, and you must also enter unique values from {% data variables.product.product_name %} on your IdP. For more information about the configuration of SAML SSO for {% data variables.product.product_name %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise){% ifversion ghes or ghae %}{% elsif ghec %}" or "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization){% endif %}."
+ {% data variables.product.product_name %} provides integration according to the SAML 2.0 specification. For more information, see the [SAML Wiki](https://wiki.oasis-open.org/security) on the OASIS website.
+
+You must enter unique values from your SAML IdP when configuring SAML SSO for {% data variables.product.product_name %}, and you must also enter unique values from {% data variables.product.product_name %} on your IdP. For more information about authentication for
 
 ## SAML metadata