Beginner

Setting Up Copilot for Your Organization

Rolling out GitHub Copilot across your organization requires more than just purchasing seats. This lesson walks you through the complete setup process — from configuring your GitHub org to assigning seats, integrating SSO, and establishing policies that govern how Copilot operates across your teams.

Prerequisites and Planning

Before you begin the technical setup, ensure you have the following in place. Proper planning at this stage prevents headaches later and ensures a smooth rollout for your entire engineering team.

  • GitHub Organization: You need an active GitHub organization (not a personal account). If your company uses GitHub Enterprise Cloud, you already have one.
  • Organization Owner access: Only org owners can enable Copilot and manage policies. Ensure you have the correct permissions.
  • Budget approval: Copilot Business is $19/user/month and Enterprise is $39/user/month. Have your budget approved for the number of seats you plan to assign.
  • Identity provider details: If you plan to use SSO/SAML, have your IdP configuration details ready (Azure AD, Okta, OneLogin, etc.).
  • Stakeholder alignment: Ensure your security team, legal team, and engineering leadership are aligned on AI code generation policies.
📚
Start small, scale fast: Many organizations start with a pilot group of 10-20 developers before rolling out to the entire org. This lets you test policies, gather feedback, and refine your configuration before the full launch. The setup steps below work the same whether you are configuring 10 seats or 10,000.

Step-by-Step Organization Setup

Follow these steps to enable Copilot for your GitHub organization. Each step includes the exact navigation path and configuration options.

1
Navigate to Organization Settings

Go to github.com/organizations/YOUR-ORG/settings and click on Copilot in the left sidebar under "Code, planning, and automation."

2
Choose Your Plan

Select either Copilot Business or Copilot Enterprise. Enterprise adds knowledge bases, fine-tuned models, and advanced analytics. You can upgrade later without losing configuration.

3
Configure Suggestion Policies

Set whether Copilot can suggest code matching public repositories. Options are: "Allow" (default), "Block" (filters out matches), or "Allow with references" (shows source attribution).

4
Enable or Disable Copilot Chat

Choose whether Copilot Chat is available to your org members in IDE and on GitHub.com. Most organizations enable this for maximum productivity.

5
Set Content Exclusion Rules

Define file paths or repositories that Copilot should never read or suggest code from. This is critical for sensitive configuration files, secrets, and proprietary algorithms.

6
Assign Seats to Members

Choose between assigning seats to all org members automatically or selecting specific teams/individuals. You can also enable a request workflow where developers request access.

Seat Management and Assignment

Effective seat management ensures that every developer who needs Copilot has access, while keeping costs under control. GitHub provides several strategies for managing seat assignments at scale.

Assignment Strategy Best For How It Works
All Members Small to mid-size orgs (<200 devs) Every org member automatically gets a Copilot seat
Selected Teams Phased rollouts Assign seats to specific GitHub teams (e.g., "frontend", "platform")
Individual Assignment Pilot programs Manually assign seats to specific users
Request Workflow Large enterprises Developers request access; admins approve or auto-approve based on team

Seats that go unused for 30 days are flagged in the admin dashboard, allowing you to reclaim them and reassign to developers who will benefit more. GitHub also provides CSV export of seat assignment data for reporting and auditing purposes.

SSO and SAML Integration

For organizations using single sign-on, Copilot integrates seamlessly with your existing identity provider. When SSO is configured, Copilot seat access is governed by your IdP — when a user is deprovisioned from your IdP, their Copilot access is automatically revoked.

GitHub supports SAML SSO with the following identity providers:

  • Azure Active Directory (Entra ID) — The most common enterprise choice, with full SCIM provisioning support
  • Okta — Supports automated user provisioning and group-based seat assignment
  • OneLogin — Full SAML 2.0 support with directory sync
  • PingFederate — Enterprise IdP with advanced attribute mapping
  • Custom SAML 2.0 — Any SAML 2.0 compliant identity provider
💡
SCIM provisioning tip: Enable SCIM (System for Cross-domain Identity Management) alongside SAML SSO to automatically sync user accounts and group memberships. When a new developer joins your IdP group, they automatically get a Copilot seat. When they leave, the seat is released. This eliminates manual seat management entirely.

Configuring Organization-Wide Policies

Organization policies give you fine-grained control over how Copilot behaves for all members. These settings are configured at the org level and apply to everyone, though Enterprise plans allow per-team overrides for some settings.

Organization Policy Configuration (YAML) 
# GitHub Copilot Organization Policy
# Configured via: Settings > Copilot > Policies

copilot_policies:
  # Code suggestion settings
  suggestions:
    # Allow suggestions matching public code?
    # Options: allow, block, allow_with_references
    public_code_suggestions: allow_with_references

    # Which languages should Copilot provide suggestions for?
    # Use '*' for all, or specify a list
    enabled_languages:
      - python
      - javascript
      - typescript
      - go
      - java
      - rust
      - "*"  # or allow all

  # Copilot Chat settings
  chat:
    enabled: true
    # Allow chat in IDE (VS Code, JetBrains, etc.)
    ide_chat: true
    # Allow chat on GitHub.com
    web_chat: true
    # Allow Copilot to reference Bing search results
    bing_search: true

  # Content exclusions - files/paths Copilot will never read
  content_exclusions:
    - "**/.env"
    - "**/.env.*"
    - "**/secrets/**"
    - "**/credentials/**"
    - "config/production.yml"
    - "internal/proprietary-algorithm/**"

  # Seat assignment policy
  seat_policy:
    # Options: all_members, selected_teams, request_workflow
    assignment: selected_teams
    teams:
      - engineering
      - data-science
      - devops
    # Auto-remove seats after N days of inactivity
    inactive_removal_days: 60

  # Data handling
  data:
    # Allow GitHub to use your code for model improvements?
    telemetry_for_training: false
    # Retain Copilot Chat conversation logs?
    retain_chat_logs: true
    chat_log_retention_days: 90

While this YAML format represents the policy structure conceptually, actual configuration is done through the GitHub web interface. Enterprise customers can also use the GitHub REST API to programmatically manage these settings, which is useful for organizations managing multiple GitHub organizations or automating policy deployment.

Verifying Your Setup

After completing the configuration, verify everything is working correctly before announcing the rollout to your team. Here is a quick checklist to run through:

1
Check the Admin Dashboard

Navigate to your org's Copilot settings and verify that the correct number of seats are assigned and policies are applied.

2
Test with a Pilot User

Have one team member install the Copilot extension in VS Code, sign in, and verify they receive code suggestions.

3
Verify Content Exclusions

Open a file that should be excluded (e.g., .env) and confirm that Copilot does not provide suggestions.

4
Test SSO Flow

If SSO is configured, have a user authenticate through your IdP and confirm they can access Copilot features.

✍ Try It Yourself

If you have admin access to a GitHub organization, practice the setup process. Even if you are not ready for a full rollout, you can:

  • Navigate to your org's Copilot settings page and review available options
  • Draft a content exclusion list for your organization (what files should Copilot never read?)
  • Create a seat assignment plan: which teams get access first?
  • Document your SSO provider's SAML configuration details
  • Write a one-page rollout announcement for your engineering team
← Previous Introduction