diff --git a/http/misconfiguration/ghe-encrypt-saml.yaml b/http/misconfiguration/ghe-encrypt-saml.yaml
new file mode 100644
index 0000000000..0841bb5d37
--- /dev/null
+++ b/http/misconfiguration/ghe-encrypt-saml.yaml
@@ -0,0 +1,42 @@
+id: ghe-encrypt-saml
+
+info:
+  name: GitHub Enterprise - Encrypted SAML Enabled
+  author: rootxharsh,iamnoooob,pdresearch
+  severity: info
+  description: |
+    This template checks if Encrypted SAML (Security Assertion Markup Language) is enabled on a GitHub Enterprise instance.
+  reference:
+    - https://docs.github.com/en/enterprise-server@3.10/admin/managing-iam/using-saml-for-enterprise-iam/enabling-encrypted-assertions
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: title:"GitHub Enterprise"
+  tags: github,ghe,saml,encrypt
+
+http:
+  - raw:
+      - |
+        GET /saml/metadata HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - use="encryption"
+
+      - type: word
+        part: set_cookie
+        words:
+          - _fi_sess
+
+      - type: word
+        part: content_type
+        words:
+          - application/xml
+
+      - type: status
+        status:
+          - 200