Matching SCIM & SAML values need to match when provisioning SCIM, this should be mentioned in troubleshooting documentation

[adamrr724]

Code of Conduct

• [X] I have read and agree to the GitHub Docs project's Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-saml-single-sign-on-for-your-organization/troubleshooting-identity-and-access-management-for-your-organization#re-provisioning-scim-for-users-through-your-identity-provider

What changes are you suggesting?

Add this note to the troubleshooting docs:

When Okta sends the original provisioning call to the GitHub SCIM API during setup, in order for the SCIM identity to get properly linked to an organization member that has an existing SAML identity, the SCIM userName in that API call needs to match the stored SAML nameID in the user's linked SAML identity in the organization. If these two attributes/values do not match, the SCIM metadata will not get populated and the SCIM identity will not get successfully linked. To check whether these values match, use the {% data variables.product.prodname_dotcom %} API.

Additional information

No response

[cmwilson21]

👋 @adamrr724 Thanks so much for opening an issue! I'll triage this for the team to take a look :eyes:

[adamrr724]

Opened pull request for these docs here: https://github.com/github/docs/pull/22969