Document that IdP gallery apps are out of scope in Government Cloud (#61267)

adamrr724 · Adam Ross Russell · Copilot · web-flow · commit b608f98209ea · 2026-05-18T17:29:28.000Z
Co-authored-by: Adam Ross Russell &lt;adamrr@github.com&gt;
Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-oidc-for-enterprise-managed-users.md
@@ -36,6 +36,8 @@ To change the lifetime policy property, you will need the object ID associated w
 
 Support for OIDC is available for customers using Entra ID.
 
+{% data reusables.enterprise-accounts.gov-cloud-idp-not-supported %}
+
 Each Entra ID tenant can support only one OIDC integration with {% data variables.product.prodname_emus %}. If you want to connect Entra ID to more than one enterprise on {% data variables.product.prodname_dotcom %}, use SAML instead. See [AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-saml-single-sign-on-for-enterprise-managed-users).
 
 OIDC does not support IdP-initiated authentication.
diff --git a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md
@@ -27,6 +27,8 @@ With {% data variables.product.prodname_emus %}, access to your enterprise's res
 
 After you configure SAML SSO, we recommend storing your recovery codes so you can recover access to your enterprise in the event that your IdP is unavailable.
 
+{% data reusables.enterprise-accounts.gov-cloud-idp-not-supported %}
+
 {% data reusables.enterprise_user_management.SAML-to-OIDC-migration-for-EMU %}
 
 ## Prerequisites
diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md
@@ -26,6 +26,8 @@ category:
 
 If you use a partner IdP, you can simplify the configuration of SCIM provisioning by using the partner IdP's application. If you don't use a partner IdP for provisioning, you can implement SCIM using calls to {% data variables.product.company_short %}'s REST API for SCIM. For more information, see {% ifversion ghec %}[AUTOTITLE](/admin/managing-iam/understanding-iam-for-enterprises/about-enterprise-managed-users#identity-management-systems).{% else %}[AUTOTITLE](/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes#supported-identity-providers).{% endif %}
 
+{% data reusables.enterprise-accounts.gov-cloud-idp-not-supported %}
+
 {% ifversion ghes %}
 
 ## Who needs to follow these instructions?
diff --git a/content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md b/content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md
@@ -65,11 +65,13 @@ If an unauthenticated user attempts to sign in to {% data variables.location.pro
 
 For more information about connecting Microsoft Entra ID (previously known as Azure AD) to your enterprise, see [Tutorial: Microsoft Entra SSO integration with GitHub Enterprise Cloud - Enterprise Account](https://learn.microsoft.com/en-us/entra/identity/saas-apps/github-enterprise-cloud-enterprise-account-tutorial) in Microsoft Docs.
 
+{% data reusables.enterprise-accounts.gov-cloud-idp-not-supported %}
+
 {% elsif ghes %}
 
 For more information about connecting Entra ID to your enterprise, see [Tutorial: Microsoft Entra SSO integration with GitHub Enterprise Server](https://learn.microsoft.com/en-us/entra/identity/saas-apps/github-ae-tutorial) in Microsoft Docs.
 
-We do not have a supported partner application when using Entra ID for Azure Government. 
+{% data reusables.enterprise-accounts.gov-cloud-idp-not-supported %}
 
 ## Username considerations with SAML
 
diff --git a/data/reusables/enterprise-accounts/gov-cloud-idp-not-supported.md b/data/reusables/enterprise-accounts/gov-cloud-idp-not-supported.md
@@ -0,0 +1 @@
+> [!NOTE] {% data variables.product.company_short %} does not test or validate identity provider (IdP) gallery applications for use in Government Cloud environments, including Microsoft Entra ID Government Cloud and Okta Government Cloud. Authentication and SCIM provisioning issues that involve gallery applications in these environments fall outside {% data variables.product.company_short %}'s [scope of support](/support/learning-about-github-support/about-github-support#scope-of-support).

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+> [!NOTE] {% data variables.product.company_short %} does not test or validate identity provider (IdP) gallery applications for use in Government Cloud environments, including Microsoft Entra ID Government Cloud and Okta Government Cloud. Authentication and SCIM provisioning issues that involve gallery applications in these environments fall outside {% data variables.product.company_short %}'s [scope of support](/support/learning-about-github-support/about-github-support#scope-of-support).`