Every PAT or SSH key authorized for SAML SSO should carry a meaningful title or note describing its intended use (e.g., 'CI build agent prod-east-1', 'developer-laptop-2'). Untitled credentials are difficult to revoke confidently during incident response because their owner and purpose are unknown.
1. Go to your User Settings -> Developer settings -> Personal access tokens. 2. For each token, edit the 'Note' to describe its purpose. 3. Re-authorize the token for the SSO-protected organization.
{
"target": "GHCredentialAuthorization",
"if": {
"allOf": [
{
"resource": "GHCredentialAuthorization",
"property": "AuthorizedCredentialTitle",
"operator": "notEquals",
"value": ""
}
]
},
"then": {
"effect": "Audit"
}
}Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions | v1.0.2