BH Docs

Author: JonasBK

.gitignore

@@ -0,0 +1,2 @@
+## Project-specific ignores
+Documentation/OfficialDocs/

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "OGDocsAutomation"]
+	path = OGDocsAutomation
+	url = https://github.com/SpecterOps/og-docs-automation

Documentation/EdgeDescriptions/SCIM_Contains.md

@@ -0,0 +1,21 @@
+# SCIM_Contains
+
+## Edge Schema
+
+- Source: [SCIM_Organization](../NodeDescriptions/SCIM_Organization.md)
+- Destination: [SCIM_User](../NodeDescriptions/SCIM_User.md), [SCIM_Group](../NodeDescriptions/SCIM_Group.md), [SCIM_Role](../NodeDescriptions/SCIM_Role.md)
+
+## General Information
+
+The [SCIM_Contains](SCIM_Contains.md) edge represents the containment relationship between an organization and its SCIM resources. Each SCIM user, group, and role belongs to exactly one organization, establishing a clear ownership boundary. This edge is significant for scoping identity governance — all resources contained by an organization are managed by that organization's identity provider.
+
+```mermaid
+graph LR
+    node1("SCIM_Organization Contoso")
+    node2("SCIM_User dschrute")
+    node3("SCIM_Group Sales Team")
+    node4("SCIM_Role Sales")
+    node1 -- SCIM_Contains --> node2
+    node1 -- SCIM_Contains --> node3
+    node1 -- SCIM_Contains --> node4
+```

Documentation/EdgeDescriptions/SCIM_HasRole.md

@@ -0,0 +1,17 @@
+# SCIM_HasRole
+
+## Edge Schema
+
+- Source: [SCIM_User](../NodeDescriptions/SCIM_User.md)
+- Destination: [SCIM_Role](../NodeDescriptions/SCIM_Role.md)
+
+## General Information
+
+The [SCIM_HasRole](SCIM_HasRole.md) edge represents the relationship between users and their assigned roles, as defined by the `roles` attribute in the SCIM user schema. Roles are extracted from user attributes and represented as separate nodes to enable graph-based analysis of role assignments across the organization. This edge allows identifying all users who share a particular role.
+
+```mermaid
+graph LR
+    node1("SCIM_User dschrute")
+    node2("SCIM_Role Sales")
+    node1 -- SCIM_HasRole --> node2
+```

Documentation/EdgeDescriptions/SCIM_ManagerOf.md

@@ -0,0 +1,17 @@
+# SCIM_ManagerOf
+
+## Edge Schema
+
+- Source: [SCIM_User](../NodeDescriptions/SCIM_User.md)
+- Destination: [SCIM_User](../NodeDescriptions/SCIM_User.md)
+
+## General Information
+
+The [SCIM_ManagerOf](SCIM_ManagerOf.md) edge represents the managerial relationship between users, as defined by the `manager` attribute in the SCIM Enterprise User schema extension. This edge captures the organizational hierarchy, connecting a manager to their direct reports. Manager relationships can be significant for understanding organizational structure and potential privilege escalation paths through social engineering or delegated approval workflows.
+
+```mermaid
+graph LR
+    node1("SCIM_User mscott")
+    node2("SCIM_User dschrute")
+    node1 -- SCIM_ManagerOf --> node2
+```

Documentation/EdgeDescriptions/SCIM_MemberOf.md

@@ -0,0 +1,19 @@
+# SCIM_MemberOf
+
+## Edge Schema
+
+- Source: [SCIM_User](../NodeDescriptions/SCIM_User.md), [SCIM_Group](../NodeDescriptions/SCIM_Group.md)
+- Destination: [SCIM_Group](../NodeDescriptions/SCIM_Group.md)
+
+## General Information
+
+The [SCIM_MemberOf](SCIM_MemberOf.md) edge represents group membership relationships, as defined by the `members` attribute of groups and the `groups` attribute of users in the SCIM schema. Users can be members of groups, and groups can be nested within other groups. Group membership propagated through SCIM is a primary mechanism for granting application access, making these edges critical for understanding transitive access paths.
+
+```mermaid
+graph LR
+    node1("SCIM_User dschrute")
+    node2("SCIM_Group Sales Team")
+    node3("SCIM_Group All Employees")
+    node1 -- SCIM_MemberOf --> node2
+    node2 -- SCIM_MemberOf --> node3
+```

Documentation/EdgeDescriptions/SCIM_Provisioned.md

@@ -0,0 +1,20 @@
+# SCIM_Provisioned
+
+## Edge Schema
+
+- Source: [SCIM_User](../NodeDescriptions/SCIM_User.md), [SCIM_Group](../NodeDescriptions/SCIM_Group.md)
+- Destination: [GH_ExternalIdentity](https://bloodhound.specterops.io/opengraph/extensions/githound/reference/nodes/gh_externalidentity), [GH_Group](https://bloodhound.specterops.io/opengraph/extensions/githound/reference/nodes/gh_group)
+
+## General Information
+
+The [SCIM_Provisioned](SCIM_Provisioned.md) edge represents the hybrid relationship between SCIM resources and their provisioned counterparts in downstream applications, such as GitHub. When an identity provider provisions a user or group via SCIM, this edge connects the SCIM source identity to the resulting application-specific identity. These edges are critical for tracing cross-domain access paths from cloud IdP identities to application-level permissions.
+
+```mermaid
+graph LR
+    node1("SCIM_User dschrute")
+    node2("GH_ExternalIdentity dschrute")
+    node3("SCIM_Group Sales Team")
+    node4("GH_Group Sales Team")
+    node1 -- SCIM_Provisioned --> node2
+    node3 -- SCIM_Provisioned --> node4
+```