Update SAML NameID info with GHES SCIM (#54784)

Co-authored-by: isaacmbrown <isaacmbrown@github.com>
2025-12-19 09:57:42 -05:00 · 2025-03-12 11:44:02 -07:00
parent 8a3948d817
commit 5a650b8dca
3 changed files with 10 additions and 1 deletions
--- a/content/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md
+++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md
@@ -71,7 +71,7 @@ When SCIM is enabled, you will no longer be able to delete, suspend, or promote

 If you currently use SAML SSO, and you are enabling SCIM, you should be aware of what happens to existing users during SCIM provisioning.

-* When SCIM is enabled, users with SAML-linked identities will **not be able to sign in** until their identities have been provisioned by SCIM.
+* When SCIM is enabled, users with SAML-linked identities will **not be able to sign in** until their identities have been provisioned by SCIM.{% ifversion scim-for-ghes-ga %} You will no longer be able to update the SAML `NameID` of existing users in the site admin dashboard.{% endif %}
 * When your instance receives a SCIM request, SCIM identities are matched to existing users by **comparing the `userName` SCIM field with the {% data variables.product.prodname_dotcom %} username**. If a user with a matching username doesn't exist, {% data variables.product.prodname_dotcom %} creates a new user.
 * If {% data variables.product.prodname_dotcom %} successfully identifies a user from the IdP, but account details such as email address, first name, or last name don't match, the instance **overwrites the details** with values from the IdP. Any email addresses other than the primary email provisioned by SCIM will also be deleted from the user account.

--- a/content/admin/managing-iam/using-saml-for-enterprise-iam/updating-a-users-saml-nameid.md
+++ b/content/admin/managing-iam/using-saml-for-enterprise-iam/updating-a-users-saml-nameid.md
@@ -21,6 +21,10 @@ In some situations, you may need to update values associated with a person's acc

 To update user SAML `NameID` mappings in bulk, you can use the `ghe-saml-mapping-csv` command. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-saml-mapping-csv).

+{% ifversion scim-for-ghes-ga %}
+When SCIM is enabled on your {% data variables.product.prodname_ghe_server %} instance, you cannot update user SAML `NameID` mappings.
+{% endif %}
+
 ## Updating a user's SAML `NameID`

 Enterprise owners can update a user's SAML `NameID` on a {% data variables.product.github %} instance.
--- a/data/features/scim-for-ghes-ga.yml
+++ b/data/features/scim-for-ghes-ga.yml
@@ -0,0 +1,5 @@
+# 16433
+# SCIM for GitHub Enterprise Server, GA
+
+versions:
+  ghes: '>=3.17'