GH-100: GitHub Administration Practice Exam

The GitHub Administration certification exam has been developed for IT professionals and DevOps engineers who manage GitHub Enterprise environments. The certification validates your ability to secure, scale, and streamline GitHub usage across organizations.

The GH-100: GitHub Administration certification Exam evaluates everything from identity and access control to CI/CD pipelines, automation, and governance, making it perfect for those aiming to level up their GitHub admin capabilities.

Who should take the Exam?

The GH-100: GitHub Administration exam has been developed for system administrators, software developers, application administrators, and IT professionals with intermediate-level experience in GitHub Enterprise Administration.

Skills Required

GH-100: GitHub Administration exam requires the following skills - 

• Git fundamentals: Cloning, pushing, pulling, forking, branching, and merging
• GitHub basics: Repositories, pull requests, issues, and workflows
• CI/CD concepts: Understanding pipelines, runners, and workflow jobs
• Identity management principles: SAML, OAuth, SCIM, team syncing, RBAC
• Basic scripting: Bash, PowerShell, or similar for automating tasks
• DevSecOps awareness: Code scanning, secret scanning, dependency management
• Familiarity with GitHub Enterprise Cloud and GitHub Actions is especially helpful.

 Knowledge Gained

By the end of your preparation and certification, you will be equipped to - 

• Administer GitHub at scale: Configure organizations, repos, teams, permissions, and security settings

• Implement secure authentication and identity management: Including SAML SSO, SCIM provisioning, and 2FA enforcement
• Set up and manage GitHub Actions: Reusable workflows, self-hosted runners, secret management, and job distribution
• Use GitHub Packages and manage artifacts: Publish, share, and secure packages like npm, Docker, Maven, etc.
• Govern GitHub usage across the enterprise: Set default settings, usage quotas, audit logs, and policies
• Automate workflows using APIs and scripting: Utilize REST and GraphQL APIs for enterprise-wide automation
• Troubleshoot and support enterprise GitHub users: Distinguish local vs. GitHub support needs, use support bundles

Exam Details

• Code: GH‑100

• Duration: 100 minutes

• Format: Multiple-choice & scenario-based

• Language: English

• Valid For: 2 years

Why Take This Certification?

• Boost credibility as a GitHub Enterprise administrator

• Show real-world skills in CI/CD, identity, security, and workflow automation

• Stand out in roles like DevOps Engineer, Site Reliability Engineer, Platform Admin, or GitHub Solutions Architect
• Join a growing certified community, with many reporting job growth and role expansion post-certification

Course Outline 

The GH-100: GitHub Administration exam covers the following topics - 

Module 1: Describe how to support GitHub Enterprise for users and key stakeholders (15%)
1.1 Explain Support GitHub Enterprise for users and key stakeholders

• Learn to distinguish problems that can be solved by an administrator from those that need GitHub Support
• Learn to generate support bundles and diagnostics
• Learn how GitHub’s products and services are used within the enterprise to identify underutilized features, integrations in use, most active teams, and repositories
• Learn about recommended standards for developer workflows, branching, branch protection rules, code owners, the code review process, automation, and release strategy
• Learn about the tooling ecosystem at the enterprise
• Learn about the enterprise’s CI/CD strategy
• Learn how to recommend tooling and workflows to teams within an enterprise
• Learn how GitHub APIs can be used to extend the capabilities of the administrator from the user interface, such as querying or storing the audit log
• Learn to locate an asset from the GitHub Marketplace for a specific need (i.e., find the Azure Pipelines GitHub App in the Marketplace, install it, and configure it to deploy your code)
• Learn to contrast GitHub App and an action (i.e., their permissions, how they’re built, how they’re consumed)
• Learn about the benefits and risks of using apps and actions from the GitHub Marketplace

Module 2: Describe how to manage user identities and GitHub authentication (20%)
2.1 Explain how to manage user identities and GitHub authentication

• Learn about the various implications of enabling SAML single sign-on (SSO) for an individual organization versus all organizations in an enterprise account
• Learn about the various steps to enable and enforce SAML SSO for a single organization and multiple organizations using enterprise accounts
• Learn how to require two-factor authentication (2FA) for an organization
• Learn how to choose supported identity providers
• Learn how identity management and authorization works on GitHub
• Learn about the variousconsequences of a user’s membership in the instance, an organization, or multiple organizations
• Learn the authentication and authorization model (specifically, how users get to the system, and how they’re granted access to specific things within GitHub)
• Learn about the various supported SCIM providers (Azure, Okta, self-created)
• Learn how the SCIM protocol works and how GitHub supports it
• Learn how Team synchronization works
• Learn about the Contrast team synchronization and SCIM

Module 3: Describe how GitHub is deployed, distributed, and licensed (5%)
3.1 Explain the capabilities of GitHub Enterprise Server (GHES), GitHub Enterprise Cloud (GHEC), and GitHub AE (GHAE)

• Learn GitHub Enterprise Cloud (GHEC)
• Learn GitHub Enterprise Server (GHES)
• Learn GitHub AE

3.2 Explain the differentiation how products are billed, including seat licenses, GitHub Actions, and GitHub Packages

• Learn pricing for GitHub Actions
• Learn pricing and support options for organizations
• Learn how to find statistics of license usage for a specific organization
• Learn how to find statistics of license usage for machine accounts and peripheral services
• Learn the consumption of metered products given a report (i.e., GitHub Actions minutes or storage for GitHub Packages)

Module 4: Describe to Manage access and permissions based on membership (20%)
4.1 Explain a GitHub organization

• Learn the benefits and costs of deploying a single organization versus multiple organizations
• Learn how to set default read permissions versus default write permissions across organizations
• Learn Team sync through AD
• Learn about maintainability; writing scripts against multiple orgs and multiple access rights
• Learn how to adjust enterprise policies and organization permissions in alignment with a company’s trust and control position

4.2 Explain enterprise permissions and policies

• Learn to define a GitHub organization
• Learn about the possible roles of an organization member
• Learn contrast permissions for organization members, owners, and billing managers
• Learn the difference between being an organization member and an outside collaborator
• Learn about the consequences of a user’s membership in an instance or organization
• Learn how to give a user the minimum required permissions for repository, organization, or team access.
• Learn about the benefits and the drawbacks of creating a new organization

4.3 Explain team permissions

• Learn to define Teams in a GitHub organization
• Learn about the possible roles of a team member
• Learn the different permission models

4.4 Explain Repository permissions

• Learn the actions of a user given a list of their permissions, such as repository role, team membership, or organization membership 
• Learn about the repository membership options
• Learn audit access to a repository

Module 5: Describe to enable secure software development and ensure compliance (15%)
5.1 Explain to enable secure software development and ensure compliance

• Learn how GitHub supports the enterprise’s security posture
• Learn scrubbing sensitive data from a Git repository (filter-branch/BFG)
• Learn scrubbing sensitive data from GitHub (contacting support)
• Learn how to choose a policy based on how much control is required
• Learn the impacts of choosing a specific set of policies
• Learn organization policies
• Learn enterprise policies

5.2 Explain how to utilize the audit log APIs (Rest and GraphQL) to explain a missing asset

• Learn the use case for audit logs
• Learn security and compliance concepts with GitHub
• Learn how to provide reports for auditing

5.3 Explain the importance of the security features of a GitHub repository

• Learn the importance of a security policy
• Learn to define a vulnerability
• Learn a vulnerable dependency
• Learn the importance of secret scanning
• Learn the importance of code scanning
• Learn automated code scanning (CodeQL)
• Learn the dependency graph
• Learn the importance of a security advisory
• Learn Dependabot
• Learn to detect and fix outdated dependencies with security vulnerabilities
• Learn security vulnerability alerts
• Learn to create and implement a security response plan that addresses sensitive data on a GitHub repository
• Learn how to use SSH keys and deploy keys to access repository data

5.4 API access and integrations

• Learn supported access tokens ( PAT, Installation Tokens, OAuth and GitHub app OAuth tokens, Device Tokens, Refresh tokens)
• Learn how to find a token’s rate limits
• Learn GitHub Apps, their repository permissions, user permissions, and event subscriptions
• Learn OAuth Apps, their permissions, and event subscriptions
• Learn Contrast the use of a personal access token (PAT) or a GitHub App for authenticating a machine account
• Learn the use of machine accounts versus GitHub apps
• Learn how to approve or deny user-created GitHub Apps and OAuth apps based on a security policy
• Learn how to define an enterprise managed user (EMU)

Module 6: Describe managing GitHub Actions (20%)
6.1 Explain how to distribute actions and workflows to the enterprise

• Learn to identify and reuse templates for actions and workflows
• Learn an approach for managing and leveraging reusable components (i.e., repos for storage, naming conventions for files/folders, plans for ongoing maintenance)
• Learn how to distribute actions for an enterprise
• Learn how to control access to actions within the enterprise
• Learn to configure organizational use policies for GitHub Actions

6.2 Explain how to manage runners for the enterprise

• Learn the effects of configuring IP allow lists on GitHub-hosted and self-hosted runners
• Learn configure IP allow lists on internal applications and systems to allow interaction with GitHub-hosted runners
• Learn the effects and potential abuse vectors of enabling self-hosted runners on public repositories
• Learn to select appropriate runners to support workloads (i.e., using a self-hosted versus GitHub-hosted runner, choosing supported operating systems)
• Learn to contrast GitHub-hosted and self-hosted runners
• Learn to configure self-hosted runners for enterprise use (i.e., including proxies, labels, and networking)
• Learn to manage self-hosted runners using groups (i.e., managing access, moving runners into and between groups)
• Learn to monitor, troubleshoot, and update self-hosted runners

6.3 Explain how to manage encrypted secrets in the enterprise

• Learn to identify the scope of encrypted secrets
• Learn how to access encrypted secrets within actions and workflows
• Learn how to manage organization-level encrypted secrets
• Learn how to manage repository-level encrypted secrets
• Learn how to use third-party vaults

Module 7: Describe Manage GitHub Packages (5%)

• Learn which GitHub Packages are supported
• Learn how to access, write, and share GitHub Packages
• Learn how to use GitHub Packages in workflows (i.e., with GitHub Actions or other CI/CD tools)
• Learn the differences and use cases between GitHub Packages and releases