With System for Cross-domain Identity Management (SCIM), administrators can automate the exchange of user identity information between systems.

Note: This feature is only available on the Business plan.

If you use SAML SSO in your organization, you can implement SCIM to add, manage, and remove organization members' access to GitHub. For example, an administrator can deprovision an organization member using SCIM and automatically remove the member from the organization.

If you're using SAML SSO without implementing SCIM, you won't benefit from automatic deprovisioning. When organization members' sessions expire after their access has been removed from the IdP, they won't be automatically removed from the organization. Authorized tokens grant access to the organization even after their sessions expire. To remove access, organization administrators can either manually remove the authorized token from the organization or automate its removal with SCIM.

GitHub supports these identity providers for SCIM:

  • OneLogin
  • Okta

Note: Okta's SCIM implementation is currently in beta. To use SCIM capabilities for your organization, you must email developers@okta.com to set up access to the beta version.

Further reading