CircleCI-Public · jkzilla · Sep 14, 2022
diff --git a/...es/html/360043002793-Troubleshooting-CircleCI-Access-After-Enabling-Github-SSO_en-us.html b/...es/html/360043002793-Troubleshooting-CircleCI-Access-After-Enabling-Github-SSO_en-us.html
@@ -1,5 +1,5 @@
 <h1><span style="font-weight: 400;">Org SAML Protection</span></h1>
-<p><span style="font-weight: 400;">A GitHub organization owner can</span><a href="https://docs.github.com/en/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on" target="_blank" rel="noopener"> <span style="font-weight: 400;">enable SAML protection</span></a><span style="font-weight: 400;"> for their org, which requires members to authenticate via SSO (e.g. Okta) before they are able to access any resources associated with that organization. When SSO/SAML protection is enabled, previously issued OAuth tokens for applications such as CircleCI become invalid for that organization, and future user GitHub authentication to CircleCI without an active SAML session will result in a loss of access to protected orgs. </span></p>
+<p><span style="font-weight: 400;">A GitHub organization owner can </span><a href="https://docs.github.com/en/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on" target="_blank" rel="noopener"> <span style="font-weight: 400;">enable SAML protection</span></a><span style="font-weight: 400;"> for their org, which requires members to authenticate via SSO (e.g. Okta) before they are able to access any resources associated with that organization. When SSO/SAML protection is enabled, previously issued OAuth tokens for applications such as CircleCI become invalid for that organization, and future user GitHub authentication to CircleCI without an active SAML session will result in a loss of access to protected orgs. </span></p>
 <p><span style="font-weight: 400;">When CircleCI attempts to fetch the <code style="background-color: #f3f3f3;">config.yml</code> of a project or read other org resources on behalf of a user, and that user has not authorized access to the SAML-protected org as part of the GitHub OAuth flow (see below), the operation will fail. This can impact UI/API interactions, as well as pipeline creation. In the case of VCS-initiated pipelines, GitHub will show a successful webhook delivery in the repository settings, but CircleCI will not be able to fetch the config and a pipeline will not be created.</span></p>
 <p> </p>
 <h2><span style="font-weight: 400;">Solution: Re-Authentication</span></h2>
@@ -23,4 +23,4 @@ <h2><span style="font-weight: 400;">Solution: Re-Authentication</span></h2>
 <p><span style="font-weight: 400;">It’s important to note that CircleCI only stores a <em>single</em> OAuth token for each GitHub user, <em>regardless</em> of how many orgs they interact within CircleCI. This means that, if a user regularly interacts with multiple orgs, and does not want to re-authenticate when switching between them, it is recommended that they authorize SAML-protected orgs on <em>every</em> re-authentication to CircleCI via GitHub, including when switching devices. This will prevent access-related problems arising from that user’s actions on either platform, e.g. failure to create CircleCI pipelines based when pushing commits.</span><span style="font-weight: 400;"></span></p>
 <p>Sometimes when you switch to SSO, due to how CircleCI handles permissions, all projects will then be unfollowed, and deploy keys will be deleted. Please follow projects in order to add a deploy key and start building on CircleCI.</p>
 <p><span style="font-weight: 400;">If you are an org admin and are interested in some preventative steps or how you can avoid common pitfalls when you set up GitHub SSO, check out <a href="https://support.circleci.com/hc/en-us/articles/4410418394523" target="_blank" rel="noopener">this article here</a>.</span></p>
-<p data-renderer-start-pos="2079"> </p>
+<p data-renderer-start-pos="2079"> </p>