3.1 KiB
| title | intro | versions | topics | miniTocMaxHeadingLevel | redirect_from | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| SCIM | You can control and manage your GitHub organization members access using SCIM API. |
|
|
3 |
|
About the SCIM API
SCIM Provisioning for Organizations
The SCIM API is used by SCIM-enabled Identity Providers (IdPs) to automate provisioning of {% data variables.product.product_name %} organization membership. The {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}{% else %}{% data variables.product.product_name %}{% endif %} API is based on version 2.0 of the SCIM standard. The {% data variables.product.product_name %} SCIM endpoint that an IdP should use is: {% data variables.product.api_url_code %}/scim/v2/organizations/{org}/.
{% note %}
Notes:
- The SCIM API is available only for individual organizations that use {% data variables.product.prodname_ghe_cloud %} with SAML SSO enabled. For more information about SCIM, see "About SCIM for organizations."
- The SCIM API cannot be used with an enterprise account or with an {% data variables.product.prodname_emu_org %}.
{% endnote %}
Authenticating calls to the SCIM API
You must authenticate as an owner of a {% data variables.product.product_name %} organization to use its SCIM API. The API expects an OAuth 2.0 Bearer token to be included in the Authorization header. You may also use a personal access token, but you must first authorize it for use with your SAML SSO organization.
Mapping of SAML and SCIM data
{% data reusables.scim.nameid-and-username-must-match %}
Supported SCIM User attributes
| Name | Type | Description |
|---|---|---|
userName |
string |
The username for the user. |
name.givenName |
string |
The first name of the user. |
name.familyName |
string |
The last name of the user. |
emails |
array |
List of user emails. |
externalId |
string |
This identifier is generated by the SAML provider, and is used as a unique ID by the SAML provider to match against a GitHub user. You can find the externalID for a user either at the SAML provider, or using the List SCIM provisioned identities endpoint and filtering on other known attributes, such as a user's GitHub username or email address. |
id |
string |
Identifier generated by the GitHub SCIM endpoint. |
active |
boolean |
Used to indicate whether the identity is active (true) or should be deprovisioned (false). |
{% note %}
Note: Endpoint URLs for the SCIM API are case sensitive. For example, the first letter in the Users endpoint must be capitalized:
GET /scim/v2/organizations/{org}/Users/{scim_user_id}
{% endnote %}