Enterprise bug fixes for the week of 2021-12-13 (#23803)

Author: lecoursen

content/admin/authentication/authenticating-users-for-your-github-enterprise-server-instance/using-saml.md

@@ -71,6 +71,15 @@ These attributes are available. You can change the attribute names in the [manag
 | `public_keys`   | Optional | The public SSH keys for the user. More than one can be specified. |
 | `gpg_keys`   | Optional | The GPG keys for the user. More than one can be specified.  |
 
+To specify more than one value for an attribute, use multiple `<saml2:AttributeValue>` elements.
+
+```
+<saml2:Attribute FriendlyName="public_keys" Name="urn:oid:1.2.840.113549.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+    <saml2:AttributeValue>ssh-rsa LONG KEY</saml2:AttributeValue>
+    <saml2:AttributeValue>ssh-rsa LONG KEY 2</saml2:AttributeValue>
+</saml2:Attribute>
+```
+
 ## Configuring SAML settings
 
 {% data reusables.enterprise_site_admin_settings.access-settings %}

content/admin/configuration/configuring-network-settings/using-github-enterprise-server-with-a-load-balancer.md

@@ -31,6 +31,8 @@ Because client connections to {% data variables.product.prodname_ghe_server %} c
 
 {% data reusables.enterprise_clustering.proxy_xff_firewall_warning %}
 
+{% data reusables.enterprise_installation.terminating-tls %}
+
 ### Enabling PROXY protocol support on {% data variables.product.product_location %}
 
 We strongly recommend enabling PROXY protocol support for both your appliance and the load balancer. Use the instructions provided by your vendor to enable the PROXY protocol on your load balancer. For more information, see [the PROXY protocol documentation](http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt).
@@ -50,8 +52,6 @@ We strongly recommend enabling PROXY protocol support for both your appliance an
 
 {% data reusables.enterprise_clustering.x-forwarded-for %}
 
-{% data reusables.enterprise_installation.terminating-tls %}
-
 {% data reusables.enterprise_site_admin_settings.access-settings %}
 {% data reusables.enterprise_site_admin_settings.management-console %}
 {% data reusables.enterprise_management_console.privacy %}

content/admin/configuration/configuring-your-enterprise/site-admin-dashboard.md

@@ -56,8 +56,8 @@ If you need to get information on the users, organizations, and repositories in
 Specifically, you can download CSV reports that list
 
 - all users
-- all users who have been active within the last month
-- all users who have been inactive for one month or more
+- all active users
+- all [dormant users](/admin/user-management/managing-dormant-users)
 - all users who have been suspended
 - all organizations
 - all repositories

content/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud.md

@@ -10,7 +10,6 @@ redirect_from:
   - /enterprise/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud
   - /admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud
   - /admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/connecting-github-enterprise-server-to-github-enterprise-cloud
-permissions: 'Enterprise owners who are also owners of a {% data variables.product.prodname_ghe_cloud %} organization or enterprise account can enable {% data variables.product.prodname_github_connect %}.'
 versions:
   ghes: '*'
   ghae: '*'
@@ -60,6 +59,12 @@ Enabling {% data variables.product.prodname_github_connect %} will not allow {%
 For more information about managing enterprise accounts using the GraphQL API, see "[Enterprise accounts](/graphql/guides/managing-enterprise-accounts)."
 ## Enabling {% data variables.product.prodname_github_connect %}
 
+Enterprise owners who are also owners of an organization or enterprise account that uses {% data variables.product.prodname_ghe_cloud %} can enable {% data variables.product.prodname_github_connect %}.
+
+If you're connecting {% data variables.product.product_location %} to an organization on {% data variables.product.prodname_dotcom_the_website %} that is not owned by an enterprise account, you must enable {% data variables.product.prodname_github_connect %} with a personal account on {% data variables.product.prodname_dotcom_the_website %} that is an owner of the organization.
+
+If you're connecting {% data variables.product.product_location %} to an organization on {% data variables.product.prodname_dotcom_the_website %} that is owned by an enterprise account or to an enterprise account itself, you must enable {% data variables.product.prodname_github_connect %} with a personal account on {% data variables.product.prodname_dotcom_the_website %} that is an owner of the enterprise account.
+
 {% ifversion ghes %}
 1. Sign in to {% data variables.product.product_location %} and {% data variables.product.prodname_dotcom_the_website %}.
 {% data reusables.enterprise-accounts.access-enterprise %}{% ifversion ghes < 3.1 %}{% data reusables.enterprise-accounts.settings-tab %}{% endif %}{% data reusables.enterprise-accounts.github-connect-tab %}{% else %}
@@ -73,7 +78,9 @@ For more information about managing enterprise accounts using the GraphQL API, s
 1. Next to the enterprise account or organization you'd like to connect, click **Connect**.
   ![Connect button next to an enterprise account or business](/assets/images/enterprise/business-accounts/choose-enterprise-or-org-connect.png)
 
-## Disconnecting a {% data variables.product.prodname_ghe_cloud %} organization or enterprise account from your enterprise account
+## Disabling {% data variables.product.prodname_github_connect %}
+
+Enterprise owners can disable {% data variables.product.prodname_github_connect %}.
 
 When you disconnect from {% data variables.product.prodname_ghe_cloud %}, the {% data variables.product.prodname_github_connect %} {% data variables.product.prodname_github_app %} is deleted from your enterprise account or organization and credentials stored on {% data variables.product.product_location %} are deleted.
 

content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-azure.md

@@ -62,7 +62,7 @@ Before launching {% data variables.product.product_location %} on Azure, you'll
 
   {% data reusables.enterprise_installation.necessary_ports %}
 
-4. Create and attach a new unencrypted data disk to the VM, and configure the size based on your user license count. For more information, see "[az vm disk attach](https://docs.microsoft.com/cli/azure/vm/disk?view=azure-cli-latest#az_vm_disk_attach)" in the Microsoft documentation.
+4. Create and attach a new managed data disk to the VM, and configure the size based on your license count. All Azure managed disks created since June 10, 2017 are encrypted at rest by default with Storage Service Encryption (SSE). For more information about the `az vm disk attach` command, see "[az vm disk attach](https://docs.microsoft.com/cli/azure/vm/disk?view=azure-cli-latest#az_vm_disk_attach)" in the Microsoft documentation.
 
   Pass in options for the name of your VM (for example, `ghe-acme-corp`), the resource group, the premium storage SKU, the size of the disk (for example, `100`), and a name for the resulting VHD.
 

data/reusables/enterprise-accounts/dormant-user-activity-threshold.md

@@ -1 +1 @@
-A user account is considered to be dormant if it has not been active for {% ifversion ghec %}90 days{% else %}at least a month{% endif %}.{% ifversion ghes %} You may choose to suspend dormant users to release user licenses.{% endif %}
+{% ifversion not ghec%}By default, a{% else %}A{% endif %} user account is considered to be dormant if it has not been active for 90 days. {% ifversion not ghec %}You can configure the length of time a user must be inactive to be considered dormant{% ifversion ghes%} and choose to suspend dormant users to release user licenses{% endif %}.{% endif %}

data/reusables/saml/saml-accounts.md

@@ -1 +1,7 @@
-If you configure SAML SSO, members of your organization will continue to log into their user accounts on {% data variables.product.prodname_dotcom_the_website %}. When a member accesses resources within your organization that uses SAML SSO, {% data variables.product.prodname_dotcom %} redirects the member to your IdP to authenticate. After successful authentication, your IdP redirects the member back to {% data variables.product.prodname_dotcom %}, where the member can access your organization's resources.
+If you configure SAML SSO, members of your organization will continue to log into their user accounts on {% data variables.product.prodname_dotcom_the_website %}. When a member accesses non-public resources within your organization that uses SAML SSO, {% data variables.product.prodname_dotcom %} redirects the member to your IdP to authenticate. After successful authentication, your IdP redirects the member back to {% data variables.product.prodname_dotcom %}, where the member can access your organization's resources.
+
+{% note %}
+
+**Note:** Organization members can perform read operations such as viewing, cloning, and forking on public resources owned by your organization even without a valid SAML session.
+
+{% endnote %}