From ba784129f8657d7b2328a460af0fccb8ba57093c Mon Sep 17 00:00:00 2001 From: Stoney <19228888+ThatStoney@users.noreply.github.com> Date: Sun, 13 Jul 2025 22:27:01 -0400 Subject: [PATCH 1/2] Clarify backup block device storage requirements (#56553) Co-authored-by: Vanessa --- .../configuring-the-backup-service.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/configuring-the-backup-service.md b/content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/configuring-the-backup-service.md index af6fdd9e41c3..b06e163d309c 100644 --- a/content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/configuring-the-backup-service.md +++ b/content/admin/backing-up-and-restoring-your-instance/backup-service-for-github-enterprise-server/configuring-the-backup-service.md @@ -21,7 +21,7 @@ Before configuring the backup service, ensure you have: To ensure reliable and performant backups, your storage must meet the following requirements: -* **Capacity:** Allocate at least five times the amount of storage used by your primary {% data variables.product.github %} appliance disk. This accounts for historical snapshots and future growth. +* **Capacity:** Allocate at least five times the amount of storage used by your primary {% data variables.product.github %} appliance data disk. This accounts for historical snapshots and future growth. * **Filesystem support:** The backup service uses hard links for efficient storage, and your {% data variables.product.github %} instance uses symbolic links. The backup target must support both symbolic and hard links, and it must use a case-sensitive filesystem to prevent conflicts. You can test whether your filesystem supports hardlinking symbolic links by running: From 6467e89b70531d15f2857d417ba5c73b0e731921 Mon Sep 17 00:00:00 2001 From: Justin Alex <1155821+jusuchin85@users.noreply.github.com> Date: Mon, 14 Jul 2025 12:51:08 +1000 Subject: [PATCH 2/2] [Improvement]: Add a Note to Mention that IdP Connectivity (OIDC/SAML + SCIM) will not be Impacted when IP Allow List is enabled at the Enterprise Level (#56494) Co-authored-by: Vanessa --- ...k-traffic-to-your-enterprise-with-an-ip-allow-list.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/content/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md b/content/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md index efb910144da9..491f007100b4 100644 --- a/content/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md +++ b/content/admin/configuring-settings/hardening-security-for-your-enterprise/restricting-network-traffic-to-your-enterprise-with-an-ip-allow-list.md @@ -23,6 +23,9 @@ redirect_from: By default, authorized users can access your enterprise's resources from any IP address. You can restrict access to your enterprise's private resources by configuring a list that allows or denies access from specific IP addresses. {% data reusables.identity-and-permissions.ip-allow-lists-example-and-restrictions %} +> [!NOTE] +> If your enterprise uses {% data variables.product.prodname_emus %}, enabling the IP allow list does not restrict user provisioning actions performed through SAML/SCIM, OpenID Connect (OIDC) with Entra ID, or via REST API endpoints. For more information, see [AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim). + If your enterprise uses {% data variables.product.prodname_emus %} with Microsoft Entra ID (previously known as Azure AD) and OIDC, you can choose whether to use {% data variables.product.company_short %}'s IP allow list feature or to use the allow list restrictions for your identity provider (IdP). If your enterprise does not use {% data variables.product.prodname_emus %} with Azure and OIDC, you can use {% data variables.product.company_short %}'s allow list feature. {% data reusables.identity-and-permissions.ip-allow-lists-which-resources-are-protected %} @@ -56,8 +59,8 @@ To ensure seamless use of the OIDC CAP while still applying the policy to OAuth {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security %} -1. If you're using {% data variables.product.prodname_emus %} with OIDC, under "IP allow list", select the **IP allow list configuration** dropdown menu and click **GitHub**. -1. Under "IP allow list", select **Enable IP allow list**. +1. If you're using {% data variables.product.prodname_emus %} with OIDC, under "IP allow list," select the **IP allow list configuration** dropdown menu and click **GitHub**. +1. Under "IP allow list," select **Enable IP allow list**. 1. Click **Save**. ### Adding an allowed IP address @@ -119,7 +122,7 @@ To ensure seamless use of the OIDC CAP while still applying the policy to OAuth {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security %} -1. Under "IP allow list", select the **IP allow list configuration** dropdown menu and click **Identity Provider**. +1. Under "IP allow list," select the **IP allow list configuration** dropdown menu and click **Identity Provider**. 1. Optionally, to allow installed {% data variables.product.company_short %} and {% data variables.product.prodname_oauth_apps %} to access your enterprise from any IP address, select **Skip IdP check for applications**. 1. Click **Save**.