Getting asked to sign-in using SSO even after leaving the organisation

[fourpointfour]

Select Topic Area

Question

Body

Hi folks,

I was a part of an organisation before and have forked a few public repositories from there, I had the Okta SSO enabled so whenever I used to open a PR or commit in those repositories, I needed to authenticate using SSO.

Now I have left the organisation but when I open the pull requests tab for any of those public repositories, I am still being asked to authenticate using SSO, which I cannot do because I do not have any access to my previous organisation's SSO tool. Funny enough, I can copy the link and open the link in an incognito window properly where my GitHub account is not logged in so the issue is definitely connected somewhere with my account.

My question is, how do I resolve this? I am no longer a part of the organisation and I do not have any links with it now and yet somewhere, some connections seems to be active.

For example, I can open yugabyte/debezium#184 without logging to my account, but when I am logged in, I am being asked to authenticate. What could I be missing here?

[yoter-k]

This happens because your GitHub account still has an active SSO link to your old organization.
Go to Settings → Organizations and remove or “Leave” that org, then in Settings → Applications → Authorized OAuth Apps, revoke any Okta or org-related access.
After signing out and back in, the SSO prompt will disappear ✅

[fourpointfour]

I did all this and I am still getting the prompt and I am not sure why. The only link I see now is that I am an Unaffiliated Member of an Enterprise by the name of my old company.

I do want to remove that as well but there seems to be no option.

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬

[fourpointfour]

I tried everything mentioned in the comments above but the issue still persists.

[ZacharyWallace]

I am running into a similar issue where I am the owner of an Enterprise that is setup with SSO and in order to manage the enterprise to remove myself I would need to have access to SSO system (Okta) which I no longer have.

I have already successfully removed myself from the organization, but cannot do anything to remove the enterprise from my account. How can I rectify this?

[dlavrenuek]

Had the same problem. I've found out that I still had the org added through Settings -> Enterprises. After "leaving" it from that page there is no more SSO prompt

[ZacharyWallace]

How did you "leave" it from that page? The only button I have is "settings" which begins the SSO loop. Perhaps the behavior is different for enterprise owners, which causes this entire issue?

[ZacharyWallace]

[eshandineth]

The Fix

Go to your GitHub Settings.

Click Organizations (in the left sidebar).

Find your previous employer and click Leave.

The Reason Your account is still listed as a "member," which forces GitHub to check for SSO. Leaving the organization downgrades you to a "public user," allowing you to view the public repos without logging in to Okta.

[ZacharyWallace]

This does not work as expected. The organization does not show under "Organizations" because I already left it. It only shows under "Enterprises", where it lists me as an "Owner" and has a "settings" button that when clicked begins the SSO loop.

[eshandineth]

This is a known "deadlock" scenario on GitHub.

Because you are listed as an Enterprise Owner (a higher tier than Organization Member), GitHub requires you to access the Enterprise Settings to remove yourself. However, accessing those settings triggers the SSO check, which you cannot pass.

Here is the structured solution to break the loop:

1. The "Hidden" Link Method (Try this first)
   Sometimes you can bypass the main dashboard redirect by going directly to the "People" tab of the enterprise to remove yourself.

Copy your Enterprise slug (the name as it appears in the URL, e.g., github.com/enterprises/company-name).

Try navigating directly to: https://github.com/enterprises//people

If this page loads without SSO, find your username and select Remove from enterprise.

2. The Support Ticket (Most Likely Required)
   If the link above also triggers the SSO loop, you cannot remove yourself manually. You are effectively locked out of the admin panel required to downgrade your status.

Action: Open a ticket with GitHub Support.

What to say:

"I am listed as an Owner of the enterprise account [Name/Slug], but I have left the company and no longer have SSO access. I am stuck in an SSO loop and cannot access the Enterprise Settings to remove myself. Please remove my account from this Enterprise."

3. Check for Recovery Codes
   If you were the original creator of the Enterprise account, you might have downloaded Recovery Codes when you set up SAML.

If you have them, when the SSO prompt appears, look for a link that says "Use a recovery code". This will bypass the SSO and let you access settings to remove yourself.

[ZacharyWallace]

The hidden links just inject me directly into the SSO loop, which for security reasons is what I would expect. I do not have the recovery codes for the enterprise. I have submitted a ticket, so will see what support has to say.

[fourpointfour]

Update:

Under the enterprises section in settings, I was now able to see a button "Leave" and that solved the issue for me.

[pratikrath126]

This happens because GitHub treats Enterprises differently from Organizations. Even though you left the organization, your account is still associated with the Enterprise as an "Unaffiliated Member" or even an "Owner" in the Enterprise-level settings, which enforces the SSO policy globally on your account for anything related to that entity.

If you don't have access to the Enterprise settings to remove yourself (which requires SSO login, creating the catch-22), you likely cannot fix this yourself.

The Solution:
You need to contact GitHub Support directly and explain that:

1. You have left the organization.
2. You are locked out of the Enterprise settings because you no longer have SSO access.
3. You need them to forcefully remove your account from the Enterprise configuration.

They can unlink your account from the backend. This is a known "deadlock" scenario for former employees.

[Shreyas-S-809]

This usually isn’t GitHub being broken — it’s your local credentials still tied to the org’s SSO session.

Even after you leave an organization, your machine (browser, git, or credential manager) still presents the old SSO authorization token. GitHub sees that token → tries to validate it → org rejects it → you get stuck in the SSO loop.

You’re basically authenticated as a ghost member.

---

Where the loop comes from

You still have one of these cached:

• browser SSO cookies
• Git credential helper token
• SSH key authorized via SAML SSO
• GitHub CLI login session

Leaving the org does not revoke these locally.

---

Fix (in order — stop early if it works)

1) Clear the SSO grant in GitHub (most important)

Go to:

GitHub → Settings → Applications → Authorized OAuth Apps → SAML SSO

Revoke the organization authorization.

This alone fixes most cases.

---

2) Remove cached git credentials (Windows)

Open Credential Manager → Windows Credentials

Delete entries containing:

git:https://github.com
github.com

Then next push/pull will ask fresh login.

(mac/linux: clear credential helper or keychain)

---

3) If using SSH — reauthorize or change key

Your SSH key may still be marked “SSO enforced”.

Either:

• re-authorize it (if you still have access)
• or remove and add a new SSH key

Otherwise GitHub keeps redirecting to SSO validation.

---

4) Logout GitHub CLI

gh auth logout
gh auth login

CLI sessions commonly cause the infinite redirect.

---

Why it keeps happening

GitHub stores:

account identity ✔
organization authorization ✖

Your client keeps sending a token proving identity but requiring org approval — which you no longer have — so GitHub keeps trying SSO.

---

Short version

You didn’t lose access — you kept an old permission.

Remove cached SSO authorization + credentials → login again → loop gone.

[Kunal241207]

The SSO prompt continues because the account is still linked to the Enterprise, not just the Organization.

Even after leaving the org, Enterprise-level SSO enforcement remains active.

Fix:
Go to Settings → Enterprises and click “Leave” on the Enterprise.

If the Leave option isn’t available (e.g., you’re listed as an Owner), contact GitHub Support to remove your account from the Enterprise manually.