jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-04 00:06:20 -05:00
Code Issues Projects Releases Wiki Activity
Files
07f8bdb5baabbd342cbaef77f74e22da2d42b607
docs/content/rest/scim/scim.md
Laura Coursen ef174786ee Align billing terminology and provide high-level overview (#38305) 
Co-authored-by: Robert Sese <734194+rsese@users.noreply.github.com>
2023-07-28 08:31:53 +00:00

60 lines
3.2 KiB
Markdown
Raw Blame History

---
title: SCIM
intro: >-
Use the REST API to control and manage your GitHub organization members access
with SCIM.
versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
ghec: '*'
topics:
- API
redirect_from:
- /rest/reference/scim
autogenerated: rest
---
## About SCIM
### SCIM Provisioning for Organizations
These endpoints are used by SCIM-enabled Identity Providers (IdPs) to automate provisioning of {% data variables.product.product_name %} organization membership and are based on version 2.0 of the [SCIM standard](http://www.simplecloud.info/). IdPs should use the base URL `{% data variables.product.api_url_code %}/scim/v2/organizations/{org}/` for {% data variables.product.product_name %} SCIM endpoints.
{% note %}
**Notes:**
- These endpoints are only available for individual organizations that use {% data variables.product.prodname_ghe_cloud %} with SAML SSO enabled. For more information about SCIM, see "[AUTOTITLE](/enterprise-cloud@latest/organizations/managing-saml-single-sign-on-for-your-organization/about-scim-for-organizations)." For more information about authorizing a token for a SAML SSO organization, see "[AUTOTITLE](/rest/overview/authenticating-to-the-rest-api)."
- These endpoints cannot be used with an enterprise account or with an {% data variables.enterprise.prodname_emu_org %}.
{% endnote %}
### Authentication
You must authenticate as an owner of a {% data variables.product.product_name %} organization to use these endpoints. The REST API expects an OAuth 2.0 Bearer token (for example, a {% data variables.product.prodname_github_app %} user access token) to be included in the `Authorization` header. If you use a {% data variables.product.pat_v1 %} for authentication, it must have the `admin:org` scope and you must also [authorize it for use with your SAML SSO organization](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on).
### Mapping of SAML and SCIM data
{% data reusables.scim.nameid-and-username-must-match %}
### Supported SCIM User attributes
Name | Type | Description
-----|------|--------------
`userName`|`string` | The username for the user.
`name.givenName`|`string` | The first name of the user.
`name.familyName`|`string` | The last name of the user.
`emails` | `array` | List of user emails.
`externalId` | `string` | This identifier is generated by the SAML provider, and is used as a unique ID by the SAML provider to match against a GitHub user. You can find the `externalID` for a user either at the SAML provider, or using the [List SCIM provisioned identities](#list-scim-provisioned-identities) endpoint and filtering on other known attributes, such as a user's GitHub username or email address.
`id` | `string` | Identifier generated by the GitHub SCIM endpoint.
`active` | `boolean` | Used to indicate whether the identity is active (true) or should be deprovisioned (false).
{% note %}
**Note:** These endpoints are case sensitive. For example, the first letter in the `Users` endpoint must be capitalized:
```shell
GET /scim/v2/organizations/{org}/Users/{scim_user_id}
```
{% endnote %}
<!-- Content after this section is automatically generated -->
Reference in New Issue View Git Blame Copy Permalink