Trying to find the SSO email of a GitHub user

Hi there. We are Github Enterprise customers. I would like to find a user’s SSO email address given their GitHub username. This currently only seems possible using the v4 GraphQL API by iterating every user in the enterprise and matching their username in the pages of results. Is this correct?

That GraphQL query looks like this:

query {
  organization(login: "org-slug-goes-here") {
    samlIdentityProvider {
      externalIdentities(first: 100) {
        edges {
          node {
            guid
            samlIdentity {
              nameId
            }
            user {
              login
            }
          }
        }
        pageInfo {
          endCursor
          hasNextPage
        }
      }
    }
  }
}

That query requires “org:admin” permissions to run. Does anyone know the reasoning behind that? It makes it difficult to write a broadly-available tool that anyone in the organization can run.

The info doesn’t seem to be available in the v3 REST API. Is that an oversight that will be corrected? Is it right in front of my face and I’m just missing it?

Sorry that code formatting of the GraphQL query didn’t come out right! Here it is as a more readable gist: https://gist.github.com/drhayes/13d1e028f6bb7567b936f79064dfe66c