GitHub Capabilities
Last updated: October 7, 2024
After this article...
You'll understand the capabilities our GitHub integration provides, and how Lumos interacts with the GitHub API.
View users
The mapping between GitHub user statuses and Lumos user account statuses is below.
GitHub Org Membership State | Lumos Account Status |
active | Active |
pending | Staged |
GitHub API endpoints: https://docs.github.com/en/rest/orgs/members?apiVersion=2022-11-28#list-organization-members
https://docs.github.com/en/rest/orgs/members?apiVersion=2022-11-28#get-organization-membership-for-a-user (we use this to get the state of their org membership)
View a user's entitlements
Lumos can retrieve the following user entitlements from GitHub.
Role - The user's roles in your GitHub organization (Administrator, Direct Member, Billing Manager)
Repo Access - The repos in your organization which the user can access and the GitHub role they have in the repo, in the format of "repo name / role name" (ex. "app_name / read").
GitHub API endpoints: https://docs.github.com/en/rest/orgs/members?apiVersion=2022-11-28#list-organization-members (we retrieve the "role")
https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2022-11-28#list-repository-collaborators (we retrieve the "role_name" for each repo)
Deprovision a user
AppStore | Offboarding | Access Reviews | License Management |
N/A | ✅ | ✅ | ✅ |
In Lumos, deprovisioning a GitHub user marks their Account Status as "Deprovisioned".
In GitHub, this action removes the user from all GitHub teams, and they no longer have access to the organization's repositories.
This action reclaims a license in GitHub.
GitHub API endpoint: https://docs.github.com/en/rest/orgs/members?apiVersion=2022-11-28#remove-an-organization-member
Provision a user
AppStore | Offboarding | Access Reviews | License Management |
✅ | N/A | N/A | N/A |
In Lumos, provisioning a GitHub user has no impact on Lumos GitHub user data until the next GitHub user sync runs. Once the sync runs, a user will be added to the user table.
In GitHub, this action invites an existing GitHub user (tied to the requester's email) to your organization with the role "direct_member".
This action does not add them to any GitHub teams, and only succeeds if there's an existing GitHub handle tied to the requester's email.
This action consumes a license in GitHub.
GitHub API endpoint: https://docs.github.com/en/rest/reference/orgs#create-an-organization-invitation