GitHub Enterprise: Self-service credential revocation for incident response
GitHub Enterprise owners can now instantly revoke all credentials for a given user to speed up incident response. This feature allows enterprise owners and specific members to revoke SSO authorizations and delete user tokens/SSH keys programmatically or through a new self-service portal for individual users. Enterprise members can also manage their own credentials via a new self-service experience. The changes aim to improve security incident response times and provide better control over enterprise credentials.
- →Revoke SSO authorizations for user credentials
- →Delete user tokens and SSH keys
- →Revoke SSO authorizations per organization via API
- →Self-service credential revocation for individual users
- →Audit logs and notifications for revoked credentials
Features (4) ›
- Revoke SSO authorizations for user credentials
Enterprise owners and members with 'Manage enterprise credentials' permission can revoke SSO authorizations for personal access tokens, SSH keys, and OAuth tokens across their enterprise for all users or a specific user.
- Delete user tokens and SSH keys
For EMU accounts, enterprise owners can delete user tokens and SSH keys across the enterprise, even if they are not SSO-authorized.
- Revoke SSO authorizations per organization via API
Users can list and revoke SSO authorizations for user credentials across a specific organization using organization-level REST APIs.
- Self-service credential revocation for individual users
Individual enterprise members can now review and self-service revoke or delete all their credentials and authorizations through the Settings -> Credentials view.
Notes (1) ›
- Audit logs and notifications for revoked credentials
Details about revoked and deleted credentials are available via audit logs and email notifications generated by the new actions. Documentation for incident response and GitHub credentials is also updated.
https://github.blog/changelog/2026-06-24-self-service-credential-revocation-for-incident-response