About the unaffiliated users policy
By default, when a user loses access to all organizations in your enterprise, the user remains in your enterprise as an unaffiliated user. This can happen when you remove a user from organizations explicitly or remove an organization from your enterprise.
Unaffiliated users retain enterprise-level team membership, enterprise roles, and GitHub Copilot licenses granted directly from the enterprise account.
You can set a policy to instead remove users from the enterprise completely when they are removed from every organization. Removed users will lose all privileges and licenses granted from the enterprise. This is useful if your enterprise offboarding process involves removing users from organizations, whether through organization-level SCIM deprovisioning, the GitHub web UI, or a non-SCIM REST API endpoint. For more information, see the link that corresponds to your use case:
- About SCIM for organizations
- Revoking the user's membership
- Remove organization membership for a user in the REST API documentation.
This policy:
- Applies regardless of how users are removed from an organization.
- Does not apply to users with the enterprise owner or enterprise billing manager role. These users remain in the enterprise regardless of their organization membership and the policy setting. For more details on how to remove an enterprise owner or enterprise billing manager from the enterprise, see Removing a member from your enterprise and Inviting people to manage your enterprise.
Setting the policy
Remarque
This policy is not available for Enterprise Managed Users.
- In the top-right corner of GitHub, click your profile picture.
- Depending on your environment, click Enterprise, or click Enterprises then click the enterprise you want to view.
- At the top of the page, click Policies.
- In the left sidebar, click Member privileges.
- Under "Unaffiliated user", choose your setting for the policy.