ankneis
commented
6 months ago 🚢 This has shipped: https://github.blog/changelog/2024-03-19-logging-saml-sso-and-scim-identity-data-in-audit-log-events-is-generally-available
Leaving open to track for GHES release.
Summary
SAML single sign-on (SSO) gives organization owners and enterprise owners a way to control and secure access to organization resources like repositories, issues, and pull requests. Organization owners can invite your personal account to join their organization that uses SAML SSO, which allows you to contribute to the organization and retain your existing identity and contributions on GitHub - while also enforcing a SAML SSO check to access the organization's resources.
This feature augments existing audit log events with the SAML identity associated with the user who took the relevant action. In doing so, customers using GitHub Enterprise will be able to track activity associated with a specific SAML identity in the enterprise and organization audit logs.
Intended Outcome
Enterprise and Organization owners will be able to track audit log activity associated with specific SAML SSO identities. By providing the SAML SSO identity as part of the audit log, enterprise and organization owners can quickly and easily link logs from multiple sourcing using the same SAML SSO identity identifiers. This allows Enterprise owners to attribute audit log activity to a user's corporate identity.
How will it work?
The external_identity_nameid or external_identity_username, depending on the IdP provider, will be displayed in all audit log events where the SAML SSO identity is associated with the actor in a SAML enabled organization or enterprise.