SCIM

Enterprise Cloud

Enterprise Server 3.10

Enterprise Server 3.11

Enterprise Server 3.7

Enterprise Server 3.8

Enterprise Server 3.9

Free, Pro, & Team

GitHub AE

REST API

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Help us make these docs great!

Actions

Enter a search term to find it in the GitHub Docs.

SCIM - GitHub Enterprise Cloud Docs

Use the REST API to control and manage your GitHub organization members access with SCIM.

Quickstart

Comparing GitHub's APIs

Resources in the REST API

Rate limits

API Versions

Media types

Authenticating

Keeping API credentials secure

Troubleshooting

Libraries

OpenAPI description

Issue event types

GitHub event types

Endpoints for GitHub App installation tokens

Endpoints for GitHub App user tokens

Endpoints for fine-grained PATs

Permissions for GitHub Apps

Permissions for fine-grained PATs

Breaking changes

Overview

Using the API

Script with JavaScript

Script with Ruby

Discover resources for a user

Delivering deployments

Rendering data as graphs

Working with comments

Pagination

Building a CI server

Best practices

Get started - Git database

Get started - Checks

Encrypt secrets

Guides

Artifacts

Cache

OIDC

Permissions

Secrets

Self-hosted runner groups

Self-hosted runners

Variables

Workflow jobs

Workflow runs

Workflows

Events

Feeds

Notifications

Starring

Watching

Activity

Enterprise

Organization

Announcement Banners

GitHub Apps

Installations

Marketplace

OAuth Authorizations

Webhooks

Apps

Billing

Branches

Protected branches

Check Runs

Check Suites

Checks

Classroom

Code Scanning

Codes of conduct

Codespaces

Organizations

Organization secrets

Machines

Repository secrets

User secrets

Collaborators

Invitations

Commits

Commit comments

Commit statuses

Copilot business

Copilot

Alerts

Dependabot

Dependency review

Dependency submission

Software bill of materials (SBOM)

Dependency Graph

Deploy keys

Deployment branch policies

Deployments

Environments

Protection rules

Deployment statuses

Emojis

Admin stats

Audit log

Code security and analysis

License

Enterprise administration

Gists

Comments

Blobs

References

Trees

Git database

Gitignore

Repository

User

Interactions

Issues

Assignees

Labels

Milestones

Timeline

Licenses

Markdown

Community

Statistics

Traffic

Metrics

Source imports

Users

Migrations

Blocking users

Custom properties

Custom Repository Roles

Members

Organization roles

Outside Collaborators

Personal access tokens

Rule Suites

Rules

Security Managers

Packages

Pages

Boards

Cards

Columns

Projects (classic)

Pulls

Review comments

Review requests

Reviews

Rate limit

Reactions

Releases

Release Assets

Autolinks

Forks

Git LFS

Repositories

Search

Secret scanning

Global security advisories

Repository security advisories

Security advisories

Teams

Discussion comments

Discussions

External groups

Team synchronization

Emails

Followers

GPG Keys

Git SSH Keys

SSH signing keys

Social accounts

SCIM User List

Retrieves a paginated list of all provisioned organization members, including pending invitations. If you provide the <code>filter</code> parameter, the resources for all matching provisions members are returned.
When a user with a SAML-provisioned external identity leaves (or is removed from) an organization, the account's metadata is immediately removed. However, the returned list of user accounts might not always match the organization or enterprise member list you see on GitHub Enterprise Cloud. This can happen in certain cases where an external identity associated with an organization will not match an organization member:
<ul>
<li>When a user with a SCIM-provisioned external identity is removed from an organization, the account's metadata is preserved to allow the user to re-join the organization in the future.</li>
<li>When inviting a user to join an organization, you can expect to see their external identity in the results before they accept the invitation, or if the invitation is cancelled (or never accepted).</li>
<li>When a user is invited over SCIM, an external identity is created that matches with the invitee's email address. However, this identity is only linked to a user account when the user accepts the invitation by going through SAML SSO.</li>
</ul>
The returned list of external identities can include an entry for a <code>null</code> user. These are unlinked SAML identities that are created when a user goes through the following Single Sign-On (SSO) process but does not sign in to their GitHub Enterprise Cloud account after completing SSO:
<ol>
<li>
The user is granted access by the IdP and is not a member of the GitHub Enterprise Cloud organization.
</li>
<li>
The user attempts to access the GitHub Enterprise Cloud organization and initiates the SAML SSO process, and is not currently signed in to their GitHub Enterprise Cloud account.
</li>
<li>
After successfully authenticating with the SAML SSO IdP, the <code>null</code> external identity entry is created and the user is prompted to sign in to their GitHub Enterprise Cloud account:
<ul>
<li>If the user signs in, their GitHub Enterprise Cloud account is linked to this entry.</li>
<li>If the user does not sign in (or does not create a new account when prompted), they are not added to the GitHub Enterprise Cloud organization, and the external identity <code>null</code> entry remains in place.</li>
</ul>
</li>
</ol>

The organization name. The name is not case sensitive.

Used for pagination: the index of the first result to return.

startIndex

Used for pagination: the number of results to return.

count

Filters results using the equals query parameter operator (<code>eq</code>). You can filter results that are equal to <code>id</code>, <code>userName</code>, <code>emails</code>, and <code>externalId</code>. For example, to search for an identity with the <code>userName</code> Octocat, you would use this query:
<code>?filter=userName%20eq%20\"Octocat\"</code>.
To filter results for the identity with the email <code>octocat@github.com</code>, you would use this query:
<code>?filter=emails%20eq%20\"octocat@github.com\"</code>.

filter

List SCIM provisioned identities

Configured by the admin. Could be an email, login, or username

userName

The name of the user, suitable for display to end-users

displayName

Provisions organization membership for a user, and sends an activation email to the email address. If the user was previously a member of the organization, the invitation will reinstate any former privileges that the user had. For more information about reinstating former members, see "<a href="https://docs.github.com/enterprise-cloud@latest//organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization">Reinstating a former member of your organization</a>."

Provision and invite a SCIM user