GH-100 Preparation Details
Preparing for the GH-100 GitHub Administration certification exam? Start here with a complete, objective-wise GH-100 study guide designed to help you pass faster.
This guide brings together official Microsoft documentation, key concepts, and curated resources for every GH-100 exam objective, making it ideal for both beginners and last-minute revision.
Looking for the best GH-100 preparation resources in one place? This page covers everything you need to get exam-ready with confidence.
If this helped you, share it with others preparing for the GH-100 certification exam.
Exam Voucher for GH-100 with 1 Retake
Get 40% OFF with the combo
GH-100 GitHub Materials
| Udemy | GitHub Administration Certification |
| Coursera | GitHub Enterprise Administration |
| Whizlabs | GitHub Foundations Certification Course |
Domain 1: Support GitHub Enterprise for users and key stakeholders (15%)
Support GitHub Enterprise for users and key stakeholders
Distinguish problems that can be solved by an administrator from those that need GitHub Support
Describe how to generate support bundles and diagnostics
About support bundles for GitHub Enterprise Server
Providing data to GitHub Support
Describe how GitHub’s products and services are used within the enterprise to identify underutilized features, integrations in use, most active teams, and repositories
Viewing people in your enterprise
Monitoring activity in your enterprise
Recommend standards for developer workflows, including code collaboration, branching, branch protection rules, code owners, the code review process, automation, and release strategy
Managing a branch protection rule
Explain the tooling ecosystem at the enterprise
About GitHub Marketplace for apps
Explain the enterprise’s CI/CD strategy
Discuss how to recommend tooling and workflows to teams within an enterprise
Enforcing policies for GitHub Actions in your enterprise
Sharing workflows, secrets, and runners with your organization
Explain how GitHub APIs can be used to extend the capabilities of the administrator, such as querying or storing the audit log
Using the audit log API for your enterprise
Managing enterprise accounts – GraphQL API
Locate an asset from the GitHub Marketplace for a specific need
About GitHub Marketplace for apps
Installing a GitHub App from GitHub Marketplace for your organizations
Contrast a GitHub App and an action (permissions, how they’re built, how they’re consumed)
Deciding when to build a GitHub App
List the benefits and risks of using apps and actions from the GitHub Marketplace
Security hardening for GitHub Actions
Best practices for creating a GitHub App
Domain 2: Manage user identities and GitHub authentication (20%)
Manage user identities and GitHub authentication
List the implications of enabling SAML SSO for an individual organization versus all organizations in an enterprise account
About identity and access management with SAML SSO
Switching your SAML configuration from an organization to an enterprise account
List the steps to enable and enforce SAML SSO for a single organization and multiple organizations using enterprise accounts
Enabling and testing SAML SSO for your organization
Enforcing SAML SSO for your organization
Configuring SAML SSO for your enterprise
Explain how to require two-factor authentication (2FA) for an organization
Requiring two-factor authentication in your organization
Preparing to require two-factor authentication in your organization
Explain how to choose supported identity providers
Connecting your identity provider to your organization
Describe how identity management and authorization works on GitHub
About authentication with single sign-on
Identity and access management for GitHub Enterprise Cloud
List the consequences of a user’s membership in the instance, an organization, or multiple organizations
Preparing to enforce SAML SSO in your organization
Describe the authentication and authorization model
About authentication with single sign-on
Configuring SAML SSO for your enterprise
List the supported SCIM providers (Azure, Okta, self-created)
Connecting your identity provider to your organization
Configuring SCIM provisioning for Enterprise Managed Users
Describe how the SCIM protocol works and how GitHub supports it
Provisioning accounts with SCIM – GitHub Enterprise Server
Describe how Team synchronization works
Managing team synchronization for your organization
Synchronizing a team with an identity provider group
Contrast team synchronization and SCIM
Configuring SAML SSO and SCIM using Okta
Domain 3: Describe how GitHub is deployed, distributed, and licensed (5%)
Contrast the capabilities of GitHub Enterprise Server (GHES), GitHub Enterprise Cloud (GHEC), and GitHub AE (GHAE)
Describe GitHub Enterprise Cloud (GHEC)
Describe GitHub Enterprise Server (GHES)
About GitHub Enterprise Server
Getting started with GitHub Enterprise Cloud
Describe GitHub AE
About GitHub for enterprises – GitHub Enterprise Server 3.3
Differentiate how products are billed, including seat licenses, GitHub Actions, and GitHub Packages
Describe pricing for GitHub Actions
Billing and usage for GitHub Actions
Describe pricing and support options for organizations
Combined GitHub Enterprise cloud and server use
Describe how to find statistics of license usage for a specific organization
Viewing your usage of metered products and licenses
Downloading license use for your enterprise or organization
Describe how to find statistics of license usage for machine accounts and peripheral services
Viewing your usage of metered products and licenses
Combined GitHub Enterprise cloud and server use
Explain the consumption of metered products given a report (i.e., GitHub Actions minutes or storage for GitHub Packages)
Viewing your usage of metered products and licenses
Domain 4: Manage access and permissions based on membership (20%)
Define a GitHub organization
Explain the benefits and costs of deploying a single organization versus multiple organizations
Best practices for organizing work in your enterprise
Best practices for structuring organizations in your enterprise – GHES
Describe how to set default read permissions versus default write permissions across organizations
Enforcing repository management policies in your enterprise
Setting base permissions for an organization
Describe Team sync through AD
Managing team synchronization for your organization
Synchronizing a team with an identity provider group
Explain maintainability; writing scripts against multiple orgs and multiple access rights
Using the audit log API for your enterprise
Managing enterprise accounts – GraphQL API
Describe how to adjust enterprise policies and organization permissions in alignment with a company’s trust and control position
Enforcing repository management policies in your enterprise
Enforcing policies for your enterprise
Describe enterprise permissions and policies
Define a GitHub organization
List the possible roles of an organization member
Contrast permissions for organization members, owners, and billing managers
Permissions of custom organization roles
Describe the difference between being an organization member and an outside collaborator
Adding outside collaborators to repositories in your organization
List the consequences of a user’s membership in an instance or organization
Preparing to enforce SAML SSO in your organization
Explain how to give a user the minimum required permissions for repository, organization, or team access
Repository roles for an organization
About custom organization roles
List the benefits and the drawbacks of creating a new organization
Best practices for organizing work in your enterprise
Describe team permissions
Define Teams in a GitHub organization
List the possible roles of a team member
Assigning the team maintainer role to a team member
Describe the different permission models
Repository roles for an organization
Repository permissions
Explain the actions of a user given a list of their permissions, such as repository role, team membership, or organization membership
Repository roles for an organization
Permissions of custom organization roles
List the repository membership options
Repository roles for an organization
Managing teams and people with access to your repository
Explain audit access to a repository
Reviewing the audit log for your organization
Audit log events for your enterprise
Domain 5: Enable secure software development and ensure compliance (15%)
Enable secure software development and ensure compliance
Explain how GitHub supports the enterprise’s security posture
Establishing a governance framework for your enterprise
Describe scrubbing sensitive data from a Git repository (filter-branch/BFG)
Removing sensitive data from a repository
Best practices for preventing data leaks in your organization
Describe scrubbing sensitive data from GitHub (contacting support)
Removing sensitive data from a repository
Explain how to choose a policy based on how much control is required
Establishing a governance framework for your enterprise
Best practices for organizing work in your enterprise
Explain the impacts of choosing a specific set of policies
Enforcing policies for your enterprise
Enforcing repository management policies in your enterprise
Define organization policies
Managing organization settings
Setting permissions for adding outside collaborators
Define enterprise policies
Enforcing policies for your enterprise
Establishing a governance framework for your enterprise
Describe how to use the audit log APIs (REST and GraphQL) to explain a missing asset
Define the use case for audit logs
Reviewing the audit log for your organization
Using the audit log API for your enterprise
Describe security and compliance concepts with GitHub
Establishing a governance framework for your enterprise
Explain how to provide reports for auditing
Reviewing the audit log for your organization
Define and explain the importance of the security features of a GitHub repository
Explain the importance of a security policy
Adding a security policy to your repository
Define a vulnerability
About GitHub’s advisory database
Describe a vulnerable dependency
Explain the importance of secret scanning
Best practices for preventing data leaks in your organization
Explain the importance of code scanning
Describe automated code scanning (CodeQL)
Explain the dependency graph
Exploring the dependencies of a repository
Explain the importance of a security advisory
About repository security advisories
About GitHub’s advisory database
Describe Dependabot
Detect and fix outdated dependencies with security vulnerabilities
About Dependabot security updates
Describe security vulnerability alerts
Create and implement a security response plan that addresses sensitive data on a GitHub repository
Removing sensitive data from a repository
Best practices for preventing data leaks in your organization
Describe how to use SSH keys and Deploy keys to access repository data
API access and integrations
List supported access tokens (PAT, Installation Tokens, OAuth and GitHub app OAuth tokens, Device Tokens, Refresh tokens)
About authentication to GitHub
Keeping your API credentials secure
Explain how to find a token’s rate limits
Differences between GitHub Apps and OAuth apps
Describe GitHub Apps, their repository permissions, user permissions, and event subscriptions
Choosing permissions for a GitHub App
Describe OAuth Apps, their permissions, and event subscriptions
Contrast the use of a PAT or a GitHub App for authenticating a machine account
Differences between GitHub Apps and OAuth apps
Deciding when to build a GitHub App
Describe the use of machine accounts versus GitHub apps
Differences between GitHub Apps and OAuth apps
Best practices for creating a GitHub App
Explain how to approve or deny user-created GitHub Apps and OAuth apps based on a security policy
Limiting OAuth app and GitHub App access requests and installations
Approving OAuth apps for your organization
Define an enterprise managed user (EMU)
About Enterprise Managed Users
Getting started with Enterprise Managed Users
Domain 6: Manage GitHub Actions (20%)
Distribute actions and workflows to the enterprise
Identify reuse templates for actions and workflows
Creating workflow templates for your organization
Define an approach for managing and leveraging reusable components
Sharing actions and workflows with your enterprise
Introducing GitHub Actions to your enterprise
Define how to distribute actions for an enterprise
Sharing actions and workflows with your enterprise
Planning a rollout of GitHub Actions
Explain how to control access to actions within the enterprise
Enforcing policies for GitHub Actions in your enterprise
Managing GitHub Actions settings for a repository
Configure organizational use policies for GitHub Actions
Disabling or limiting GitHub Actions for your organization
Enforcing policies for GitHub Actions in your enterprise
Manage runners for the enterprise
Describe the effects of configuring IP allow lists on GitHub-hosted and self-hosted runners
GitHub-hosted runners reference
Configure IP allow lists on internal applications and systems to allow interaction with GitHub-hosted runners
About Azure private networking for GitHub-hosted runners in your enterprise
About Azure private networking for GitHub-hosted runners in your organization
List the effects and potential abuse vectors of enabling self-hosted runners on public repositories
Security hardening for GitHub Actions
Select appropriate runners to support workloads
Introducing GitHub Actions to your enterprise
Contrast GitHub-hosted and self-hosted runners
GitHub-hosted runners reference
Configure self-hosted runners for enterprise use (including proxies, labels, networking)
Using proxy servers with a runner
Using labels with self-hosted runners
Manage self-hosted runners using groups (managing access, moving runners into and between groups)
Managing access to self-hosted runners using groups
Planning a rollout of GitHub Actions
Monitor, troubleshoot, and update self-hosted runners
Monitoring and troubleshooting self-hosted runners
Autoscaling with self-hosted runners
Manage encrypted secrets in the enterprise
Identify the scope of encrypted secrets
Understanding GitHub secret types
Explain how to access encrypted secrets within actions and workflows
Using secrets in GitHub Actions
Explain how to manage organization-level encrypted secrets
Using secrets in GitHub Actions
REST API endpoints for GitHub Actions Secrets
Describe how to manage repository-level encrypted secrets
Using secrets in GitHub Actions
Understanding GitHub secret types
Describe how to use third-party vaults
About security hardening with OpenID Connect
Domain 7: Manage GitHub Packages (5%)
Describe which GitHub Packages are supported
Introduction to GitHub Packages
Working with a GitHub Packages registry
About permissions for GitHub Packages
Describe how to access, write, and share GitHub Packages
Configuring a package’s access control and visibility
Authenticating to GitHub Packages
Working with the Container registry
Describe how to use GitHub Packages in workflows (i.e., with GitHub Actions or other CI/CD tools)
About GitHub Packages and GitHub Actions
Publishing and installing a package with GitHub Actions
Quickstart for GitHub Packages
Explain the differences and use cases between GitHub Packages and releases
Introduction to GitHub Packages
Managing releases in a repository
This brings us to the end of the GH-100 GitHub Administration Study Guide.
What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you about how your preparation is going on!
In case you are preparing for other GitHub certification exams, check out the GitHub section for those exams.
Follow Me to Receive Updates on the GH-100 Exam
Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the links below so it can benefit others.