feat(api): add allow_unverified_email_scim_fallback_match to scim_configurations

stainless-app[bot] · stainless-app[bot] · commit 23c90146a14e · 2026-05-11T18:26:33.000Z
diff --git a/.stats.yml b/.stats.yml
@@ -1,4 +1,4 @@
 configured_endpoints: 193
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/gitpod/gitpod-8eb16dd2e26c8fd1ca37ef960aca95069f457ff8bdeca2347a2b157ae096ccd4.yml
-openapi_spec_hash: 6c5882382583c7db5824d6438a489724
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/gitpod/gitpod-17898495c070ff2b83528ccf268ff3a7426ccabe697c19ca5fe034daa7f76ed0.yml
+openapi_spec_hash: fc0b1da285521ddbb5293a228b31b51f
 config_hash: e7d6e90c037f5d495ae913f3806471fd
diff --git a/organizationscimconfiguration.go b/organizationscimconfiguration.go
@@ -257,6 +257,10 @@ type ScimConfiguration struct {
 	TokenExpiresAt time.Time `json:"tokenExpiresAt" api:"required" format:"date-time"`
 	// updated_at is when the SCIM configuration was last updated
 	UpdatedAt time.Time `json:"updatedAt" api:"required" format:"date-time"`
+	// allow_unverified_email_account_linking allows SCIM to link provisioned users to
+	// existing accounts when the identity provider does not mark the email address as
+	// verified
+	AllowUnverifiedEmailAccountLinking bool `json:"allowUnverifiedEmailAccountLinking"`
 	// enabled indicates if SCIM provisioning is active
 	Enabled bool `json:"enabled"`
 	// name is a human-readable name for the SCIM configuration
@@ -269,16 +273,17 @@ type ScimConfiguration struct {
 // scimConfigurationJSON contains the JSON metadata for the struct
 // [ScimConfiguration]
 type scimConfigurationJSON struct {
-	ID                 apijson.Field
-	CreatedAt          apijson.Field
-	OrganizationID     apijson.Field
-	TokenExpiresAt     apijson.Field
-	UpdatedAt          apijson.Field
-	Enabled            apijson.Field
-	Name               apijson.Field
-	SSOConfigurationID apijson.Field
-	raw                string
-	ExtraFields        map[string]apijson.Field
+	ID                                 apijson.Field
+	CreatedAt                          apijson.Field
+	OrganizationID                     apijson.Field
+	TokenExpiresAt                     apijson.Field
+	UpdatedAt                          apijson.Field
+	AllowUnverifiedEmailAccountLinking apijson.Field
+	Enabled                            apijson.Field
+	Name                               apijson.Field
+	SSOConfigurationID                 apijson.Field
+	raw                                string
+	ExtraFields                        map[string]apijson.Field
 }
 
 func (r *ScimConfiguration) UnmarshalJSON(data []byte) (err error) {
@@ -397,6 +402,10 @@ type OrganizationScimConfigurationNewParams struct {
 	// sso_configuration_id is the SSO configuration to link (required for user
 	// provisioning)
 	SSOConfigurationID param.Field[string] `json:"ssoConfigurationId" api:"required" format:"uuid"`
+	// allow_unverified_email_account_linking allows SCIM to link provisioned users to
+	// existing accounts when the identity provider does not mark the email address as
+	// verified
+	AllowUnverifiedEmailAccountLinking param.Field[bool] `json:"allowUnverifiedEmailAccountLinking"`
 	// name is a human-readable name for the SCIM configuration
 	Name param.Field[string] `json:"name"`
 	// token_expires_in is the duration until the token expires. Defaults to 1 year.
@@ -420,6 +429,10 @@ func (r OrganizationScimConfigurationGetParams) MarshalJSON() (data []byte, err
 type OrganizationScimConfigurationUpdateParams struct {
 	// scim_configuration_id is the ID of the SCIM configuration to update
 	ScimConfigurationID param.Field[string] `json:"scimConfigurationId" api:"required" format:"uuid"`
+	// allow_unverified_email_account_linking allows SCIM to link provisioned users to
+	// existing accounts when the identity provider does not mark the email address as
+	// verified
+	AllowUnverifiedEmailAccountLinking param.Field[bool] `json:"allowUnverifiedEmailAccountLinking"`
 	// enabled controls whether SCIM provisioning is active
 	Enabled param.Field[bool] `json:"enabled"`
 	// name is a human-readable name for the SCIM configuration
diff --git a/organizationscimconfiguration_test.go b/organizationscimconfiguration_test.go
@@ -27,10 +27,11 @@ func TestOrganizationScimConfigurationNewWithOptionalParams(t *testing.T) {
 		option.WithBearerToken("My Bearer Token"),
 	)
 	_, err := client.Organizations.ScimConfigurations.New(context.TODO(), gitpod.OrganizationScimConfigurationNewParams{
-		OrganizationID:     gitpod.F("b0e12f6c-4c67-429d-a4a6-d9838b5da047"),
-		SSOConfigurationID: gitpod.F("d2c94c27-3b76-4a42-b88c-95a85e392c68"),
-		Name:               gitpod.F("name"),
-		TokenExpiresIn:     gitpod.F("+9125115.360s"),
+		OrganizationID:                     gitpod.F("b0e12f6c-4c67-429d-a4a6-d9838b5da047"),
+		SSOConfigurationID:                 gitpod.F("d2c94c27-3b76-4a42-b88c-95a85e392c68"),
+		AllowUnverifiedEmailAccountLinking: gitpod.F(true),
+		Name:                               gitpod.F("name"),
+		TokenExpiresIn:                     gitpod.F("+9125115.360s"),
 	})
 	if err != nil {
 		var apierr *gitpod.Error
@@ -80,10 +81,11 @@ func TestOrganizationScimConfigurationUpdateWithOptionalParams(t *testing.T) {
 		option.WithBearerToken("My Bearer Token"),
 	)
 	_, err := client.Organizations.ScimConfigurations.Update(context.TODO(), gitpod.OrganizationScimConfigurationUpdateParams{
-		ScimConfigurationID: gitpod.F("d2c94c27-3b76-4a42-b88c-95a85e392c68"),
-		Enabled:             gitpod.F(false),
-		Name:                gitpod.F("name"),
-		SSOConfigurationID:  gitpod.F("182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e"),
+		ScimConfigurationID:                gitpod.F("d2c94c27-3b76-4a42-b88c-95a85e392c68"),
+		AllowUnverifiedEmailAccountLinking: gitpod.F(true),
+		Enabled:                            gitpod.F(false),
+		Name:                               gitpod.F("name"),
+		SSOConfigurationID:                 gitpod.F("182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e"),
 	})
 	if err != nil {
 		var apierr *gitpod.Error
