GitHub Enterprise Cloud (GHEC) Cheat Sheet
GitHub Enterprise Cloud (GHEC) is GitHub’s cloud-hosted option designed for large businesses and teams. It gives you a central place to manage multiple organizations, control access with enterprise-grade security features, and scale your development work across your entire company. unlike the free or team plans, GHEC includes advanced tools like SAML authentication, managed user accounts, compliance reports, and more. You can try it free for 30 days before buying.
What Is GitHub Enterprise Cloud (GHEC)?
GitHub Enterprise Cloud (GHEC) is GitHub’s cloud option for large companies. It comes with extra features you don’t get in regular GitHub plans. Here’s what that means for you:
-
SAML authentication – You can let people log in with your company credentials instead of managing separate GitHub passwords. This works with most identity providers like Okta, Azure AD, or PingIdentity.
-
More GitHub Actions minutes – Actions are GitHub’s automation tools for building, testing, and deploying code. With GHEC, you get more monthly minutes included than other plans. If you need even more, you can pay for extra.
-
Email domain restrictions – You can control which email domains can receive notifications from your enterprise. This helps prevent company info from accidentally going to personal email addresses.
-
Private GitHub Pages sites – Normally GitHub Pages sites are public. With GHEC, you can host internal project documentation or company wikis that only people in your enterprise can see.
-
Managed user accounts – Instead of people using their personal GitHub accounts, you can create and control accounts for them. Usernames, emails, and access all come from your company’s identity system.
-
Repository rulesets – Branch protection rules on steroids. You can create rules that apply across many repositories at once. For example, “every repository marked ‘production’ must require two approvals before merging.”
-
Compliance reports – Ready-to-use reports for audits. Things like SOC reports or FedRAMP documentation that prove GitHub meets security standards.
When you buy GitHub Enterprise, you get access to both GitHub Enterprise Cloud (hosted by GitHub) and GitHub Enterprise Server (you host it yourself).Â
Enterprise Accounts – Your Control Center
An enterprise account is where you manage everything for your company on GitHub. Think of it as your control room. From here you can see all your organizations, control who has access, set company-wide policies, and handle billing.
What Makes Up an Enterprise Account
| Piece | What It Does |
| Users | Everyone who needs access to your company’s GitHub resources. Depending on which setup you pick, people either use their own GitHub accounts or you create accounts for them. Most people are regular users who don’t mess with enterprise settings – they just work in their organizations and repositories. |
| Organizations | Your enterprise can have one or more orgs. Each org has its own audit logs, policies, and teams. Orgs are where the real work happens – repositories, discussions, and projects. You have two choices for managing orgs: you can either control them from the top (set policies that all orgs must follow) or let org admins handle some decisions themselves. |
| Teams | Groups of users that make it easier to manage access. Instead of adding people one by one to repositories, you can add a whole team. You can create teams at the enterprise level, give them special roles, or add them to orgs. Teams can sync with your identity provider groups, so when someone joins the “engineering” group in your company, they automatically get added to the engineering team on GitHub. |
| Repositories | Where code and files live. Repositories belong to orgs, not directly to the enterprise. But you can set rules at the enterprise level that apply to all repositories with certain tags. For example, you could mark all repositories that contain production code with a “production” property, then set a rule that nobody can delete repositories with that property. |
| Cost centers | Let you split GitHub costs between different parts of your company. Maybe you want the engineering department to pay for their own licenses and Actions usage. Cost centers let you do that. If you pay through Azure, you can even charge different Azure subscriptions for different parts of your business. |
| Policies | Rules that apply everywhere in your enterprise. You can set IP allow lists so people can only access GitHub from your office or VPN. Also, you can control what Copilot features people can use and decide who gets to delete or rename repositories. You can require that all important branches need pull request reviews before anyone can merge. |
| Apps | GitHub Apps let you automate things. For example, you might have an app that automatically creates a new repository every time someone fills out a form. You can set up apps at the enterprise level so they work across all your organizations. People can also let apps access their personal accounts – like signing into an IDE with GitHub. |
Two Ways to Set Up Your GitHub Enterprise Cloud (GHEC)
Before you create your enterprise account, you pick one of two types. Which one you choose depends on how much control you want over user accounts and where you need your data to live.
Enterprise with Personal Accounts
This is the traditional way companies use GitHub. Here’s how it works:
| Area | How It Works |
| User accounts | People use their own personal GitHub accounts. They create them, manage them, sign in themselves. You don’t have to create accounts for anyone – they show up with their existing GitHub identity. |
| Login | You can set up SAML so people also have to log in with your company system. GitHub links their personal account to their company identity. This means when someone leaves the company, you can remove their access from your identity system and they automatically lose access to GitHub. |
| Creating accounts | No automatic account creation at the enterprise level. You can use SCIM (System for Cross-domain Identity Management) to provision access to individual organizations, but you can’t automatically create accounts across your whole enterprise. |
| Where data lives | Can’t pick a region. Data stays where GitHub puts it, which is usually in the United States. If you have rules about data not leaving certain countries, this might not work for you. |
| Public stuff | People can create public repositories, gists, and public GitHub Pages sites. This is great for open source work, but you need to trust that people won’t accidentally leak company code. |
| Working outside the company | People can contribute to any repository anywhere on GitHub, including private ones outside your company. This is useful if your developers contribute to open source or work with external partners. |
| Identity system | Works with any SAML 2.0 provider. GitHub officially tests some of them, like Okta and Azure AD, but anything that speaks SAML should work. |
Enterprise with Managed Users
This is a newer way that gives you much more control. Here’s how it works:
| Area | How It Works |
| User accounts | You create and control the accounts. Usernames and emails follow your company rules – no more “devguy123” or personal email addresses. When someone joins, you create their account. When they leave, you delete it. |
| Login | People must log in through your identity system using SAML or OIDC. They never have a GitHub password. It’s true single sign-on – they click “Login with company” and that’s it. |
| Creating accounts | Your identity system creates and manages accounts automatically. When you add someone to your identity system, they get a GitHub account automatically. When you remove them, it goes away. GitHub works closely with some identity providers to make this smooth – Okta, Azure AD, and others have special integrations. |
| Where data lives | You can pick a region. If you choose this option, you can also choose where your data is stored – EU, Australia, US, or Japan. This is required if you need data residency. |
| Public stuff | Managed users have restrictions. They can’t create public repositories, can’t create any kind of gist, and can’t create public Pages sites. The thinking is that company-owned accounts shouldn’t be publishing things publicly without going through proper channels. Check the docs for the full list of restrictions – there are a few more. |
| Working outside the company | Managed users can only work inside your enterprise. They can’t contribute to repositories outside your company, even private ones. If they need to contribute elsewhere, they’d need a separate personal account (which gets messy and risky – it’s easy to accidentally use the wrong account and leak company code). |
| Identity system | Must use a provider GitHub supports or that meets their guidelines. Most major identity providers work, but you should check the docs for the current list. |
Data ResidencyÂ
If you go with managed users, you can also pick where GitHub stores your company’s data. Your enterprise gets its own spot on GHE.com – a dedicated subdomain just for your company.
Regions you can pick right now:
-
European Union (EU) – Data centers in Europe, for companies that need to keep data in the EU.
-
Australia – For companies in Australia or with Australian compliance requirements.
-
United States (US) – The default if you don’t pick something else.
-
Japan – For companies that need data to stay in Japan.
GitHub plans to add more regions later. This helps if you have rules about where company data can live – like GDPR in Europe or similar laws in other places.
TrialsÂ
Trial Basics
-
How long: 30 days, no cost. Enough time to set things up, invite some people, and see if it works for your company.
-
Payment method: You don’t need one to start. If you want to try Copilot Business during the trial, you do need a card (but you won’t get charged during the trial – they just need it on file).
-
How many people: Up to 50 licenses. So you can invite up to 50 people to try it out.
What You Get in the Trial
| What’s Included | What That Means |
| Most GHEC features | Everything in the paid version except the things listed below. You can test SAML, try out the enterprise account, create organizations, set policies – the whole experience. |
| GitHub Copilot Business | AI pair programming. Copilot suggests code as you type. The Business version includes organization-wide policy controls and doesn’t use your code to train models. You get this for free during the trial. |
| GitHub Advanced Security | Security scanning tools that find secrets and vulnerabilities in your code. Only included if your trial is on GitHub.com (not on GHE.com with data residency). |
| The new billing platform | You can see how usage-based billing would work. It shows you what you’d pay for different levels of usage. |
| An enterprise account | You get a real enterprise account to play with. Create organizations, set up teams, try the policies. |
| 3,000 minutes of standard GitHub-hosted runners | That’s 50 hours of Actions minutes to play with. Enough to run quite a few builds and tests. |
What’s NOT in the Trial
| Not Included | Why It Matters |
| GitHub Codespaces | Cloud development environments. If you want to test this, you’ll need to talk to Sales. |
| GitHub Copilot Enterprise | The version with even more features. The trial gives you Business, not Enterprise. |
| GitHub Sponsors | The funding platform for open source. Probably not what you’re trialing GHEC for anyway. |
| Paid Marketplace apps | Any app you’d normally pay for through GitHub Marketplace. You can’t buy them during the trial. |
| GitHub Connect | The feature that links your cloud instance to a self-hosted server instance. Not available in trial. |
| Git Large File Storage (Git LFS) | For storing big files. Not available in trial. |
| Extra Actions minutes, more parallel jobs, or bigger runners | The trial gives you the base amounts. If you need to test higher limits, you’ll need to talk to Sales. |
Pricing for GitHub Enterprise Cloud (GHEC)
Base Subscription
| Plan | Price | What’s Included |
| GitHub Enterprise Cloud | Starting at $21 per user/month (billed annually) | Everything included in Team plan, plus enterprise account, SAML SSO, audit logs, 50,000 Actions minutes/month, 50 GB Packages storage, 99.9% uptime SLA, and ability to increase spend limits |
Add-On Features
| Feature | Pricing Details |
| GitHub Copilot | Get started for free with up to 2,000 completions and 50 chat requests per month. Paid plans available. |
| GitHub Advanced Security | Two license SKUs: Secret Protection and Code Security. Billed based on unique active committers. Metered or volume billing available. |
| GitHub Codespaces | Starting at $0.18 per hour of compute and $0.07 per GB of storage. |
| Git Large File Storage (LFS) | $5 per month for 50 GB bandwidth and 50 GB storage. |
| Premium Support | Expert help for Enterprise Cloud customers. Contact Sales for pricing. |
Â
References
https://docs.github.com/en/enterprise-cloud@latest/enterprise-onboarding
https://docs.github.com/en/enterprise-cloud@latest/admin/overview/about-github-enterprise-cloud
📚 eBook Sale – grab eBooks as LOW as $2.99 USD each ONLY!
Learn AWS with our PlayCloud Hands-On Labs
$2.99 AWS and Azure Exam Study Guide eBooks
New AWS Generative AI Developer Professional Course AIP-C01
Learn GCP By Doing! Try Our GCP PlayCloud
Learn Serverless Security
Learn Azure with our Azure PlayCloud
FREE AI and AWS Digital Courses
FREE AWS, Azure, GCP Practice Test Samplers
Subscribe to our YouTube Channel
Follow Us On Linkedin
Written by: Joshua Emmanuel Santiago
