[JoshTriplett]

Developers have the same identity no matter who they work for.

It makes sense to separate access ("this person has access to Example Corp's repos only as long as they work for Example Corp") from identity ("this person owns this account").

Introducing single-sign-on as one way to simplify login, and potentially as a second-factor for gaining access to repositories run by the business, makes sense. Making developers create entirely separate accounts doesn't.

[cstejerean]

But it's not just about having access to example corp. If I log in to GitHub from my work laptop then my company technically has access to my personal GitHub account and the repos of any other organization I happen to belong to. It goes the other way around to. If an attacker hacks my personal laptop and I'm logged into GitHub then they have access to all of my companies repositories.

There are perfectly valid reasons for segregating accounts so that there is complete separation between them.

[zawaideh]

You company only managed your membership in the GitHub organization. It doesn't have access your personal account or the details within it.

[cstejerean]

It does if I am logged in on a company laptop and they control access to that laptop. (This is hypothetical in this case, I happen to know that the particular company I work at does not have any backdoors on my laptop).

[JoshTriplett]

That's why I'm saying it may make sense to separate identity from access.

[zawaideh]

It is the first scenario not the second. The person is gaining access to the GitHub organization via SAML SSO. They are bringing their own identity and do not lose access.