From 405781471bad6b9d100d7aa1b49df562366231e1 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Mon, 2 Dec 2024 14:43:30 -0300
Subject: [PATCH 1/6] Remove unused workflow input

---
 .changeset/nine-grapes-promise.md | 2 ++
 .github/workflows/ci.yml          | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/nine-grapes-promise.md

diff --git a/.changeset/nine-grapes-promise.md b/.changeset/nine-grapes-promise.md
new file mode 100644
index 0000000000..a845151cc8
--- /dev/null
+++ b/.changeset/nine-grapes-promise.md
@@ -0,0 +1,2 @@
+---
+---
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 9eaf62c341..97e886a92d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -2,7 +2,7 @@ name: CI
 
 on:
   merge_group:
-  pull_request:
+  pull_request_target:
     branches:
       - main
       - release/v4

From 634ca648a39e4699c349a35cecd8985cc84232b3 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Tue, 3 Dec 2024 11:16:38 -0300
Subject: [PATCH 2/6] Do not use environment protection rule, rely on workflow
 run

---
 .github/workflows/ci.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 97e886a92d..f020469837 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -3,6 +3,7 @@ name: CI
 on:
   merge_group:
   pull_request_target:
+    types: [opened, synchronize]
     branches:
       - main
       - release/v4
@@ -12,7 +13,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  # Check triggering actor permissions to prevent PRs from forks accessing secrets by default, preventing them from exfiltrating secrets for malicious purposes
+  # Check triggering actor permissions to prevent PRs from forks accessing secrets by default, preventing them from accessing secrets for malicious purposes
   check-permissions:
     runs-on: 'blacksmith-8vcpu-ubuntu-2204'
     steps:
@@ -47,6 +48,7 @@ jobs:
         with:
           fetch-depth: 0
           show-progress: false
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup
         id: config
@@ -118,6 +120,7 @@ jobs:
         with:
           fetch-depth: 0
           show-progress: false
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup
         id: config
@@ -179,6 +182,7 @@ jobs:
         with:
           fetch-depth: 0
           show-progress: false
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup
         id: config

From 8eb6cf074eb9887bdd07d486f4861587f4b96d62 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Tue, 17 Dec 2024 09:03:15 -0300
Subject: [PATCH 3/6] Add `organization_id` to `SamlConnection` resource

---
 packages/backend/src/api/resources/JSON.ts           | 1 +
 packages/backend/src/api/resources/SamlConnection.ts | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/packages/backend/src/api/resources/JSON.ts b/packages/backend/src/api/resources/JSON.ts
index 5ef4fb5d2a..0c5c544ba6 100644
--- a/packages/backend/src/api/resources/JSON.ts
+++ b/packages/backend/src/api/resources/JSON.ts
@@ -360,6 +360,7 @@ export interface PaginatedResponseJSON {
 export interface SamlConnectionJSON extends ClerkResourceJSON {
   name: string;
   domain: string;
+  organization_id: string | null;
   idp_entity_id: string;
   idp_sso_url: string;
   idp_certificate: string;
diff --git a/packages/backend/src/api/resources/SamlConnection.ts b/packages/backend/src/api/resources/SamlConnection.ts
index d32f0495f4..e42add44c4 100644
--- a/packages/backend/src/api/resources/SamlConnection.ts
+++ b/packages/backend/src/api/resources/SamlConnection.ts
@@ -5,6 +5,7 @@ export class SamlConnection {
     readonly id: string,
     readonly name: string,
     readonly domain: string,
+    readonly organizationId: string | null,
     readonly idpEntityId: string | null,
     readonly idpSsoUrl: string | null,
     readonly idpCertificate: string | null,
@@ -28,6 +29,7 @@ export class SamlConnection {
       data.id,
       data.name,
       data.domain,
+      data.organization_id,
       data.idp_entity_id,
       data.idp_sso_url,
       data.idp_certificate,

From f9472a82dd37f23e53ef53b2c29fa6718ceb34c9 Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Tue, 17 Dec 2024 09:04:12 -0300
Subject: [PATCH 4/6] Pass `organization_id` when creating/updating SAML
 connection

---
 .changeset/nine-grapes-promise.md                       | 2 --
 .github/workflows/ci.yml                                | 8 ++------
 packages/backend/src/api/endpoints/SamlConnectionApi.ts | 2 ++
 3 files changed, 4 insertions(+), 8 deletions(-)
 delete mode 100644 .changeset/nine-grapes-promise.md

diff --git a/.changeset/nine-grapes-promise.md b/.changeset/nine-grapes-promise.md
deleted file mode 100644
index a845151cc8..0000000000
--- a/.changeset/nine-grapes-promise.md
+++ /dev/null
@@ -1,2 +0,0 @@
----
----
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f020469837..9eaf62c341 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -2,8 +2,7 @@ name: CI
 
 on:
   merge_group:
-  pull_request_target:
-    types: [opened, synchronize]
+  pull_request:
     branches:
       - main
       - release/v4
@@ -13,7 +12,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  # Check triggering actor permissions to prevent PRs from forks accessing secrets by default, preventing them from accessing secrets for malicious purposes
+  # Check triggering actor permissions to prevent PRs from forks accessing secrets by default, preventing them from exfiltrating secrets for malicious purposes
   check-permissions:
     runs-on: 'blacksmith-8vcpu-ubuntu-2204'
     steps:
@@ -48,7 +47,6 @@ jobs:
         with:
           fetch-depth: 0
           show-progress: false
-          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup
         id: config
@@ -120,7 +118,6 @@ jobs:
         with:
           fetch-depth: 0
           show-progress: false
-          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup
         id: config
@@ -182,7 +179,6 @@ jobs:
         with:
           fetch-depth: 0
           show-progress: false
-          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup
         id: config
diff --git a/packages/backend/src/api/endpoints/SamlConnectionApi.ts b/packages/backend/src/api/endpoints/SamlConnectionApi.ts
index 58671806c6..9ac17c2cf2 100644
--- a/packages/backend/src/api/endpoints/SamlConnectionApi.ts
+++ b/packages/backend/src/api/endpoints/SamlConnectionApi.ts
@@ -14,6 +14,7 @@ type CreateSamlConnectionParams = {
   name: string;
   provider: SamlIdpSlug;
   domain: string;
+  organizationId?: string;
   idpEntityId?: string;
   idpSsoUrl?: string;
   idpCertificate?: string;
@@ -31,6 +32,7 @@ type UpdateSamlConnectionParams = {
   name?: string;
   provider?: SamlIdpSlug;
   domain?: string;
+  organizationId?: string;
   idpEntityId?: string;
   idpSsoUrl?: string;
   idpCertificate?: string;

From 742d6225649fa2ef87a52b1837e1caa61b565c0e Mon Sep 17 00:00:00 2001
From: Laura Beatris <48022589+LauraBeatris@users.noreply.github.com>
Date: Tue, 17 Dec 2024 09:17:59 -0300
Subject: [PATCH 5/6] Add changeset

---
 .changeset/kind-crews-hear.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 .changeset/kind-crews-hear.md

diff --git a/.changeset/kind-crews-hear.md b/.changeset/kind-crews-hear.md
new file mode 100644
index 0000000000..239167abd8
--- /dev/null
+++ b/.changeset/kind-crews-hear.md
@@ -0,0 +1,7 @@
+---
+'@clerk/backend': patch
+---
+
+Allow to create and update SAML connections with organization IDs.
+
+When users sign in or up using an organization's SAML connection, they're automatically added as members of that organization. For more information, refer to our docs: [TODO - Add docs link]

From e73e2cec636af8a7ec38c4cd1d9c6fd6a45dc198 Mon Sep 17 00:00:00 2001
From: Izaak Lauer <8404559+izaaklauer@users.noreply.github.com>
Date: Wed, 18 Dec 2024 10:42:57 -0500
Subject: [PATCH 6/6] Updating changeset with (as-yet-unreleased) docs link

---
 .changeset/kind-crews-hear.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.changeset/kind-crews-hear.md b/.changeset/kind-crews-hear.md
index 239167abd8..63bece9029 100644
--- a/.changeset/kind-crews-hear.md
+++ b/.changeset/kind-crews-hear.md
@@ -4,4 +4,4 @@
 
 Allow to create and update SAML connections with organization IDs.
 
-When users sign in or up using an organization's SAML connection, they're automatically added as members of that organization. For more information, refer to our docs: [TODO - Add docs link]
+When users sign in or up using an organization's SAML connection, they're automatically added as members of that organization. For more information, refer to our docs: https://clerk.com/docs/organizations/manage-sso