Accessing samlIdentityProvider/externalIdentities as a Github App

When trying to access via the v4 Api (Graphql) the following schema with a Github App installation token (with appropiate permissions)

organization(login: “xxxxx”) {
    samlIdentityProvider {
        externalIdentities(first: 100, after: $after) {
            nodes {
                samlIdentity {

I receive the following error:

‘errors’: [{‘type’: ‘FORBIDDEN’, ‘path’: [‘organization’, ‘samlIdentityProvider’], ‘locations’: [{‘line’: 4, ‘column’: 17}], ‘message’: ‘Resource not accessible by integration’}]}

So I’m assuming this is not available for Github apps, I looked for a v3 endpoint with the same information, but could only find the SCIM one. Is anybody familiar with a V3 endpoint or V4 query that could be used with a github app installation token to retrieve saml identities? 



I have also encountered this problem.

I do not quite understand why this is not allowed for applications with organization administration permission.


I’m on the same boat. Trying to use the standard SCIM REST API but it doesn’t work and I’m trying with GraphQL and I’m getting the same error “Resource not accessible by integration” although the Github app has all permissions needed.

There is workaround that works for me. You must grant not only read-only access to “members” for app but also write access. 

After my communication with github enterprise support, they recognized this as a bug but that is not fixed yet.

Experiencing this as well, similarly, when using a personal access token an admin scope is requested (Trying to find the SSO email of a GitHub user) for reading data.