Enterprise bug fixes for the week of January 9, 2023 (#33959)

lecoursen · mchammer01 · web-flow · commit e55138699598 · 2023-01-18T15:41:23.000Z
Co-authored-by: mc &lt;42146119+mchammer01@users.noreply.github.com&gt;
diff --git a/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users.md b/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users.md
@@ -81,19 +81,23 @@ To discover how a member was added to an organization, you can filter the member
 {% data variables.enterprise.prodname_managed_users_caps %} can only contribute to private and internal repositories within their enterprise and private repositories owned by their user account. {% data variables.enterprise.prodname_managed_users_caps %} have read-only access to the wider {% data variables.product.prodname_dotcom %} community. These visibility and access restrictions for users and content apply to all requests, including API requests.
 
 * {% data variables.enterprise.prodname_managed_users_caps %} cannot be invited to organizations or repositories outside of the enterprise, nor can the {% data variables.enterprise.prodname_managed_users %} be invited to other enterprises.
-* Outside collaborators are not supported by {% data variables.product.prodname_emus %}.
-* {% data variables.enterprise.prodname_managed_users_caps %} cannot create issues or pull requests in, comment or add reactions to, nor star, watch, or fork repositories outside of the enterprise.
-* {% data variables.enterprise.prodname_managed_users_caps %} can view all public repositories on {% data variables.product.prodname_dotcom_the_website %}, but cannot push code to repositories outside of the enterprise.
 * {% data variables.enterprise.prodname_managed_users_caps %} and the content they create is only visible to other members of the enterprise.
-* {% data variables.enterprise.prodname_managed_users_caps %} cannot follow users outside of the enterprise.
+* Other {% data variables.product.prodname_dotcom %} users cannot see, mention, or invite a {% data variables.enterprise.prodname_managed_user %} to collaborate.
+* {% data variables.enterprise.prodname_managed_users_caps %} can view all public repositories on {% data variables.product.prodname_dotcom_the_website %}, but cannot interact with repositories outside of the enterprise in any of the following ways:
+  - Push code to the repository
+  - Create issues or pull requests within the repository
+  - Create or comment on discussions within the repository
+  - Comment on issues or pull requests, or add reactions to comments
+  - Star, watch, or fork the repository
 * {% data variables.enterprise.prodname_managed_users_caps %} cannot create gists or comment on gists.
+* {% data variables.enterprise.prodname_managed_users_caps %} cannot follow users outside of the enterprise.
 * {% data variables.enterprise.prodname_managed_users_caps %} cannot create starter workflows for {% data variables.product.prodname_actions %}.
 * {% data variables.enterprise.prodname_managed_users_caps %} cannot install {% data variables.product.prodname_github_apps %} on their user accounts.
-* Other {% data variables.product.prodname_dotcom %} users cannot see, mention, or invite a {% data variables.enterprise.prodname_managed_user %} to collaborate.
 * You can choose whether {% data variables.enterprise.prodname_managed_users %} are able to create repositories owned by their user accounts. For more information, see "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-creation)."
 * If you allow {% data variables.enterprise.prodname_managed_users %} to create repositories owned by their user accounts, they can only own private repositories and can only invite other enterprise members to collaborate on their user-owned repositories.
 * {% data reusables.enterprise-accounts.emu-forks %}
 * Only private and internal repositories can be created in organizations owned by an {% data variables.enterprise.prodname_emu_enterprise %}, depending on organization and enterprise repository visibility settings.
+* Outside collaborators are not supported by {% data variables.product.prodname_emus %}.
 * {% data variables.enterprise.prodname_managed_users_caps %} are limited in their use of {% data variables.product.prodname_pages %}. For more information, see "[About {% data variables.product.prodname_pages %}](/pages/getting-started-with-github-pages/about-github-pages#limitations-for-enterprise-managed-users)."
 
 ## Getting started with {% data variables.product.prodname_emus %}
diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam.md b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam.md
@@ -28,7 +28,7 @@ redirect_from:
 
 {% ifversion ghec %}
 
-If your enterprise members manage their own user accounts on {% data variables.location.product_location %}, you can configure SAML authentication as an additional access restriction for your enterprise or organization. {% data reusables.saml.dotcom-saml-explanation %} 
+If your enterprise members manage their own user accounts on {% data variables.location.product_location %}, you can configure SAML authentication as an additional access restriction for your enterprise or organization. {% data reusables.saml.dotcom-saml-explanation %}
 
 {% data reusables.saml.saml-accounts %}
 
@@ -38,9 +38,9 @@ Alternatively, you can provision and manage the accounts of your enterprise memb
 
 {% data reusables.enterprise-accounts.about-recovery-codes %} For more information, see "[Managing recovery codes for your enterprise](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise)."
 
-After you enable SAML SSO, depending on the IdP you use, you may be able to enable additional identity and access management features. 
+After you enable SAML SSO, depending on the IdP you use, you may be able to enable additional identity and access management features.
 
-If you use Azure AD as your IdP, you can use team synchronization to manage team membership within each organization. {% data reusables.identity-and-permissions.about-team-sync %}
+If you use Azure AD as your IdP, you can use team synchronization to manage team membership within each organization. {% data reusables.identity-and-permissions.about-team-sync %} For more information, see "[Managing team synchronization for organizations in your enterprise](/admin/identity-and-access-management/managing-iam-for-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise)."
 
 
 {% note %}
@@ -97,7 +97,7 @@ For more information about the configuration of SAML SSO on {% data variables.pr
 
 We test and officially support the following IdPs. For SAML SSO, we offer limited support for all identity providers that implement the SAML 2.0 standard. For more information, see the [SAML Wiki](https://wiki.oasis-open.org/security) on the OASIS website.
 
-IdP | SAML | Team synchronization | 
+IdP | SAML | Team synchronization |
 --- | :--: | :-------: |
 Active Directory Federation Services (AD FS) | {% octicon "check-circle-fill" aria-label= "The check icon" %} | |
 Azure Active Directory (Azure AD) | {% octicon "check-circle-fill" aria-label="The check icon" %} | {% octicon "check-circle-fill" aria-label="The check icon" %} |
diff --git a/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise.md b/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/managing-team-synchronization-for-organizations-in-your-enterprise.md
@@ -36,11 +36,10 @@ You can also configure and manage team synchronization for an individual organiz
 
 ## Prerequisites
 
-You or your Azure AD administrator must be a Global administrator or a Privileged Role administrator in Azure AD.
- 
-You must enforce SAML single sign-on for organizations in your enterprise account with your supported IdP. For more information, see "[Configuring SAML single sign-on for your enterprise](/admin/authentication/managing-identity-and-access-for-your-enterprise/configuring-saml-single-sign-on-for-your-enterprise)."
-
-You must authenticate to your enterprise account using SAML SSO and the supported IdP. For more information, see "[Authenticating with SAML single sign-on](/articles/authenticating-with-saml-single-sign-on)."
+- You must use an Azure AD commercial tenant, not Gov Cloud.
+- You or your Azure AD administrator must be a Global administrator or a Privileged Role administrator in Azure AD.
+- You must enforce SAML single sign-on for organizations in your enterprise account with your supported IdP. For more information, see "[Configuring SAML single sign-on for your enterprise](/admin/authentication/managing-identity-and-access-for-your-enterprise/configuring-saml-single-sign-on-for-your-enterprise)."
+- You must authenticate to your enterprise account using SAML SSO and the supported IdP. For more information, see "[Authenticating with SAML single sign-on](/articles/authenticating-with-saml-single-sign-on)."
 
 ## Managing team synchronization for Azure AD
 
diff --git a/content/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group.md b/content/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group.md
@@ -18,7 +18,7 @@ shortTitle: Synchronize with an IdP
 
 ## About team synchronization
 
-{% data reusables.identity-and-permissions.about-team-sync %}
+{% data reusables.identity-and-permissions.about-team-sync %} {% ifversion ghec %}For more information, see "[Managing team synchronization for your organization](/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization)" and "[Managing team synchronization for organizations in your enterprise](/admin/identity-and-access-management/managing-iam-for-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise)."{% endif %}
 
 {% ifversion ghec %}You can connect up to five IdP groups to a {% data variables.product.product_name %} team.{% elsif ghae %}You can connect a team on {% data variables.product.product_name %} to one IdP group. All users in the group are automatically added to the team and also added to the parent organization as members. When you disconnect a group from a team, users who became members of the organization via team membership are removed from the organization.{% endif %} You can assign an IdP group to multiple {% data variables.product.product_name %} teams.
 
@@ -39,7 +39,7 @@ When group membership changes on your IdP, your IdP sends a SCIM request with th
 
 Parent teams cannot synchronize with IdP groups. If the team you want to connect to an IdP group is a parent team, we recommend creating a new team or removing the nested relationships that make your team a parent team. For more information, see "[About teams](/articles/about-teams#nested-teams)," "[Creating a team](/organizations/organizing-members-into-teams/creating-a-team)," and "[Moving a team in your organization's hierarchy](/articles/moving-a-team-in-your-organizations-hierarchy)."
 
-To manage repository access for any {% data variables.product.prodname_dotcom %} team, including teams connected to an IdP group, you must make changes with {% data variables.product.product_name %}. For more information, see "[About teams](/articles/about-teams)" and "[Managing team access to an organization repository](/articles/managing-team-access-to-an-organization-repository)." 
+To manage repository access for any {% data variables.product.prodname_dotcom %} team, including teams connected to an IdP group, you must make changes with {% data variables.product.product_name %}. For more information, see "[About teams](/articles/about-teams)" and "[Managing team access to an organization repository](/articles/managing-team-access-to-an-organization-repository)."
 
 {% ifversion ghec %}You can also manage team synchronization with the API. For more information, see "[Team synchronization](/rest/reference/teams#team-sync)."{% endif %}
 
@@ -49,7 +49,7 @@ To manage repository access for any {% data variables.product.prodname_dotcom %}
 After you connect a team to an IdP group, team synchronization will add each member of the IdP group to the corresponding team on {% data variables.product.product_name %} only if:
 - The person is a member of the organization on {% data variables.product.product_name %}.
 - The person has already logged in with their personal account on {% data variables.product.product_name %} and authenticated to the organization or enterprise account via SAML single sign-on at least once.
-- The person's SSO identity is a member of the IdP group.  
+- The person's SSO identity is a member of the IdP group.
 
 Existing teams or group members who do not meet these criteria will be automatically removed from the team on {% data variables.product.product_name %} and lose access to repositories. Revoking a user's linked identity will also remove the user from from any teams mapped to IdP groups. For more information, see "[Viewing and managing a member's SAML access to your organization](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity)" and "[Viewing and managing a user's SAML access to your enterprise](/enterprise-cloud@latest/admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise#viewing-and-revoking-a-linked-identity)."
 
@@ -103,8 +103,8 @@ If you disconnect an IdP group from a {% data variables.product.prodname_dotcom
 {% data reusables.organizations.specific_team %}
 {% data reusables.organizations.team_settings %}
 {% ifversion ghec %}
-6. Under "Identity Provider Groups", to the right of the IdP group you want to disconnect, click {% octicon "x" aria-label="X symbol" %}. 
+6. Under "Identity Provider Groups", to the right of the IdP group you want to disconnect, click {% octicon "x" aria-label="X symbol" %}.
     ![Unselect a connected IdP group from the GitHub team](/assets/images/help/teams/unselect-idp-group.png){% elsif ghae %}
-6. Under "Identity Provider Group", to the right of the IdP group you want to disconnect, click {% octicon "x" aria-label="X symbol" %}. 
+6. Under "Identity Provider Group", to the right of the IdP group you want to disconnect, click {% octicon "x" aria-label="X symbol" %}.
     ![Unselect a connected IdP group from the GitHub team](/assets/images/enterprise/github-ae/teams/unselect-idp-group.png){% endif %}
 7. Click **Save changes**.
diff --git a/content/support/contacting-github-support/viewing-and-updating-support-tickets.md b/content/support/contacting-github-support/viewing-and-updating-support-tickets.md
@@ -16,7 +16,14 @@ topics:
 
 You can use the [GitHub Support Portal](https://support.github.com/) to view current and past support tickets and respond to {% data variables.contact.github_support %}. After 120 days, resolved tickets are archived{% ifversion ghec or ghes or ghae %}, and archived tickets can only be viewed for enterprise accounts{% endif %}.
 
-{% ifversion ghes or ghec %}
+Your capabilities in the {% data variables.contact.support_portal %} depend on the account you select when you submit a ticket.{% ifversion ghes or ghec %} If you select an enterprise account, your role in the enterprise also affects your capabilities.
+
+{% note %}
+
+**Note**: Urgent priority and Premium Support SLAs apply only to tickets associated with an enterprise account.
+
+{% endnote %}
+
 {% data reusables.enterprise-accounts.support-entitlements %}
 {% endif %}
 
@@ -38,7 +45,7 @@ You can use the [GitHub Support Portal](https://support.github.com/) to view cur
 You can only view archived tickets for an enterprise account.
 
 {% data reusables.support.navigate-to-my-tickets %}
-1. Select the **My Tickets** drop-down menu and click the name of the enterprise account. 
+1. Select the **My Tickets** drop-down menu and click the name of the enterprise account.
 
 {% indented_data_reference reusables.support.entitlements-note spaces=3 %}
 
diff --git a/data/reusables/identity-and-permissions/about-team-sync.md b/data/reusables/identity-and-permissions/about-team-sync.md
@@ -1 +1 @@
-If team sync is enabled for your organization or enterprise account, you can synchronize a {% data variables.product.prodname_dotcom %} team with an IdP group. When you synchronize a {% data variables.product.prodname_dotcom %} team with an IdP group, membership changes to the IdP group are reflected on {% data variables.product.product_name %} automatically, reducing the need for manual updates and custom scripts. {% ifversion ghec %}For more information, see "[Managing team synchronization for your organization](/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization)" and "[Managing team synchronization for organizations in your enterprise](/admin/identity-and-access-management/managing-iam-for-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise)".{% endif %}
+If team sync is enabled for your organization or enterprise account, you can synchronize a {% data variables.product.prodname_dotcom %} team with an IdP group. When you synchronize a {% data variables.product.prodname_dotcom %} team with an IdP group, membership changes to the IdP group are reflected on {% data variables.product.product_name %} automatically, reducing the need for manual updates and custom scripts.
diff --git a/data/reusables/identity-and-permissions/supported-idps-team-sync.md b/data/reusables/identity-and-permissions/supported-idps-team-sync.md
@@ -1,3 +1,3 @@
 You can use team synchronization with supported IdPs.
-  - Azure AD
+  - Azure AD commercial tenants (Gov Cloud is not supported)
   - Okta

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		-If team sync is enabled for your organization or enterprise account, you can synchronize a {% data variables.product.prodname_dotcom %} team with an IdP group. When you synchronize a {% data variables.product.prodname_dotcom %} team with an IdP group, membership changes to the IdP group are reflected on {% data variables.product.product_name %} automatically, reducing the need for manual updates and custom scripts. {% ifversion ghec %}For more information, see "[Managing team synchronization for your organization](/organizations/managing-saml-single-sign-on-for-your-organization/managing-team-synchronization-for-your-organization)" and "[Managing team synchronization for organizations in your enterprise](/admin/identity-and-access-management/managing-iam-for-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise)".{% endif %}
	`1`	`+If team sync is enabled for your organization or enterprise account, you can synchronize a {% data variables.product.prodname_dotcom %} team with an IdP group. When you synchronize a {% data variables.product.prodname_dotcom %} team with an IdP group, membership changes to the IdP group are reflected on {% data variables.product.product_name %} automatically, reducing the need for manual updates and custom scripts.`