Each SaaS app our customers manage manually costs them an extra $25,000 a year. We know because we measured it.
This doesn’t include the app’s license fees. Just the cost of cleanup because they didn’t pay for automation.
That number surprises people until they walk through their own environment. The actual number of provisioning and deprovisioning actions you take over the course of a year. Offboarding that slips and leads to unused licenses. Access that lingers that then needs to be explained at your next audit.
None of it feels individually expensive in the moment. But stack it across your portfolio, and the bill shows up fast.
This isn't because you're careless. And it's not because automation is hard. It's because the SaaS industry decided automation should be a premium feature hidden behind the most expensive enterprise plan. We call this the SCIM Tax.
These manual SaaS management costs don’t show up on invoices, but they compound across licenses, IT labor, and compliance work.
How we ran our analysis
We analyzed 500 app deployments across over 150 unique SaaS apps. Our average customer has around 1,000 employees - the headline number reflects that scale.
We didn't model hypotheticals. We measured what actually happened: licenses that stayed assigned, hours logged by IT teams, compliance gaps that had to be tracked down and fixed after the fact.
The tables below are normalized to 500 employees for apples-to-apples comparison. Double them for a 1,000-person org.
This is operational data, not theory.
The three costs hiding inside every app
Manual SaaS management creates the same three drains almost everywhere.
| Cost category | What it includes | Annual cost (per app, per 500 employees) |
|---|---|---|
| License waste | Orphaned users that retain access, licenses that were used once and forgotten about | $3,925 |
| IT labor | Provisioning, deprovisioning, audits, and firefighting | $6,088 |
| Compliance gaps | Access violations and remediation work | $1,741 |
| Total | $11,754 |
We used conservative estimates of $60/hour for IT time and 4 hours to investigate each compliance gap and gather evidence (in many companies, these costs are much higher).
On average, per 500 employees, each app had 12 unused licenses, required 101 hours of IT labor over the year, and 7 access gaps requiring investigation and cleanup were identified at each audit.
That 101 hours of manual IT time is the real killer. You're not architecting systems or partnering with the business. You're a human API, bridging the gap between HR and SaaS vendors who refuse to build proper integrations.
Why does this turn into a portfolio problem?
The average organization in our dataset had ~1000 employees and 16 apps in scope, with their total annual impact of $341,000.
And the spread across our dataset was brutal. The largest crossed $1.34 million in costs due to manually managed apps.
The apps causing the most damage
These costs aren't coming from shadow tools or edge cases. They're coming from apps on your invoices right now.
| App | Total cost (per 500 employees) | Biggest driver |
|---|---|---|
| Salesforce | $25,970 | License waste ($14,878) |
| Miro | $19,839 | License waste ($9,673) |
| Adobe | $14,931 | License waste ($6,611) |
| Monday.com | $13,597 | IT labor (190 hrs) |
| Figma | $11,347 | IT labor (112 hrs) |
| Slack | $9,318 | IT labor (119 hrs) |
Salesforce costs more to clean up after than many apps cost to license. Adobe quietly hemorrhages unused seats. Monday.com devours 190 hours a year of IT time just keeping the lights on.
These apps already support SCIM. The integration exists. You just don't get access to it unless you upgrade.
This isn't a technical failure
There's a persistent myth that SaaS identity is messy because automation isn't mature.
That's outdated.
Most modern SaaS platforms support SCIM-based provisioning. They just restrict it to enterprise tiers. Figma supports SCIM on the Enterprise plan, which is 266% more expensive than the Pro plan. Slack supports SCIM on Business+, 71% more than Pro. If you want automated offboarding and audit-ready access controls, you pay more. If you don't, you absorb the cost in labor and risk.
Vendors aren't ignoring the problem. They're monetizing it.
That's the SCIM Tax. Automation as ransom.
Security doesn't work this way anywhere else. You don't get partial credit for locking one door while leaving another open because the lock costs extra.
The math you should be doing
Pull up your app portfolio. Count the apps without automated provisioning. Multiply by $12K per 500 employees, or $24K if you're closer to our typical customer size.
That's your annual cost of manual SaaS management. Not your SaaS spend - your management spend. The invisible tax you pay in wasted licenses, burned hours, and compliance scrambles.
You can keep managing apps manually at $24K each. You can pay ransom pricing for enterprise plans.
Or you can get SCIM-level automation without paying enterprise plan pricing by automating apps without SCIM or APIs using Stitchflow. We unlock SCIM for any app through resilient browser automation. It integrates with your existing IdP - Okta, Entra, Google - and a 24/7 engineering team keeps it running.
Enterprise-grade automation without the enterprise plan.
Want to understand your own manual SaaS management costs?
See how much license waste, IT labor, and compliance cleanup is hiding across your app portfolio.
Frequently asked questions
Manual SaaS management costs are the hidden expenses created by provisioning, deprovisioning, audits, and cleanup work when apps can’t be automated.
Jay has been serving modern IT teams for more than a decade. Prior to Stitchflow, he was the product lead for Okta IGA after Okta acquired his previous ITSM company, atSpoke.
