The GitHub Administration certification exam has been developed for IT professionals and DevOps engineers who manage GitHub Enterprise environments. The certification validates your ability to secure, scale, and streamline GitHub usage across organizations.
The GH-100: GitHub Administration certification Exam evaluates everything from identity and access control to CI/CD pipelines, automation, and governance, making it perfect for those aiming to level up their GitHub admin capabilities.
Who should take the Exam?
The GH-100: GitHub Administration exam has been developed for system administrators, software developers, application administrators, and IT professionals with intermediate-level experience in GitHub Enterprise Administration.
Skills Required
GH-100: GitHub Administration exam requires the following skills -
Git fundamentals: Cloning, pushing, pulling, forking, branching, and merging
GitHub basics: Repositories, pull requests, issues, and workflows
CI/CD concepts: Understanding pipelines, runners, and workflow jobs
Identity management principles: SAML, OAuth, SCIM, team syncing, RBAC
Basic scripting: Bash, PowerShell, or similar for automating tasks
Familiarity with GitHub Enterprise Cloud and GitHub Actions is especially helpful.
Knowledge Gained
By the end of your preparation and certification, you will be equipped to -
Administer GitHub at scale: Configure organizations, repos, teams, permissions, and security settings
Implement secure authentication and identity management: Including SAML SSO, SCIM provisioning, and 2FA enforcement
Set up and manage GitHub Actions: Reusable workflows, self-hosted runners, secret management, and job distribution
Use GitHub Packages and manage artifacts: Publish, share, and secure packages like npm, Docker, Maven, etc.
Govern GitHub usage across the enterprise: Set default settings, usage quotas, audit logs, and policies
Automate workflows using APIs and scripting: Utilize REST and GraphQL APIs for enterprise-wide automation
Troubleshoot and support enterprise GitHub users: Distinguish local vs. GitHub support needs, use support bundles
Exam Details
Code: GH‑100
Duration: 100 minutes
Format: Multiple-choice & scenario-based
Language: English
Valid For: 2 years
Why Take This Certification?
Boost credibility as a GitHub Enterprise administrator
Show real-world skills in CI/CD, identity, security, and workflow automation
Stand out in roles like DevOps Engineer, Site Reliability Engineer, Platform Admin, or GitHub Solutions Architect
Join a growing certified community, with many reporting job growth and role expansion post-certification
Course Outline
The GH-100: GitHub Administration exam covers the following topics -
Module 1: Describe how to support GitHub Enterprise for users and key stakeholders (15%) 1.1 Explain Support GitHub Enterprise for users and key stakeholders
Learn to distinguish problems that can be solved by an administrator from those that need GitHub Support
Learn to generate support bundles and diagnostics
Learn how GitHub’s products and services are used within the enterprise to identify underutilized features, integrations in use, most active teams, and repositories
Learn about recommended standards for developer workflows, branching, branch protection rules, code owners, the code review process, automation, and release strategy
Learn about the tooling ecosystem at the enterprise
Learn about the enterprise’s CI/CD strategy
Learn how to recommend tooling and workflows to teams within an enterprise
Learn how GitHub APIs can be used to extend the capabilities of the administrator from the user interface, such as querying or storing the audit log
Learn to locate an asset from the GitHub Marketplace for a specific need (i.e., find the Azure Pipelines GitHub App in the Marketplace, install it, and configure it to deploy your code)
Learn to contrast GitHub App and an action (i.e., their permissions, how they’re built, how they’re consumed)
Learn about the benefits and risks of using apps and actions from the GitHub Marketplace
Module 2: Describe how to manage user identities and GitHub authentication (20%) 2.1 Explain how to manage user identities and GitHub authentication
Learn about the various implications of enabling SAML single sign-on (SSO) for an individual organization versus all organizations in an enterprise account
Learn about the various steps to enable and enforce SAML SSO for a single organization and multiple organizations using enterprise accounts
Learn how to require two-factor authentication (2FA) for an organization
Learn how to choose supported identity providers
Learn how identity management and authorization works on GitHub
Learn about the variousconsequences of a user’s membership in the instance, an organization, or multiple organizations
Learn the authentication and authorization model (specifically, how users get to the system, and how they’re granted access to specific things within GitHub)
Learn about the various supported SCIM providers (Azure, Okta, self-created)
Learn how the SCIM protocol works and how GitHub supports it
Learn how Team synchronization works
Learn about the Contrast team synchronization and SCIM
Module 3: Describe how GitHub is deployed, distributed, and licensed (5%) 3.1 Explain the capabilities of GitHub Enterprise Server (GHES), GitHub Enterprise Cloud (GHEC), and GitHub AE (GHAE)
Learn GitHub Enterprise Cloud (GHEC)
Learn GitHub Enterprise Server (GHES)
Learn GitHub AE
3.2 Explain the differentiation how products are billed, including seat licenses, GitHub Actions, and GitHub Packages
Learn pricing for GitHub Actions
Learn pricing and support options for organizations
Learn how to find statistics of license usage for a specific organization
Learn how to find statistics of license usage for machine accounts and peripheral services
Learn the consumption of metered products given a report (i.e., GitHub Actions minutes or storage for GitHub Packages)
Module 4: Describe to Manage access and permissions based on membership (20%) 4.1 Explain a GitHub organization
Learn the benefits and costs of deploying a single organization versus multiple organizations
Learn how to set default read permissions versus default write permissions across organizations
Learn Team sync through AD
Learn about maintainability; writing scripts against multiple orgs and multiple access rights
Learn how to adjust enterprise policies and organization permissions in alignment with a company’s trust and control position
4.2 Explain enterprise permissions and policies
Learn to define a GitHub organization
Learn about the possible roles of an organization member
Learn contrast permissions for organization members, owners, and billing managers
Learn the difference between being an organization member and an outside collaborator
Learn about the consequences of a user’s membership in an instance or organization
Learn how to give a user the minimum required permissions for repository, organization, or team access.
Learn about the benefits and the drawbacks of creating a new organization
4.3 Explain team permissions
Learn to define Teams in a GitHub organization
Learn about the possible roles of a team member
Learn the different permission models
4.4 Explain Repository permissions
Learn the actions of a user given a list of their permissions, such as repository role, team membership, or organization membership
Learn about the repository membership options
Learn audit access to a repository
Module 5: Describe to enable secure software development and ensure compliance (15%) 5.1 Explain to enable secure software development and ensure compliance
Learn how GitHub supports the enterprise’s security posture
Learn scrubbing sensitive data from a Git repository (filter-branch/BFG)
Learn scrubbing sensitive data from GitHub (contacting support)
Learn how to choose a policy based on how much control is required
Learn the impacts of choosing a specific set of policies
Learn organization policies
Learn enterprise policies
5.2 Explain how to utilize the audit log APIs (Rest and GraphQL) to explain a missing asset
Learn the use case for audit logs
Learn security and compliance concepts with GitHub
Learn how to provide reports for auditing
5.3 Explain the importance of the security features of a GitHub repository
Learn the importance of a security policy
Learn to define a vulnerability
Learn a vulnerable dependency
Learn the importance of secret scanning
Learn the importance of code scanning
Learn automated code scanning (CodeQL)
Learn the dependency graph
Learn the importance of a security advisory
Learn Dependabot
Learn to detect and fix outdated dependencies with security vulnerabilities
Learn security vulnerability alerts
Learn to create and implement a security response plan that addresses sensitive data on a GitHub repository
Learn how to use SSH keys and deploy keys to access repository data
5.4 API access and integrations
Learn supported access tokens ( PAT, Installation Tokens, OAuth and GitHub app OAuth tokens, Device Tokens, Refresh tokens)
Learn how to find a token’s rate limits
Learn GitHub Apps, their repository permissions, user permissions, and event subscriptions
Learn OAuth Apps, their permissions, and event subscriptions
Learn Contrast the use of a personal access token (PAT) or a GitHub App for authenticating a machine account
Learn the use of machine accounts versus GitHub apps
Learn how to approve or deny user-created GitHub Apps and OAuth apps based on a security policy
Learn how to define an enterprise managed user (EMU)
Module 6: Describe managing GitHub Actions (20%) 6.1 Explain how to distribute actions and workflows to the enterprise
Learn to identify and reuse templates for actions and workflows
Learn an approach for managing and leveraging reusable components (i.e., repos for storage, naming conventions for files/folders, plans for ongoing maintenance)
Learn how to distribute actions for an enterprise
Learn how to control access to actions within the enterprise
Learn to configure organizational use policies for GitHub Actions
6.2 Explain how to manage runners for the enterprise
Learn the effects of configuring IP allow lists on GitHub-hosted and self-hosted runners
Learn configure IP allow lists on internal applications and systems to allow interaction with GitHub-hosted runners
Learn the effects and potential abuse vectors of enabling self-hosted runners on public repositories
Learn to select appropriate runners to support workloads (i.e., using a self-hosted versus GitHub-hosted runner, choosing supported operating systems)
Learn to contrast GitHub-hosted and self-hosted runners
Learn to configure self-hosted runners for enterprise use (i.e., including proxies, labels, and networking)
Learn to manage self-hosted runners using groups (i.e., managing access, moving runners into and between groups)
Learn to monitor, troubleshoot, and update self-hosted runners
6.3 Explain how to manage encrypted secrets in the enterprise
Learn to identify the scope of encrypted secrets
Learn how to access encrypted secrets within actions and workflows
Learn how to manage organization-level encrypted secrets
Learn how to manage repository-level encrypted secrets
Learn how to use third-party vaults
Module 7: Describe Manage GitHub Packages (5%)
Learn which GitHub Packages are supported
Learn how to access, write, and share GitHub Packages
Learn how to use GitHub Packages in workflows (i.e., with GitHub Actions or other CI/CD tools)
Learn the differences and use cases between GitHub Packages and releases