In a perfect world, every application in your stack would have a robust REST API and a native SCIM endpoint.
Your Identity Provider (Okta, Entra) would talk to your apps in a clean, standardized language. Provisioning would be a simple CREATE request. Deprovisioning would be a DELETE request.
But we don't live in a perfect world. We live in a world where 30% of your apps - legacy tools, internal dashboards, and "SCIM Tax" offenders - only speak one language: HTML.
To an IT Architect, HTML is noise. It is unstructured, volatile, and impossible to automate reliably.
So, we built a translation engine.
Stitchflow is not just a "bot" that clicks buttons. It is an infrastructure layer that forces a chaotic User Interface to behave exactly like a structured API — essentially a universal API for disconnected apps, giving you SCIM-like behavior even when the app itself refuses to build SCIM.
If you’re wondering what disconnected apps are, here’s where you should head to: Disconnected Apps: The #1 Source of Orphaned Accounts (and How to Fix It Fast)
This is the same foundational gap described in the Identity Automation Gap, your IdP cannot automate what it cannot reach.
The "Synthetic" API (how Stitchflow behaves like a universal API for disconnected apps)
The core innovation of Stitchflow isn't just that we automate the browser. It's that we abstract the browser away from you entirely.
To your IdP or your workflow engine (Workato, BetterCloud, Okta Workflows), Stitchflow looks exactly like a standard integration.
- Input: You send us a standard SCIM signal (e.g., "Deactivate User X").
- Process: We spin up an isolated, headless browser in our private GCP cloud to execute the logic.
- Output: We return a structured JSON payload confirming the action, just like a REST API response.
We turn the "dumb" application into a "smart" integration.
This is the same principle highlighted in Stop buying RPA tools, buy an outcome, where the goal isn’t automation for automation’s sake, it’s predictable execution.
Under the hood: Controlled Isolation
We didn't hack this together on a laptop. We architected it for scale and isolation.
When you trigger an action, we don't just run a script. We spin up a dedicated, ephemeral container in Google Cloud Run.
- The Clean Room: That browser instance exists only for your specific task. It lives inside our private VPC. It has no visibility into other customers or other runs.
- The Session Logic: We manage the messy parts of the web cookies, session tokens, MFA states so you don't have to. We encrypt these session artifacts using AES-256 and store them in GCP Secret Manager, allowing us to reuse sessions for speed without compromising security.
- The VPN Boundary: As shown in our architecture, all execution happens behind a strict VPN boundary. The public internet never touches your automation logic directly.
For a deeper technical walkthrough of how isolation guarantees SCIM-grade safety, see API-Level Browser Automation Architecture.
Structured outputs over screen scraping
The dirty secret of traditional RPA is that it doesn't know what it did. It clicks a button and hopes for the best.
Stitchflow is deterministic. We don't just click; we validate.
When we run a deprovisioning flow, our engine scrapes the result, validates the success state (e.g., "User Deleted" toast message), and converts that event into a standardized machine-readable object.
This is the game-changer for IT engineering.
It means you can plug a legacy ERP system that was built in 2010 directly into a modern IdP like Okta or Entra.
Stitchflow acts as the adapter. We take the messy HTML of the legacy app and present it to Okta as a clean, compliant identity object.Related read: How we architected browser automation to be as secure as an API
Make the disconnected, connected
You shouldn't have to build custom scripts for every tool that lacks an API. That is technical debt that you will be paying interest on forever.
We built the infrastructure to handle the chaos so you can maintain a clean architecture.
You treat Stitchflow like an API. We handle the browser tabs.
Ready to use a universal API for disconnected apps?
Disconnected, non-SCIM, and no-API apps don’t have to stay manual. Stitchflow turns every one of them into a predictable, fully automatable part of your identity program.
Book a demo and see how Stitchflow becomes the universal API your disconnected apps never built.
Jay has been serving modern IT teams for more than a decade. Prior to Stitchflow, he was the product lead for Okta IGA after Okta acquired his previous ITSM company, atSpoke.
