IP Allow List Expansion for EMU Namespaces

GitHub Enterprise Cloud users with Enterprise Managed Users (EMUs) can now apply IP allow list policies to user namespaces, extending enterprise network security controls beyond shared organization repositories.

What's New

GitHub's native IP allow list configuration now covers repositories owned by EMU user accounts in public preview. Previously, IP allow lists could be configured at the enterprise level, but did not apply to repositories owned by individual user namespaces. This update addresses the security gap for enterprises that manage user accounts directly.

Coverage and Implementation

The IP allow list policy now protects access through multiple channels:

• Web UI access to user namespace repositories
• Git protocol operations (push, pull, clone)
• API requests to repositories and resources
• All credential types: personal access tokens (PATs), GitHub App tokens, and SSH keys

This ensures consistent network policy enforcement regardless of how users and systems interact with repositories.

How to Use

Administrators of GitHub Enterprise Cloud with EMU enabled can configure this feature through the enterprise security settings. For implementation details and configuration steps, refer to the IP allow list documentation in GitHub's admin guides.

This feature is currently in public preview and available for testing and feedback.