TL;DR
Okta and Entra users complain about the SCIM Tax. Google Workspace users don't even get that option.
Okta has the OIN with hundreds of SCIM integrations. Entra has its app gallery. Google Workspace? You get Google apps and not much else. No SCIM catalog. No provisioning connectors. Just manual work.
The same apps that paywall SCIM for Okta users simply don't connect to Google Workspace at all. You're not paying a tax - you're locked out entirely.
Stitchflow changes that. We expose an API you call from whatever workflow tool you use - Slack, your HRIS, a webhook from anywhere. Same automation Okta users get, different entry point.
The Google Workspace identity gap
If you run your company on Google Workspace without Okta or Entra, you've made a reasonable choice. Google Workspace handles authentication, email, calendar, drive. For many companies, it's enough.
Until you need to provision users into other apps.
Okta users have the Okta Integration Network - thousands of apps with pre-built SCIM connectors. Click a button, assign users, provisioning happens automatically.
Entra users have the Azure AD app gallery - similar story, hundreds of enterprise apps with provisioning support.
Google Workspace users have... Google apps. Gmail, Drive, Calendar, Meet. Beyond that? You're on your own.
The same problem, fewer options
Every app that paywalls SCIM for Okta users - Figma, Slack, Notion, Salesforce - doesn't even offer a Google Workspace integration. The SCIM Tax conversation assumes you have an IdP with a SCIM catalog. Google Workspace doesn't.
| App | Okta | Entra | Google Workspace |
|---|---|---|---|
| Figma | SCIM (Enterprise) | SCIM (Enterprise) | Manual only |
| Slack | SCIM (Grid) | SCIM (Grid) | Manual only |
| Notion | SCIM (Enterprise) | SCIM (Enterprise) | Manual only |
| Salesforce | SCIM (Enterprise) | SCIM (Enterprise) | Manual only |
| HubSpot | SCIM (Enterprise) | SCIM (Enterprise) | Manual only |
Okta and Entra users can at least pay the tax to get automation. Google Workspace users can't pay their way out - the integration doesn't exist.
What Google Workspace actually offers
Google Workspace is excellent at what it does:
- Authentication: SAML SSO works with most apps
- Google apps: Drive, Gmail, Calendar, Meet all provision automatically
- Directory: Google Cloud Directory Sync can pull from AD/LDAP
What it doesn't offer:
- SCIM catalog: No equivalent to OIN or Entra app gallery
- Provisioning connectors: No pre-built integrations to third-party apps
- Lifecycle automation: No native way to provision/deprovision beyond Google apps
If your stack is 100% Google, you're fine. The moment you add Figma, Slack, Notion, Salesforce, or any of the hundreds of other apps companies use - you're back to manual.
The math is the same (or worse)
Whether you use Okta, Entra, or Google Workspace, the cost of manual provisioning is identical:
| Metric | Per app, per year |
|---|---|
| IT hours | 101 hours |
| Annual cost | ~$12,000 |
That's $12K in IT labor, orphaned licenses, and compliance gaps - per app.
But Google Workspace users often have it worse:
- No option to "upgrade and get SCIM" - the integration doesn't exist
- Smaller IT teams (companies that skip Okta/Entra often have leaner ops)
- More apps in the "manual forever" bucket
How Stitchflow works for Google Workspace
Stitchflow doesn't require Okta or Entra. We built for the reality that not everyone uses enterprise IdPs.
How it works:
- We expose an API - a webhook endpoint you call to trigger provisioning actions
- You call it from your workflow tool - Slack, your HRIS, Zapier, a custom script, whatever you use today
- We handle the automation - resilient browser automation with 24/7 human-in-the-loop
Example workflow:
```
HRIS (new hire added)
↓
Webhook to Stitchflow API
↓
Stitchflow provisions user to:
- Figma
- Slack
- Notion
- Salesforce
- [any app in your stack]
```
The same trigger that creates a Google Workspace account can provision every other app. No Okta. No Entra. No manual work.
Same automation, different entry point
Okta and Entra users configure Stitchflow as a SCIM bridge - their IdP sends signals, we translate them into provisioning actions.
Google Workspace users call our API directly - your workflow tool sends signals, we translate them into provisioning actions.
The automation is identical. The apps we support are identical. The reliability is identical. Only the trigger is different.
| IdP | How you trigger Stitchflow |
|---|---|
| Okta | SCIM bridge - Okta sends provisioning events |
| Entra | SCIM bridge - Entra sends provisioning events |
| Google Workspace | API webhook - your workflow tool sends events |
Who this is for
You're a fit if:
- Google Workspace is your primary identity source
- You don't have Okta or Entra (and don't want to add them)
- You have apps that need automated provisioning
- You have a workflow tool that can call webhooks (Slack, HRIS, Zapier, etc.)
You're not a fit if:
- Your entire stack is Google apps (you don't need us)
- You already have Okta or Entra (use our SCIM bridge instead)
Get provisioning automation without adding an IdP
Stitchflow delivers SCIM-level provisioning through resilient browser automation, backed by 24/7 human in the loop. We build the integration. We maintain it. <$5K/app/year.
You chose Google Workspace for good reasons. That shouldn't mean giving up on provisioning automation.
Frequently asked questions
Yes. For Google Workspace users (or anyone without a traditional enterprise IdP), Stitchflow exposes an API endpoint you call via webhook from your workflow tool - Slack, your HRIS, Zapier, or any system that can make HTTP requests.
Jay has been serving modern IT teams for more than a decade. Prior to Stitchflow, he was the product lead for Okta IGA after Okta acquired his previous ITSM company, atSpoke.
