Title: GitHub user access
Author: WordPress VIP Documentation
Published: June 9, 2022
Last modified: September 17, 2024

---

 1. [Manage user access](https://docs.wpvip.com/manage-user-access/)
 2. GitHub user access

#  GitHub user access

Every [application](https://docs.wpvip.com/application/) in the VIP Platform has
a dedicated [GitHub repository](https://docs.wpvip.com/wpcomvip-github-repository/)
for code development and deploy. The customer will nominate the initial user(s) 
to be added to their newly created GitHub repository, and a member of VIP will add
those users to the GitHub repository with Admin permissions.

Thereafter, the GitHub users with Admin access are responsible for [adding, removing, and managing all other users](https://docs.github.com/en/organizations/managing-access-to-your-organizations-repositories/adding-outside-collaborators-to-repositories-in-your-organization).
For this reason, it is recommended that a wpcomvip GitHub repository has at least
one primary administrator for user management. Having more than one GitHub administrator
is recommended, in case one of them is unavailable to handle user management requests.

If an error is encountered (e.g. no remaining seats or other errors) when attempting
to add new users, [reach out to VIP Support](https://wordpressvip.zendesk.com/) 
for assistance.

## Requirements

 * Access to an application’s GitHub repository requires a user to accept an invitation
   as well as to [configure two-factor authentication (2FA) for their GitHub user account](https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication).
 * [Enterprise Managed Users](https://docs.github.com/en/enterprise-cloud@latest/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users)
   can only contribute to private and internal GitHub repositories within their 
   enterprise and their own private repositories. GitHub users with managed user
   accounts [cannot be invited to repositories in the wpcomvip GitHub organization](https://docs.github.com/en/enterprise-cloud@latest/admin/managing-iam/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts#visibility-and-invitations).

## Security best practices for user access

Primary administrators are empowered to add additional administrators as they see
fit while following [security best practices.](https://docs.wpvip.com/security/user-security-recommendations/)

When adding new users to the repository:

 * Review the full description of every permission level in [GitHub’s documentation](https://help.github.com/en/articles/repository-permission-levels-for-an-organization).
 * Minimize the number of users added to the repository with Admin permissions. 
   Try to add users with Read or Write permissions as required.
 * Users who will be committing code to the repository need Write access.
 * There is no limit to the number of GitHub users from an organization, development
   team, or agency that can be added to an application’s wpcomvip GitHub repository.
   As a governance best practice, Github users with access to the application repository
   should be audited regularly by the customer.

Last updated: September 17, 2024