stmulugheta/docs

You have to be logged in to leave a comment.

title	redirect_from	versions	topics	miniTocMaxHeadingLevel
SCIM	[/v3/scim]	[{free-pro-team *}]	[API]	3

SCIM Provisioning for Organizations

The SCIM API is used by SCIM-enabled Identity Providers (IdPs) to automate provisioning of {% data variables.product.product_name %} organization membership. The {% data variables.product.product_name %} API is based on version 2.0 of the SCIM standard. The {% data variables.product.product_name %} SCIM endpoint that an IdP should use is: {% data variables.product.api_url_code %}/scim/v2/organizations/{org}/.

{% note %}

Note: The SCIM API is available only to organizations on {% data variables.product.prodname_ghe_cloud %} with SAML SSO enabled. For more information about SCIM, see "About SCIM."

{% endnote %}

Authenticating calls to the SCIM API

You must authenticate as an owner of a {% data variables.product.product_name %} organization to use its SCIM API. The API expects an OAuth 2.0 Bearer token to be included in the Authorization header. You may also use a personal access token, but you must first authorize it for use with your SAML SSO organization.

Mapping of SAML and SCIM data

The SAML IdP and the SCIM client must use matching NameID and userName values for each user. This allows a user authenticating through SAML to be linked to their provisioned SCIM identity.

Supported SCIM User attributes

Name	Type	Description
`userName`	`string`	The username for the user.
`name.givenName`	`string`	The first name of the user.
`name.lastName`	`string`	The last name of the user.
`emails`	`array`	List of user emails.
`externalId`	`string`	This identifier is generated by the SAML provider, and is used as a unique ID by the SAML provider to match against a GitHub user. You can find the `externalID` for a user either at the SAML provider, or using the List SCIM provisioned identities endpoint and filtering on other known attributes, such as a user's GitHub username or email address.
`id`	`string`	Identifier generated by the GitHub SCIM endpoint.
`active`	`boolean`	Used to indicate whether the identity is active (true) or should be deprovisioned (false).

{% note %}

Note: Endpoint URLs for the SCIM API are case sensitive. For example, the first letter in the Users endpoint must be capitalized:

GET /scim/v2/organizations/{org}/Users/{scim_user_id}

{% endnote %}

{% include rest_operations_at_current_path %}

Tip!

Press p or to see the previous file or, n or to see the next file

scim.md 2.9 KB

Permalink History Raw

SCIM Provisioning for Organizations

Authenticating calls to the SCIM API

Mapping of SAML and SCIM data

Supported SCIM User attributes

Comments

Use AWS S3 as storage!

Specify your S3 bucket

Access key (If needed)

Congratulations!

Use Google Cloud Storage!

Specify your Google Storage bucket

Service Account Key

Congratulations!

Use Azure Cloud Storage!

Specify your Azure Storage bucket

Access key (If needed)

Congratulations!

Use any S3 compatible storage!

Specify your S3 bucket

Access key (If needed)

Congratulations!

stmulugheta / docs mirror of https://github.com/stmulugheta/docs.git

scim.md 2.9 KB Permalink History Raw

SCIM Provisioning for Organizations

Authenticating calls to the SCIM API

Mapping of SAML and SCIM data

Supported SCIM User attributes

Comments

Use AWS S3 as storage!

Specify your S3 bucket

Access key (If needed)

Congratulations!

Use Google Cloud Storage!

Specify your Google Storage bucket

Service Account Key

Congratulations!

Use Azure Cloud Storage!

Specify your Azure Storage bucket

Access key (If needed)

Congratulations!

Use any S3 compatible storage!

Specify your S3 bucket

Access key (If needed)

Congratulations!

stmulugheta
/
docs
mirror of https://github.com/stmulugheta/docs.git

scim.md 2.9 KB

Permalink History Raw