[Public Beta] Administrative enhancements to Enterprise Managed Users SCIM

GitHub Enterprise Cloud customers with Enterprise Managed Users (EMU) now have access to additional administrative capabilities for SCIM information. Troubleshooting user management at scale can take time and effort. To make this easier on administrators, we have added several new audit log fields, external identity metadata, and a new team membership synchronization status. The audit log field updates include the following:

  • New field external_group.update_display_name: Our logs will now capture and report any changes made to an external group’s display name.
  • New field external_group.add_member: When a team member is added to an external group, this action will be audit logged.
  • New field external_group.remove_member: When a team member is removed from an external group, this action will be audit logged.
  • Enhancements to external_group.update and external_identity.update to ensure consistency whenever an external group or identity is updated.

The SSO page for each user also now includes SCIM metadata for that user in addition to existing SAML metadata. Check out what’s new by filling in this url https://github.com/enterprises/your-enterprise/people/username/sso with your enterprise and a valid username.

Team membership synchronization status checks GitHub’s understanding of identity groups against the current members of linked teams. This allows us to flag mismatches for administrators related to license allocation or other concerns.

image

Learn more about external group audit log fields and troubleshooting EMU team memberships.

GitHub Actions – Enforcing workflow scope when creating a release

Starting today, apps and tokens used to create a release via the REST API endpoint will require the workflow scope or workflows:write permission in certain cases.

The workflow scope or workflows:write will be required when creating a release that targets a commit SHA (target_commitish) that modifies an Actions workflow file and that SHA does not have an existing ref (branch head or tag).

For more details see the REST API documentation or visit the GitHub Actions community if you have any questions.

See more

Filter secret scanning alerts by validity in the alert list view

GitHub Advanced Security users can now filter their secret scanning alerts by validity in the UI at the repository, organization, and enterprise level. Valid statuses are active, inactive, or unknown. Validity checks must be enabled for the repository, organization, or enterprise.

See more
View all changes