jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-23 21:07:12 -05:00
Code Issues Projects Releases Wiki Activity

Add some best practice info

Browse Source
This commit is contained in:
isaacmbrown
2024-09-20 10:39:54 +01:00
parent 86a87fda94
commit 82e82a906f
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
content/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api.md
View File

@@ -102,6 +102,9 @@ When you configure your identity management system to provision users or groups
* [Validate access for groups on {% data variables.product.prodname_dotcom %}](#validate-access-for-groups-on-github)
* [Understand rate limits on {% data variables.product.prodname_dotcom %}](#understand-rate-limits-on-github)
* [Configure audit log streaming](#configure-audit-log-streaming)
{%- ifversion scim-enterprise-scope %}
* [Limit the scope of the SCIM token](#limit-the-scope-of-the-scim-token)
{%- endif %}
### Ensure your identity management system is the only source of write operations
@@ -155,6 +158,16 @@ The audit log for your enterprise displays details about activity in your enterp
Due to the volume of events in this log, {% data variables.product.company_short %} retains the data for 180 days. To ensure that you don't lose audit log data, and to view more granular activity in the audit log, {% data variables.product.company_short %} recommends that you configure audit log streaming. When you stream the audit log, you can optionally choose to stream events for API requests, including requests to REST API endpoints for SCIM provisioning. For more information, see "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise)."
{% ifversion scim-enterprise-scope %}
### Limit the scope of the SCIM token
For better security posture, we recommend using a {% data variables.product.pat_v1 %} with only the `scim:enterprise` scope to limit the token's access to the REST API endpoints required to make SCIM calls.
If you currently use a token with the `admin:enterprise` scope, be aware that this token grants access to all actions on the enterprise. You can swap your token for a new token with just the `scim:enterprise` scope without disruption.
{% endif %}
## Provisioning users with the REST API
To provision, list, or manage users, make requests to the following REST API endpoints. You can read about the associated API endpoints in the REST API documentation and see code examples, and you can review audit log events associated with each request.