Post

GitHub Copilot Business for Non-GHE (GitHub Copilot Standalone) EMU Initial Setup

This post is a version of my GitHub Enterprise Cloud EMU Initial Setup Guide, but revised for GitHub Copilot Business for Non-GHE (GHCBnonGHE or GitHub Copilot Standalone). To be more specific, this guide is for the Enterprise Managed Users (EMU) instance of GitHub Copilot Standalone, with Microsoft Entra ID serving as the Identity Provider (IdP).

Objective and Disclaimer: This post is written for my future personal reference. I compiled screenshots from my previous articles and an existing GHCPnonGHE (EMU) account. There will surely be scenarios which are not covered in this post. Please refer to the official GitHub article for the most accurate and up-to-date information.

GitHub Copilot Business for Non-GHE EMU Account Activation

This is a special account that cannot be created through self-service. You will need to contact either the Microsoft or GitHub sales team. Please note that this account can only be paid for through an active Microsoft Azure subscription.

If you are planning to move to the full GitHub Enterprise Cloud in the near future, note that GitHub Copilot Business for Non-GHE (GHCBnonGHE) cannot be upgraded to a full GitHub Enterprise (GHE) account. Therefore, either start with a full GHE account now or prepare to migrate to a new account later.

Step-by-Step Guide

Steps 1 and 2: Azure Billing and Identity Provider (IdP) Configurations

The first two steps are exactly the same as configuring a GitHub Enterprise Cloud (GHEC) EMU account. Since I have already covered this in previous posts, please refer to the following guides:

  1. Step-by-step guide for Azure billing configuration
  2. Step-by-step guide for IdP configuration with Microsoft Entra ID (SAML)

For GHCBnonGHE with Entra ID, I recommend to use SAML instead of OIDC. Since each Entra ID tenant is limited to one GitHub OIDC integration, it’s best to keep OIDC available in case you subscribe to a full GitHub Enterprise Cloud EMU account in the future.

While it is common to use the same Microsoft Entra ID tenant for both billing and identity configuration, it is not a requirement. Billing and IdP configurations are managed through separate Microsoft Entra ID Enterprise Applications. Refer to this diagram for visual clarification:

graph LR
    subgraph "GitHub"
        A[Billing]
        B[Identity Provider #40;IdP#41;]
    end
    subgraph "Microsoft Entra ID Tenant B"
        subgraph "Enterprise Applications"
            C[GitHub Subscription Permission Validation]
        end
        C --- E[Azure Subscription]
    end
    subgraph "Microsoft Entra ID Tenant A"
        subgraph "Enterprise Applications"
            D[GitHub Enterprise Managed User]
        end
    end
    A --- C
    B --- D
GHEC EMU: Initial Configuration Diagram

Step 3: Create Enterprise Teams in GitHub

  1. Go to https://github.com/enterprises/{enterprise_slug}
  2. Login with a GitHub Enterprise Owner account
  3. Go to PeopleEnterprise teams
  4. Click New enterprise team New enterprise team
  5. Repeat step 4 for each team that you want to create.

If you want teams to be synchronized with your Entra ID group, go back to the Azure PortalEnterprise Applications and add the groups that you want to synchronize.

Do you need more than one team? Not necessarily. Creating multiple teams is primarily useful for team-level Copilot usage analytics. If you don’t need that, you can create a single team and add all users to it.

Step 4: Assign Copilot Licenses to Enterprise Teams

  1. Go to SettingsEnterprise licensing
  2. On the right of Copilot Business, click Manage seats Enterprise Licensing
  3. Click Add teams and add the team that you just created

By assigning Copilot licenses to teams, your Azure subscription will be charged for each user in those teams.

The dollar ($x) amount displayed on this page is based on web prices. The actual amount billed will depend on the rates (e.g., enterprise discounts) in your Azure subscription.

Step 5: Enable Copilot and Configure Policies

  1. Go to SettingsPoliciesCopilot Business
  2. In the Policies tab, under GitHub Copilot Policies, select Allowed and then Save
  3. Enable/Disable the other policies as needed (see here for more info). Here’s an example of a typical enterprise configuration: GitHub Copilot Policies
  4. Click the Content exclusion tab and configure the repositories and paths that you want GitHub Copilot to exclude. Also, check out the documentation for this policy. GitHub Copilot Content Exclusion

Congratulations! You have completed the admin setup. The next step is to confirm that your developers can start using GitHub Copilot.

Quick reminder: GitHub Copilot Business is a purely IDE-based experience. Only your administrators need access to https://github.com/enterprises/{enterprise_slug}, so you don’t have to share this URL with your developers.

Step 6: Test your Configuration with a Developer

Here’s a quick guide on what a developer needs to do to start using GitHub Copilot:

  1. Install the GitHub Copilot Extension in your IDE
  2. Sign in to GitHub
  3. Login with your username^ (NOT your email address!)
  4. Start using GitHub Copilot

^This is where it gets tricky! Each developer will need to know their GitHub {alias}_{shortcode} username.

  • {alias} is, by default, the email prefix of your IdP username - but reformatted to only alphanumeric characters or single hyphens (Note: This default username mapping logic can be customized, check this out for Entra ID).
  • {shortcode} is the enterprise shortcode created during the GHCBnonGHE account creation. The shortcode is the same as the prefix of your root admin account {shortcode}_admin.

    Here are some examples, assuming your enterprise shortcode is rt:
  • If the IdP username is john.doe@raztype.com, then the GitHub username is johndoe_rt.
  • If the IdP username is john_doe@raztype.com, then the GitHub username is john-doe_rt.
  • If the IdP username is john-doe@raztype.com, then the GitHub username is john-doe_rt.
  • If the IdP username is johndoe@raztype.com, then the GitHub username is johndoe_rt.

    If you are still stuck, ask your GitHub admin to go to https://github.com/enterprises/{enterprise_slug}/people and look up your username (it’s the gray text under your name).

Happy coding!

This post is licensed under CC BY 4.0 by the author.