Merge pull request github#32073 from github/repo-sync

Repo sync
tibbon · Mar 13, 2024 · e8e86b6 · e8e86b6
2 parents 880e854 + 78a85c9
commit e8e86b6
Show file tree

Hide file tree

Showing 24 changed files with 354 additions and 226 deletions.
diff --git a/...e-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md b/...e-managed-users/configuring-saml-single-sign-on-for-enterprise-managed-users.md
@@ -34,11 +34,6 @@ After you configure SAML SSO, we recommend storing your recovery codes so you ca
 
 {% ifversion emu-public-scim-schema %}-{% endif %} To configure your IdP for SAML SSO with {% data variables.product.prodname_emus %}, you must have a tenant and administrative access on your IdP.
 
-{%- ifversion emu-public-scim-schema %}
-
-- {% data reusables.enterprise_user_management.authentication-or-provisioning-migration-not-supported %}
-{%- endif %}
-
 ## Configuring SAML SSO for {% data variables.product.prodname_emus %}
 
 To configure SAML SSO for your {% data variables.enterprise.prodname_emu_enterprise %}, you must configure an application on your IdP, then configure your enterprise on {% data variables.location.product_location %}. After you configure SAML SSO, you can configure user provisioning.

diff --git a/...ntication-for-enterprise-managed-users.md → ...visioning-for-enterprise-managed-users.md b/...ntication-for-enterprise-managed-users.md → ...visioning-for-enterprise-managed-users.md
@@ -1,7 +1,7 @@
 ---
-title: Disabling authentication for Enterprise Managed Users
-shortTitle: Disable authentication
-intro: 'You can disable SAML single sign-on (SSO) or OIDC for {% data variables.product.prodname_emus %} by using a recovery code to sign in as the setup user.'
+title: Disabling authentication and provisioning for Enterprise Managed Users
+shortTitle: Disable authentication and provisioning
+intro: 'You can disable SAML or OIDC single sign-on (SSO) and SCIM provisioning for {% data variables.product.prodname_emus %} by using a recovery code to sign in as the setup user.'
 versions:
   ghec: '*'
 type: overview
@@ -10,14 +10,15 @@ topics:
   - Authentication
   - Enterprise
   - SSO
-permissions: 'The setup user can disable SAML SSO or OIDC for {% data variables.product.prodname_emus %}.'
+permissions: 'The setup user can disable SAML or OIDC SSO and SCIM provisioning for {% data variables.product.prodname_emus %}.'
 redirect_from:
   - /admin/identity-and-access-management/using-enterprise-managed-users-for-iam/disabling-authentication-for-enterprise-managed-users
+  - /admin/identity-and-access-management/configuring-authentication-for-enterprise-managed-users/disabling-authentication-for-enterprise-managed-users
 ---
 
 ## About disabled authentication for {% data variables.product.prodname_emus %}
 
-After you disable SAML SSO or OIDC for your enterprise, the following effects apply:
+After you disable SAML or OIDC SSO and SCIM provisioning for your enterprise, the following effects apply:
 
 - All external identities for the enterprise will be removed. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise)."
 - All {% data variables.enterprise.prodname_managed_users %} will be suspended. The suspended accounts will not be renamed. For more information, see "[AUTOTITLE](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#viewing-suspended-members-in-an-enterprise-with-managed-users)."
@@ -36,6 +37,12 @@ If you want to migrate to a new identity provider (IdP) or tenant rather than di
 
 ## Disabling authentication
 
+{% warning %}
+
+**Warning**: Disabling authentication and provisioning will prevent your enterprise's {% data variables.enterprise.prodname_managed_users %} from signing in to access your enterprise on {% data variables.product.product_name %}.
+
+{% endwarning %}
+
 {% data reusables.emus.sign-in-as-setup-user %}
 1. Attempt to access your enterprise account, and use a recovery code to bypass SAML SSO or OIDC. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/managing-recovery-codes-for-your-enterprise/accessing-your-enterprise-account-if-your-identity-provider-is-unavailable)."
 {% data reusables.enterprise-accounts.access-enterprise %}

diff --git a/...ess-management/configuring-authentication-for-enterprise-managed-users/index.md b/...ess-management/configuring-authentication-for-enterprise-managed-users/index.md
@@ -13,5 +13,5 @@ children:
   - /configuring-saml-single-sign-on-for-enterprise-managed-users
   - /configuring-oidc-for-enterprise-managed-users
   - /about-support-for-your-idps-conditional-access-policy
-  - /disabling-authentication-for-enterprise-managed-users
+  - /disabling-authentication-and-provisioning-for-enterprise-managed-users
 ---
diff --git a/...ise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users.md b/...ise-managed-users/configuring-scim-provisioning-for-enterprise-managed-users.md
@@ -38,8 +38,6 @@ To configure team and organization membership, repository access, and permission
 
 {%- ifversion emu-public-scim-schema %}
 - {% data reusables.scim.emu-understand-types-and-support %}
-
-- {% data reusables.enterprise_user_management.authentication-or-provisioning-migration-not-supported %}
 {%- endif %}
 
 ## Creating a {% data variables.product.pat_generic %}
@@ -69,9 +67,12 @@ To configure provisioning for your {% data variables.enterprise.prodname_emu_ent
 
 ## Configuring provisioning for {% data variables.product.prodname_emus %}
 
-After creating your {% data variables.product.pat_generic %} and storing it securely, you can configure provisioning on your IdP. {% ifversion emu-public-scim-schema %} The instructions you should follow differ depending on whether you use a partner IdP for provisioning.
+After creating your {% data variables.product.pat_generic %} and storing it securely, you can configure provisioning on your IdP. {% ifversion emu-public-scim-schema %} The instructions you should follow differ depending on whether you use a partner IdP's application for both authentication and provisioning.
+
+- [Configuring provisioning if you use a partner IdP's application](#configuring-provisioning-if-you-use-a-partner-idps-application)
+- [Configuring provisioning for other identity management systems](#configuring-provisioning-for-other-identity-management-systems)
 
-### Configuring provisioning if you use a partner IdP
+### Configuring provisioning if you use a partner IdP's application
 
 To use a partner IdP's application both authentication and provisioning, review the partner's instructions for configuring provisioning in the links in the following table. {% else %} For instructions about the configuration of provisioning on your IdP, click a link in the following table.
 
@@ -87,18 +88,29 @@ To use a partner IdP's application both authentication and provisioning, review
 | Entra ID | SAML | [Tutorial: Configure GitHub Enterprise Managed User for automatic user provisioning](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/github-enterprise-managed-user-provisioning-tutorial) on Microsoft Learn |
 | Okta | SAML | "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/configuring-scim-provisioning-for-enterprise-managed-users-with-okta)" |
 | PingFederate | SAML | [Configure PingFederate for provisioning and SSO](https://docs.pingidentity.com/r/en-us/pingfederate-github-emu-connector/pingfederate_github_connector_configure_pingfederate_for_provisioning_and_sso) and [Managing channels](https://docs.pingidentity.com/r/en-us/pingfederate-112/help_saasmanagementtasklet_saasmanagementstate) in the PingFederate documentation |
-{%- ifversion emu-public-scim-schema %}
-{%- endif %}
 
 {% endrowheaders %}
 
 {% ifversion emu-public-scim-schema %}
 
-Alternatively, if you configured authentication on a partner IdP, but you would like to provision users from a different IdP, you can have your IdP make calls to {% data variables.product.company_short %}'s REST API for SCIM.
+Alternatively, if you configured authentication on a partner IdP, but you would like to provision users from a different identity management system, you can have your IdP make calls to {% data variables.product.company_short %}'s REST API endpoints for SCIM provisioning.
+
+### Configuring provisioning for other identity management systems
+
+If you don't use a partner IdP, or if you only use a partner IdP for authentication, you can manage the lifecycle of user accounts using {% data variables.product.company_short %}'s REST API endpoints for SCIM provisioning. These endpoints are in beta and subject to change. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api)."
+
+{% data reusables.emus.sign-in-as-setup-user %}
+
+   {% note %}
 
-### Configuring provisioning if don't use a partner IdP
+   **Note**: {% data reusables.enterprise-accounts.emu-password-reset-session %}
 
-If you don't use a partner IdP, you can integrate with {% data variables.product.company_short %}'s REST API for SCIM. The API is in beta and subject to change. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-with-scim-using-the-rest-api)."
+   {% endnote %}
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.security-tab %}
+1. Under "Open SCIM Configuration", select "Enable open SCIM configuration".
+1. Manage the lifecycle of your users by making calls to the REST API endpoints for SCIM provisioning. For more information, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-and-groups-with-scim-using-the-rest-api)."
 
 {% endif %}
 

diff --git a/...ccounts-for-enterprise-managed-users/configuring-scim-provisioning-with-okta.md b/...ccounts-for-enterprise-managed-users/configuring-scim-provisioning-with-okta.md
@@ -61,12 +61,6 @@ For more information about provisioning for {% data variables.product.prodname_e
 
 - {% data reusables.scim.use-pat-from-setup-user %}
 
-{% ifversion emu-public-scim-schema %}
-
-- {% data reusables.enterprise_user_management.authentication-or-provisioning-migration-not-supported %}
-
-{% endif %}
-
 ## Setting your enterprise name
 
 After your {% data variables.enterprise.prodname_emu_enterprise %} has been created, you can begin to configure provisioning by setting your enterprise name in Okta.

diff --git a/...ess-management/provisioning-user-accounts-for-enterprise-managed-users/index.md b/...ess-management/provisioning-user-accounts-for-enterprise-managed-users/index.md
@@ -12,7 +12,7 @@ topics:
 children:
   - /configuring-scim-provisioning-for-enterprise-managed-users
   - /configuring-scim-provisioning-with-okta
-  - /provisioning-users-with-scim-using-the-rest-api
+  - /provisioning-users-and-groups-with-scim-using-the-rest-api
   - /managing-team-memberships-with-identity-provider-groups
   - /troubleshooting-team-membership-with-identity-provider-groups
 ---