jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-18 06:01:38 -05:00
Code Issues Projects Releases Wiki Activity
Files
f515fdc19ac6486360874cf61fa984cbd7d3bd2a
docs/content/rest/reference/scim.md
Emily Gould bcfe4dab3b Make orgs and teams content a top-level doc set (#18593) 
* Add new product to products.yml

* Move directory to its new location and rename it

* Update new index page

* Remove old category from GitHub product index

* Add collaboration category

* Add membership category

* Add roles category

* Add teams category

* Add team discussion category

* Add repo access category

* Add project board access category

* Add app management category

* Add org settings category

* Add improved org perms category

* Add category for OAuth app restrictions

* Add org security category

* Add SAML category

* Add SAML access category

* Add git access category

* Add redirects and update links for collaboration category

* Add redirects and update links to team discussions content

* Add redirects and update links to SAML access category

* Update links to org security category and add redirects

* Add redirects for app managers content

* Add redirects for project board category

* Add redirects and update links for the repo access category

* Add redirects for git access category

* Add redirects and update links for membership category

* Add redirects and update links for org settings category

* Fix links

* Add redirects and update links to org access category

* Add redirects and upate links to SSO category

* Add redirects to improved org perms category

* Add redirects and update links to teams category

* Add redirects and update links to oauth apps category

* Fix links

* Fix links

* Fix links
2021-04-08 09:50:13 -05:00

52 lines
2.9 KiB
Markdown
Raw Blame History

---
title: SCIM
redirect_from:
- /v3/scim
versions:
free-pro-team: '*'
topics:
- api
---
### SCIM Provisioning for Organizations
The SCIM API is used by SCIM-enabled Identity Providers (IdPs) to automate provisioning of {% data variables.product.product_name %} organization membership. The {% data variables.product.product_name %} API is based on version 2.0 of the [SCIM standard](http://www.simplecloud.info/). The {% data variables.product.product_name %} SCIM endpoint that an IdP should use is: `{% data variables.product.api_url_code %}/scim/v2/organizations/{org}/`.
{% note %}
**Note:** The SCIM API is available only to organizations on [{% data variables.product.prodname_ghe_cloud %}](/github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-accounts) with [SAML SSO](/rest/overview/other-authentication-methods#authenticating-for-saml-sso) enabled. For more information about SCIM, see "[About SCIM](/organizations/managing-saml-single-sign-on-for-your-organization/about-scim)."
{% endnote %}
### Authenticating calls to the SCIM API
You must authenticate as an owner of a {% data variables.product.product_name %} organization to use its SCIM API. The API expects an [OAuth 2.0 Bearer](/developers/apps/authenticating-with-github-apps) token to be included in the `Authorization` header. You may also use a personal access token, but you must first [authorize it for use with your SAML SSO organization](/github/authenticating-to-github/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on).
### Mapping of SAML and SCIM data
The SAML IdP and the SCIM client must use matching `NameID` and `userName` values for each user. This allows a user authenticating through SAML to be linked to their provisioned SCIM identity.
### Supported SCIM User attributes
Name | Type | Description
-----|------|--------------
`userName`|`string` | The username for the user.
`name.givenName`|`string` | The first name of the user.
`name.lastName`|`string` | The last name of the user.
`emails` | `array` | List of user emails.
`externalId` | `string` | This identifier is generated by the SAML provider, and is used as a unique ID by the SAML provider to match against a GitHub user. You can find the `externalID` for a user either at the SAML provider, or using the [List SCIM provisioned identities](#list-scim-provisioned-identities) endpoint and filtering on other known attributes, such as a user's GitHub username or email address.
`id` | `string` | Identifier generated by the GitHub SCIM endpoint.
`active` | `boolean` | Used to indicate whether the identity is active (true) or should be deprovisioned (false).
{% note %}
**Note:** Endpoint URLs for the SCIM API are case sensitive. For example, the first letter in the `Users` endpoint must be capitalized:
```shell
GET /scim/v2/organizations/{org}/Users/{scim_user_id}
```
{% endnote %}
{% include rest_operations_at_current_path %}
Reference in New Issue View Git Blame Copy Permalink