In an organisation what are the best practices for giving access to services like GitHub. Do you ask the new employee to sign up for a new account or use his existing account to provide access?
I am concerned about security and ease of giving access.
I think the account should belong to the individual, and the repository can be owned by the company or team.
i agree with Siddarthan Sarumathi Pandian if he has access to your source code he will have access anyway. You can ofc increase the security by only allowing access via a company account that is controlled and she/he does not know the password so she/he cannot login from home and she/he is not allowed to work with an laptop.
but as soon there is a mobile work station involved ..... you're basically as secure as using the same account.
I've been in companies who don't mind me using my personal account. There're also those who wanted me to created a new account. IMO, personal account is fine if you're concerned with security. Removing them blocks access to the repo anyway. But, it might become a mess if everyone is using some weird nicknames and you end up having no idea who is making those commits.
Ankit Singhaniya
Full Stack Developer
Siddarthan Sarumathi Pandian
Full Stack Dev at Agentdesks | Ex Hashnode | Ex Shippable | Ex Altair Engineering
This is my two cents on this: I have never been asked to create a new account at any of my jobs. Just add them to your organization as a collaborator. You can always remove them from your org if they choose to leave the company at some point.