Update setup user authentication instructions

[wi11ialvl]

Clarified the requirements for signing in with setup user and the process for entering enterprise recovery codes.

Why: There is a lack of clarity on how to enter recovery codes when attempting to login with the setup user

Closes:

What's being changed (if available, include any code snippets, screenshots, or gifs):

Check off the following:

• A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require an SME review from GitHub staff.
• The changes in this PR meet the docs fundamentals that are required for all content.
• All CI checks are passing and the changes look good in the review environment.

[welcome]

Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds guidance about using enterprise recovery codes for the setup user after SSO authentication is configured.

Changes:

• Adds a NOTE describing the setup user’s need for enterprise recovery codes after authentication is configured.
• Documents a brief flow for entering recovery codes during SSO sign-in.

Show a summary per file

File	Description
content/admin/concepts/identity-and-access-management/setup-user.md	Adds a note about recovery codes required for setup user login after authentication/SSO is configured.

Copilot's findings

• Files reviewed: 1/1 changed files
• Comments generated: 2

[github-actions]

How to review these changes 👓

Thank you for your contribution. To review these changes, choose one of the following options:

• Spin up a codespace
• Set up a local development environment

A Hubber will need to deploy your changes internally to review.

Table of review links

Note: Please update the URL for your staging server or codespace.

The table shows the files in the content directory that were changed in this pull request. This helps you review your changes on a staging server. Changes to the data directory are not included in this table.

Source	Review	Production	What Changed
admin/concepts/identity-and-access-management/setup-user.md	ghec	ghec

Key: fpt: Free, Pro, Team; ghec: GitHub Enterprise Cloud; ghes: GitHub Enterprise Server

🤖 This comment is automatically generated.

[stacycarter]

Thanks for working on this @wi11ialvl ! A couple of thoughts:

• The first line says recovery codes are always required when the setup user is logging in, once auth is configured for the enterprise, but that contradicts the bullet points in the article -- enterprise recovery codes are only required at every setup user login when 2FA isn't enabled.

• What if we add the following instead of the note (combined with the existing bullet points, could make it more clear)?

1. Navigate to github.com/login.
2. Enter the setup user's username (for example, shortcode_admin) and password.
3. Complete your 2FA challenge, or enter an enterprise recovery code if prompted. Enterprise recovery codes are not the same as personal two-factor authentication recovery codes. For more information, see AUTOTITLE.

The steps could go right after "the setup user cannot sign in via SSO" and before the bullet points about recovery codes. That way the flow reads: you can't use SSO --> here's how you do sign in --> here's what to expect about recovery codes.

[Sharra-writes]

Yes, this is better. Let's do this.