From 540245094f0d26d59dc872bb9650d9ee7b445187 Mon Sep 17 00:00:00 2001
From: Stacy Carter <stacycarter@users.noreply.github.com>
Date: Fri, 28 Feb 2025 16:51:24 -0500
Subject: [PATCH 1/5] Create
 org-saml-identities-filtered-by-nameid-username.graphql

---
 ...tities-filtered-by-nameid-username.graphql | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql

diff --git a/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql b/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql
new file mode 100644
index 000000000..e0632abb7
--- /dev/null
+++ b/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql
@@ -0,0 +1,27 @@
+# You will need to replace <ORG_NAME> and <SAML Name ID> with the actual GitHub organization name and the SAML `NameID` value that you're searching stored external identities for in the GitHub organization. 
+# For GitHub Enterprise Cloud organizations that have SAML configured at the organization level, this will query the stored SAML `nameId` and SCIM `userName` external identity values in the GitHub organization, and if one is found that matches the value specified for `<SAML Name ID>`, it will print out the SAML `nameId` and GitHub username for that stored external identity.
+
+# This query will not print out a user username (`login`) value if there is not a GitHub user account linked to this SAML identity. 
+# Pagination shouldn't be needed since there shouldn't be multiple entries that have the same SAML `NameID` or SCIM `userName`. However, for more information on pagination. There is also an example of pagination in simple-pagination-example.graphql.
+
+query OrganizationIdentitiesBySAMLNameID {
+  organization(login: <ORG_NAME>) {
+    samlIdentityProvider {
+      externalIdentities(userName:"<SAML Name ID>", first: 25) {
+        edges {
+          node {
+            samlIdentity {
+              nameId
+            }
+            user {
+              login
+            }
+          }
+        }
+        pageInfo {
+          endCursor
+        }
+      }
+    }
+  }
+}

From c927d550a8f1aa4e20974fa1dc041c999167d9c8 Mon Sep 17 00:00:00 2001
From: Stacy Carter <stacycarter@users.noreply.github.com>
Date: Fri, 28 Feb 2025 16:55:59 -0500
Subject: [PATCH 2/5] Create
 enterprise-saml-identities-filtered-by-nameid.graphql

---
 ...saml-identities-filtered-by-nameid.graphql | 47 +++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 graphql/queries/enterprise-saml-identities-filtered-by-nameid.graphql

diff --git a/graphql/queries/enterprise-saml-identities-filtered-by-nameid.graphql b/graphql/queries/enterprise-saml-identities-filtered-by-nameid.graphql
new file mode 100644
index 000000000..aadc07be1
--- /dev/null
+++ b/graphql/queries/enterprise-saml-identities-filtered-by-nameid.graphql
@@ -0,0 +1,47 @@
+# You will need to replace <Enterprise Slug> and <SAML Name ID> with the actual GitHub enterprise slug and the SAML `NameID` value that you're searching stored external identities for in the GitHub enterprise.
+# For GitHub Enterprise Cloud enterprises that have SAML configured at the enterprise level, this will query the stored SAML `nameId` external identity values in the GitHub enterprise, and if one is found that matches the value specified for `<SAML Name ID>`, it will print out the SAML `nameId` and GitHub username for that stored external identity.
+
+# This query will not print out a user username (`login`) value if there is not a GitHub user account linked to this SAML identity. 
+# Pagination shouldn't be needed since there shouldn't be multiple entries in the enterprise that have the same SAML `NameID` or SCIM `userName`. However, for more information on pagination. There is also an example of pagination in simple-pagination-example.graphql.
+
+
+query EnterpriseIdentitiesBySAMLNameID {
+	enterprise(slug:"<Enterprise Slug>") {
+    name
+    members(query:"<SAML Name ID>", first:25) {
+      totalCount
+      pageInfo {
+        hasNextPage
+        startCursor
+        endCursor
+      }
+      nodes{
+        ...on EnterpriseUserAccount {
+          id
+          login
+          createdAt
+        }
+      }
+    }
+    ownerInfo {
+      samlIdentityProvider {
+        externalIdentities(userName:"<SAML Name ID>", first: 25) {
+          totalCount
+          pageInfo {
+            hasNextPage
+            startCursor
+            endCursor
+          }
+          nodes{
+            samlIdentity {
+              nameId
+            }
+            user {
+              login
+            }
+          }
+        }
+      }
+    }
+  }
+}

From 08b0ad9f77e17eaea040daa69f1289e94419cdea Mon Sep 17 00:00:00 2001
From: Stacy Carter <stacycarter@users.noreply.github.com>
Date: Fri, 28 Feb 2025 16:56:41 -0500
Subject: [PATCH 3/5] Clarify pagination comment in GraphQL query

---
 .../org-saml-identities-filtered-by-nameid-username.graphql     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql b/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql
index e0632abb7..6d28b82b9 100644
--- a/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql
+++ b/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql
@@ -2,7 +2,7 @@
 # For GitHub Enterprise Cloud organizations that have SAML configured at the organization level, this will query the stored SAML `nameId` and SCIM `userName` external identity values in the GitHub organization, and if one is found that matches the value specified for `<SAML Name ID>`, it will print out the SAML `nameId` and GitHub username for that stored external identity.
 
 # This query will not print out a user username (`login`) value if there is not a GitHub user account linked to this SAML identity. 
-# Pagination shouldn't be needed since there shouldn't be multiple entries that have the same SAML `NameID` or SCIM `userName`. However, for more information on pagination. There is also an example of pagination in simple-pagination-example.graphql.
+# Pagination shouldn't be needed since there shouldn't be multiple entries in the organization that have the same SAML `NameID` or SCIM `userName`. However, for more information on pagination. There is also an example of pagination in simple-pagination-example.graphql.
 
 query OrganizationIdentitiesBySAMLNameID {
   organization(login: <ORG_NAME>) {

From d4a7f81fddecff9c1b74591f1a3e1504733c32c2 Mon Sep 17 00:00:00 2001
From: Stacy Carter <stacycarter@users.noreply.github.com>
Date: Fri, 28 Feb 2025 18:17:06 -0500
Subject: [PATCH 4/5] Update GraphQL query for SAML identities

---
 ...saml-identities-filtered-by-nameid.graphql | 42 +++++++------------
 1 file changed, 15 insertions(+), 27 deletions(-)

diff --git a/graphql/queries/enterprise-saml-identities-filtered-by-nameid.graphql b/graphql/queries/enterprise-saml-identities-filtered-by-nameid.graphql
index aadc07be1..b5cbe92e5 100644
--- a/graphql/queries/enterprise-saml-identities-filtered-by-nameid.graphql
+++ b/graphql/queries/enterprise-saml-identities-filtered-by-nameid.graphql
@@ -1,45 +1,33 @@
-# You will need to replace <Enterprise Slug> and <SAML Name ID> with the actual GitHub enterprise slug and the SAML `NameID` value that you're searching stored external identities for in the GitHub enterprise.
+# You will need to replace <ENTERPRISE_SLUG> and <SAML Name ID> with the actual GitHub enterprise slug and the SAML `NameID` value that you're searching stored external identities for in the GitHub enterprise.
 # For GitHub Enterprise Cloud enterprises that have SAML configured at the enterprise level, this will query the stored SAML `nameId` external identity values in the GitHub enterprise, and if one is found that matches the value specified for `<SAML Name ID>`, it will print out the SAML `nameId` and GitHub username for that stored external identity.
 
+# Note that the query below will not tell you if the GitHub username/account associated with this linked identity is still a member of the enterprise. Enterprise owners can navigate to the Enterprise > People > Members UI and search for the user to determine this, or perform a different GraphQL query using the https://docs.github.com/en/enterprise-cloud@latest/graphql/reference/objects#enterprise object with the members(query:"<SAML Name ID>") filter. 
+
 # This query will not print out a user username (`login`) value if there is not a GitHub user account linked to this SAML identity. 
 # Pagination shouldn't be needed since there shouldn't be multiple entries in the enterprise that have the same SAML `NameID` or SCIM `userName`. However, for more information on pagination. There is also an example of pagination in simple-pagination-example.graphql.
 
 
 query EnterpriseIdentitiesBySAMLNameID {
-	enterprise(slug:"<Enterprise Slug>") {
-    name
-    members(query:"<SAML Name ID>", first:25) {
-      totalCount
-      pageInfo {
-        hasNextPage
-        startCursor
-        endCursor
-      }
-      nodes{
-        ...on EnterpriseUserAccount {
-          id
-          login
-          createdAt
-        }
-      }
-    }
+ enterprise(slug: "<ENTERPRISE_SLUG>") {
     ownerInfo {
       samlIdentityProvider {
         externalIdentities(userName:"<SAML Name ID>", first: 25) {
           totalCount
+          edges {
+            node {
+              guid
+              samlIdentity {
+                nameId
+              }
+              user {
+                login
+              }
+            }
+          }
           pageInfo {
             hasNextPage
-            startCursor
             endCursor
           }
-          nodes{
-            samlIdentity {
-              nameId
-            }
-            user {
-              login
-            }
-          }
         }
       }
     }

From f971463641bcc64534ece78f1db190ec8ada1022 Mon Sep 17 00:00:00 2001
From: Stacy Carter <stacycarter@users.noreply.github.com>
Date: Fri, 28 Feb 2025 18:26:00 -0500
Subject: [PATCH 5/5] Add note about GitHub username membership status

---
 .../org-saml-identities-filtered-by-nameid-username.graphql   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql b/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql
index 6d28b82b9..61749ebd8 100644
--- a/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql
+++ b/graphql/queries/org-saml-identities-filtered-by-nameid-username.graphql
@@ -1,11 +1,13 @@
 # You will need to replace <ORG_NAME> and <SAML Name ID> with the actual GitHub organization name and the SAML `NameID` value that you're searching stored external identities for in the GitHub organization. 
 # For GitHub Enterprise Cloud organizations that have SAML configured at the organization level, this will query the stored SAML `nameId` and SCIM `userName` external identity values in the GitHub organization, and if one is found that matches the value specified for `<SAML Name ID>`, it will print out the SAML `nameId` and GitHub username for that stored external identity.
 
+# Note that the query below will not tell you if the GitHub username/account associated with this linked identity is still a member of the organization. Organization owners can navigate to the Organization > People > Members UI and search for the user to determine this.
+
 # This query will not print out a user username (`login`) value if there is not a GitHub user account linked to this SAML identity. 
 # Pagination shouldn't be needed since there shouldn't be multiple entries in the organization that have the same SAML `NameID` or SCIM `userName`. However, for more information on pagination. There is also an example of pagination in simple-pagination-example.graphql.
 
 query OrganizationIdentitiesBySAMLNameID {
-  organization(login: <ORG_NAME>) {
+  organization(login: "<ORG_NAME>") {
     samlIdentityProvider {
       externalIdentities(userName:"<SAML Name ID>", first: 25) {
         edges {