feat(api): add restrict_account_creation_to_scim field to organization policy

stainless-app[bot] · stainless-app[bot] · commit c1272d1a95db · 2026-02-11T13:04:07.000Z
diff --git a/.stats.yml b/.stats.yml
@@ -1,4 +1,4 @@
 configured_endpoints: 172
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/gitpod%2Fgitpod-07e6f884c2d7d3023e23fce3a09bf303ab5edfbcafa0a41d5737008adc146058.yml
-openapi_spec_hash: 5e3806700798b135ab378ad69a3a59a8
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/gitpod%2Fgitpod-3b3f2a4c16effce7e3d18cb37a6210edfe1b4abc64e73103cccea8314d8231da.yml
+openapi_spec_hash: 32fa6acbed5a7465fbd93c939c81a78f
 config_hash: ad1db65b32248aecda41b64586aac9ce
diff --git a/src/gitpod/resources/organizations/policies.py b/src/gitpod/resources/organizations/policies.py
@@ -112,6 +112,7 @@ def update(
         members_require_projects: Optional[bool] | Omit = omit,
         port_sharing_disabled: Optional[bool] | Omit = omit,
         require_custom_domain_access: Optional[bool] | Omit = omit,
+        restrict_account_creation_to_scim: Optional[bool] | Omit = omit,
         security_agent_policy: Optional[policy_update_params.SecurityAgentPolicy] | Omit = omit,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
         # The extra values given here take precedence over values defined on the client or passed to this method.
@@ -204,6 +205,10 @@ def update(
           require_custom_domain_access: require_custom_domain_access controls whether users must access via custom
               domain when one is configured. When true, access via app.gitpod.io is blocked.
 
+          restrict_account_creation_to_scim: restrict_account_creation_to_scim controls whether account creation is
+              restricted to SCIM-provisioned users only. When true and SCIM is configured for
+              the organization, only users provisioned via SCIM can create accounts.
+
           security_agent_policy: security_agent_policy contains security agent configuration updates
 
           extra_headers: Send extra headers
@@ -234,6 +239,7 @@ def update(
                     "members_require_projects": members_require_projects,
                     "port_sharing_disabled": port_sharing_disabled,
                     "require_custom_domain_access": require_custom_domain_access,
+                    "restrict_account_creation_to_scim": restrict_account_creation_to_scim,
                     "security_agent_policy": security_agent_policy,
                 },
                 policy_update_params.PolicyUpdateParams,
@@ -336,6 +342,7 @@ async def update(
         members_require_projects: Optional[bool] | Omit = omit,
         port_sharing_disabled: Optional[bool] | Omit = omit,
         require_custom_domain_access: Optional[bool] | Omit = omit,
+        restrict_account_creation_to_scim: Optional[bool] | Omit = omit,
         security_agent_policy: Optional[policy_update_params.SecurityAgentPolicy] | Omit = omit,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
         # The extra values given here take precedence over values defined on the client or passed to this method.
@@ -428,6 +435,10 @@ async def update(
           require_custom_domain_access: require_custom_domain_access controls whether users must access via custom
               domain when one is configured. When true, access via app.gitpod.io is blocked.
 
+          restrict_account_creation_to_scim: restrict_account_creation_to_scim controls whether account creation is
+              restricted to SCIM-provisioned users only. When true and SCIM is configured for
+              the organization, only users provisioned via SCIM can create accounts.
+
           security_agent_policy: security_agent_policy contains security agent configuration updates
 
           extra_headers: Send extra headers
@@ -458,6 +469,7 @@ async def update(
                     "members_require_projects": members_require_projects,
                     "port_sharing_disabled": port_sharing_disabled,
                     "require_custom_domain_access": require_custom_domain_access,
+                    "restrict_account_creation_to_scim": restrict_account_creation_to_scim,
                     "security_agent_policy": security_agent_policy,
                 },
                 policy_update_params.PolicyUpdateParams,
diff --git a/src/gitpod/types/organizations/organization_policies.py b/src/gitpod/types/organizations/organization_policies.py
@@ -87,6 +87,13 @@ class OrganizationPolicies(BaseModel):
     domain when one is configured. When true, access via app.gitpod.io is blocked.
     """
 
+    restrict_account_creation_to_scim: bool = FieldInfo(alias="restrictAccountCreationToScim")
+    """
+    restrict_account_creation_to_scim controls whether account creation is
+    restricted to SCIM-provisioned users only. When true and SCIM is configured for
+    the organization, only users provisioned via SCIM can create accounts.
+    """
+
     delete_archived_environments_after: Optional[str] = FieldInfo(alias="deleteArchivedEnvironmentsAfter", default=None)
     """
     delete_archived_environments_after controls how long archived environments are
diff --git a/src/gitpod/types/organizations/policy_update_params.py b/src/gitpod/types/organizations/policy_update_params.py
@@ -112,6 +112,13 @@ class PolicyUpdateParams(TypedDict, total=False):
     domain when one is configured. When true, access via app.gitpod.io is blocked.
     """
 
+    restrict_account_creation_to_scim: Annotated[Optional[bool], PropertyInfo(alias="restrictAccountCreationToScim")]
+    """
+    restrict_account_creation_to_scim controls whether account creation is
+    restricted to SCIM-provisioned users only. When true and SCIM is configured for
+    the organization, only users provisioned via SCIM can create accounts.
+    """
+
     security_agent_policy: Annotated[Optional[SecurityAgentPolicy], PropertyInfo(alias="securityAgentPolicy")]
     """security_agent_policy contains security agent configuration updates"""
 
diff --git a/tests/api_resources/organizations/test_policies.py b/tests/api_resources/organizations/test_policies.py
@@ -84,6 +84,7 @@ def test_method_update_with_all_params(self, client: Gitpod) -> None:
             members_require_projects=True,
             port_sharing_disabled=True,
             require_custom_domain_access=True,
+            restrict_account_creation_to_scim=True,
             security_agent_policy={
                 "crowdstrike": {
                     "additional_options": {"foo": "string"},
@@ -195,6 +196,7 @@ async def test_method_update_with_all_params(self, async_client: AsyncGitpod) ->
             members_require_projects=True,
             port_sharing_disabled=True,
             require_custom_domain_access=True,
+            restrict_account_creation_to_scim=True,
             security_agent_policy={
                 "crowdstrike": {
                     "additional_options": {"foo": "string"},
