SAMLIdentity GraphQL object now supports `read` scope

GitHub Enterprise Cloud administrators may need to review external identity information via the GraphQL API. Historically, this has required a token with the admin:org or admin:enterprise scope. We've taken a "least privilege" mindset in reviewing this flow and have now made this information available via the read:enterprise and read:org scopes for enterprise owner and organization owner actors.

For more information, see the GraphQL API documentation for Enterprise and Organization SAMLIdentity objects.

JUN.16Retired
GitHub Models is no longer available to new customers
- Ecosystem and Accessibility
MAY.15Improvement
GitHub App installation tokens: Per-request override header
- Ecosystem and Accessibility
MAY.13Improvement
New enterprise installation API now in public preview
- Ecosystem and Accessibility
APR.20Retired
Sunsetting SHA-1 in HTTPS on GitHub
- Ecosystem and Accessibility
MAR.12Release
REST API version 2026-03-10 is now available
- Ecosystem and Accessibility
FEB.3Release
The Dependabot Proxy is now open source with an MIT license
- Ecosystem and Accessibility
JAN.12Improvement
Selectively showing "act on your behalf" warning for GitHub Apps is in public preview
- Ecosystem and Accessibility
NOV.7Retired
GraphQL Explorer removal from API documentation on November 7, 2025
- Ecosystem and Accessibility
OCT.31Retired
Deprecated models in GitHub Models
- Ecosystem and Accessibility

SAMLIdentity GraphQL object now supports `read` scope

Related Posts

Subscribe to our developer newsletter