Damienbutler GHES SCIM table network requirements for configuring SCIM provisioning (#57991)

Co-authored-by: mc <[email protected]>
Co-authored-by: Copilot <[email protected]>

Author: 3 people

content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-scim-provisioning-for-users.md

@@ -58,6 +58,14 @@ If you're configuring SCIM provisioning for a new enterprise, make sure to compl
 {% else %}
 
 * SCIM is a server-to-server protocol. Your instance's REST API endpoints must be accessible to your SCIM provider.
+
+This table contains the network requirements to configure GHES SCIM with an IdP:
+
+| System | Direction | Purpose | Protocol / Port | Notes |
+|------------|------------|----------|------------------|-------|
+| GitHub Enterprise Server | Inbound | Receives SCIM API requests from IdP for users and groups | TCP 443 (HTTPS) | [AUTOTITLE](/enterprise-server/rest/enterprise-admin/scim) must be reachable from IdP |
+| Identity Provider (IdP) | Outbound | Sends SCIM provisioning requests to GitHub for users and groups | TCP 443 (HTTPS) | IdP acts as SCIM client, initiating outbound HTTPS connections to GitHub's SCIM API endpoints. |
+
 * For authentication, your instance must use SAML SSO, or a mix of SAML and built-in authentication.
   * You cannot mix SCIM with other external authentication methods. If you use CAS or LDAP, you will need to migrate to SAML before using SCIM.
   * After you have configured SCIM, you must keep SAML authentication enabled to continue using SCIM.