GH-100 · Question #36
GH-100 Question #36: Real Exam Question with Answer & Explanation
The correct answer is A: EMUs are fully controlled by an IdP and cannot log in with personal credentials. Option A is correct because Enterprise Managed Users are provisioned and controlled entirely through an external Identity Provider (IdP) like Azure AD or Okta via SCIM. EMU accounts have no independent existence - they cannot set personal passwords, sign in with GitHub credential
Question
What distinguishes Enterprise Managed Users (EMUs) from standard GitHub accounts?
Options
- AEMUs are fully controlled by an IdP and cannot log in with personal credentials
- BEMUs can only be created using email invites
- CEMUs are managed in GitHub and use GitHub authentication
- DEMUs are only available for GitHub Enterprise Server
Explanation
Option A is correct because Enterprise Managed Users are provisioned and controlled entirely through an external Identity Provider (IdP) like Azure AD or Okta via SCIM. EMU accounts have no independent existence - they cannot set personal passwords, sign in with GitHub credentials, or take actions outside what the enterprise permits.
Why the distractors are wrong:
- B is wrong because EMUs are not created via email invites; they're automatically provisioned by the IdP through SCIM, with no manual invite flow.
- C has it backwards - EMUs are managed by the IdP, not by GitHub, and they use IdP authentication (SSO), not GitHub's own auth system.
- D is wrong because EMUs are a feature of GitHub Enterprise Cloud, not Enterprise Server (GHES has its own separate authentication model).
Memory tip: Think of EMU as "Externally Managed User" - every word points to the IdP being in charge. If the IdP controls it, the user can't bypass it with personal credentials.
Topics
Community Discussion
No community discussion yet for this question.