Update SAML and SCIM mapping docs (#55190)

Co-authored-by: Joe Clark <[email protected]>
Co-authored-by: Sunbrye Ly <[email protected]>

Author: 3 people

content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md

@@ -287,6 +287,11 @@ ghe-reactivate-admin-login
 
 ### ghe-saml-mapping-csv
 
+{% ifversion scim-for-ghes-ga %}
+> [!NOTE]
+> This utility does not work with configurations that use SAML with SCIM provisioning. For the SCIM version of this tool, please refer to [`ghe-scim-identities-csv` utility](#ghe-scim-identities-csv).
+{% endif %}
+
 This utility allows administrators to output or update the SAML `NameID` mappings for users on an instance. The utility can output a CSV file that lists all existing mappings. You can also update mappings for users on your instance by editing the resulting file, then using the utility to assign new mappings from the file.
 
 To output a CSV file containing a list of all user SAML `NameID` mappings on the instance, run the following command.
@@ -311,6 +316,31 @@ To update SAML mappings on the instance with new values from the file, run the f
 ghe-saml-mapping-csv -u -f /PATH/TO/FILE
 ```
 
+{% ifversion scim-for-ghes-ga %}
+
+### ghe-scim-identities-csv
+
+> [!NOTE]
+> This utility only works with configurations that use SAML with SCIM provisioning. For the SAML only version of this tool, please refer to the [`ghe-saml-mapping-csv` utility](#ghe-saml-mapping-csv).
+
+This utility allows administrators to output the SCIM identities for users on an instance. The utility can output a CSV file that lists all existing identities and the groups they are members of.
+
+To output CSV data containing a list of all user SCIM identities on the instance, run the following command. This will create a file located at `/data/user/tmp/scim-identities-DATE.csv` containing your SCIM identities.
+
+```shell
+ghe-scim-identities-csv
+```
+
+Or, if you'd like to specify the file, run the following command.
+
+```shell
+ghe-scim-identities-csv -f /PATH/TO/FILE
+```
+
+We recommend writing to a file in `/data/user/tmp`.
+
+{% endif %}
+
 ### ghe-service-list
 
 This utility lists all of the services that have been started or stopped (are running or waiting) on your appliance.

content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md

@@ -208,6 +208,10 @@ If you use SAML authentication and SCIM provisioning, you can filter members bas
 
 {% endif %}
 
+{% ifversion scim-for-ghes-ga %}
+{% data reusables.scim.ghe-scim-identities-csv %}
+{% endif %}
+
 ## Viewing members without an email address from a verified domain
 
 You can view a list of members in your enterprise who don't have an email address from a verified domain associated with their user account.

content/admin/managing-iam/provisioning-user-accounts-with-scim/provisioning-users-and-groups-with-scim-using-the-rest-api.md

@@ -169,6 +169,7 @@ Before a person with an identity on your identity management system can sign in
 
 * For an overview of the supported attributes for users, see [SCIM](/rest/enterprise-admin/scim#supported-scim-user-attributes) in the REST API documentation.
 * You can view provisioned users in the {% data variables.product.github %} UI. For more information, see [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise).
+{% ifversion scim-for-ghes-ga %}* {% data reusables.scim.ghe-scim-identities-csv %}{% endif %}
 
 | Action | Method | Endpoint and more information |  Events in the audit log |
 | :- | :- | :- | :- |

content/admin/managing-iam/provisioning-user-accounts-with-scim/user-provisioning-with-scim-on-ghes.md

@@ -87,6 +87,7 @@ If you currently use SAML SSO, and you are enabling SCIM, you should be aware of
   * If a user account with a matching username does exist, {% data variables.product.prodname_ghe_server %} links the SCIM identity to this user account.
   * If a user account with a matching username doesn't exist, {% data variables.product.prodname_ghe_server %} creates a new user account and links it to this SCIM identity.
 * If {% data variables.product.prodname_dotcom %} successfully matches a user who is authenticating via SAML with an existing user account, but account details such as email address, first name, or last name don't match, the instance **overwrites the details** with values from the IdP. Any email addresses other than the primary email provisioned by SCIM will also be deleted from the user account.
+{% ifversion scim-for-ghes-ga %}* {% data reusables.scim.ghe-scim-identities-csv %}{% endif %}
 
 ## What happens during SAML authentication?
 

data/reusables/scim/ghe-scim-identities-csv.md

@@ -0,0 +1 @@
+Enterprise administrators with CLI access can export a full CSV of SCIM provisioned user identities using the [ghe-scim-identities-csv](/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities#ghe-scim-identities-csv) tool.