Add org membership restriction option to GitHub auth

Created by: dadlerj

Feature request description

Our GitHub auth configuration would have an option to restrict access to the Sourcegraph instance to only members of a certain organization.

Perhaps an allowOrgs: ['org1', 'org2' ....]?

Is your feature request related to a problem? If so, please describe.

Reported by:

• https://app.hubspot.com/contacts/2762526/company/1712889868
• https://app.hubspot.com/contacts/2762526/company/1749284052

In particular, we notice that SourceGraph can provision the account automatically, but seems like if we do that with the github plugin there's no way to restrict access to a user that belong to our organization. Is there a way to only allow a particular github group to login to SG?

The issue here hits orgs that use GitHub.com, rather than private GitHub Enterprise instances (which themselves already restrict access). In the GitHub.com world, anyone with a public GitHub.com account could access the instance.

Describe alternatives you've considered.

Orgs can:

• Use a separate, non-GitHub SSO provider
• Put their Sourcegraph instance entirely behind some other auth layer
• Use GitHub permissions (though this would still provide public access to the instance itself, even if others couldn't see the repos/code)