The definitive guide to SCIM support across 552 apps

15Five includes SCIM provisioning on all plans starting at $4/user/month, with full support for creating, updating, and deactivating users across Okta, Entra ID, Google Workspace, and OneLogin. However, 15Five's SCIM implementation has a critical prerequisite: SSO must be configured first, and their documentation explicitly warns against using JIT provisioning alongside SCIM due to duplicate user creation risks. This creates operational friction for IT teams managing performance management rollouts. The SSO-first requirement means you can't test SCIM provisioning in isolation, and the JIT conflict forces you to choose between automated onboarding convenience and reliable user lifecycle management. For HR-driven tools like 15Five that need to maintain accurate manager hierarchies and team structures, these provisioning gaps can disrupt performance review cycles and employee engagement tracking.

1Password supports SCIM provisioning on its Business plan ($7.99/user/month), but requires deploying and managing the 1Password SCIM Bridge on your own infrastructure. This self-hosted approach means you're responsible for maintaining servers, handling updates, and troubleshooting connectivity issues between your identity provider and 1Password's systems. The SCIM Bridge also operates separately from SSO (which uses OIDC only), requiring you to configure and maintain two distinct integrations. This architecture creates operational overhead that many IT teams don't want to manage. Unlike cloud-native SCIM implementations, you're essentially running 1Password's provisioning infrastructure for them. When the SCIM Bridge goes down, provisioning stops working. When 1Password updates their API, you need to update your Bridge deployment. For teams that just want automated user lifecycle management, this becomes an ongoing maintenance burden.

6sense, the B2B revenue intelligence platform, has paused SCIM provisioning for new customers until Q4 2026. While existing customers with SCIM enabled can continue using it, new implementations are limited to JIT (Just-In-Time) provisioning through SAML SSO. This creates a significant gap for IT teams managing revenue intelligence access, as JIT only creates users on first login and provides minimal attribute mapping (email, first name, last name only). For an enterprise platform with typical pricing of $55,000-$130,000 annually, the absence of automated user lifecycle management is a substantial limitation. The lack of SCIM until Q4 2026 forces IT teams into manual provisioning workflows for a platform handling sensitive revenue data. While SAML SSO handles authentication, it doesn't address user lifecycle events like role changes, department transfers, or offboarding. This creates compliance risks in revenue teams where access to prospect data and sales intelligence must be tightly controlled. The nearly two-year wait for SCIM restoration means organizations implementing 6sense today face manual user management for the foreseeable future.

8x8 supports SCIM 2.0 for automated user provisioning, but only on their quote-based X Series plans (previously $24-44/user/month range before they moved to custom pricing). While SCIM can create, update, and deactivate users, it has critical gaps that create ongoing manual overhead: license assignment must be done manually after every user is provisioned, users can't be deleted (only deactivated), and provisioned users don't automatically appear in the Company Directory. For IT teams managing a unified communications platform that typically covers all employees, these limitations defeat much of SCIM's purpose. You're still manually touching every user account to assign licenses and ensure directory visibility. The lack of user deletion support also creates compliance headaches when employees leave - accounts accumulate as "deactivated" rather than being properly removed.

Absorb LMS supports native SCIM provisioning, but only on Enterprise plans with SSO as a required paid add-on. Even with SCIM enabled, the implementation has critical limitations: SAML provisioning only creates accounts on first login and never updates existing users, and full user provisioning requires the specific "Absorb 5 - New Learner Experience" version. For organizations managing compliance training across hundreds or thousands of learners, these gaps create ongoing manual work. The SSO-as-add-on model means you're paying extra fees on top of already custom Enterprise pricing ($6-12/user/month base, but varies significantly). For learning management systems handling external partners, contractors, and employees across different access levels, the inability to update existing user attributes through SAML provisioning forces IT teams into manual account management—exactly what automated provisioning should eliminate.

ActiveCampaign, the marketing automation platform, does not offer native SCIM provisioning on any plan. While the Enterprise plan ($145+/month) includes SAML 2.0 SSO with just-in-time (JIT) provisioning, this only creates user accounts on first login—there's no automated deprovisioning when employees leave or change roles. New SSO users are automatically added to a generic "SSO Users" group with configurable permissions, but IT teams have no way to programmatically manage user lifecycles or enforce granular access controls based on department or role changes. This creates a significant gap for marketing teams that need to manage access to customer data and campaign tools. When employees leave the company or change departments, their ActiveCampaign access must be manually revoked, creating compliance risks and potential data exposure. The lack of automated deprovisioning means former employees could theoretically retain access to sensitive marketing data and customer information until someone manually removes them from the platform.

Adobe Creative Cloud supports SCIM provisioning, but only on Enterprise plans with custom pricing—and only if you use Azure AD or Google Workspace as your identity provider. This creates a massive blind spot: organizations using Okta, OneLogin, or other IdPs are completely locked out of automated provisioning, despite Adobe being in Okta's integration network for SSO. Even when SCIM works, it only handles user creation and removal—license assignment and management still requires manual intervention. This IdP restriction is particularly problematic for enterprises that have standardized on Okta or other providers. You're forced to choose between maintaining your existing identity infrastructure or accepting manual user management for one of your most expensive SaaS applications. The limitation becomes even more painful when you consider that Teams plans ($89.99/user/month) don't support SCIM at all, pushing you into custom Enterprise pricing territory just to automate basic user lifecycle management.

ADP Workforce Now does not support inbound SCIM provisioning as a target application. Instead, ADP functions as an HR source system that provisions users TO other applications through third-party bridges like Aquera. This creates a fundamental misunderstanding in the market—while ADP integrates with identity providers like Okta and Azure AD, it's typically pushing employee data OUT to provision accounts in downstream systems, not receiving provisioning requests from your IdP. ADP supports SAML 2.0 and OIDC for SSO authentication, but user accounts must still be manually created and managed within ADP's HR platform. This architectural reality creates significant operational overhead for IT teams. When new employees join or leave the company, their ADP records must be manually maintained by HR staff, while other applications can be automatically provisioned through your IdP. This breaks the unified identity lifecycle management that SCIM enables, forcing organizations to maintain split processes where some apps provision automatically while their core HR platform requires manual intervention.

Adyen offers SCIM 2.0 provisioning, but only through Okta's integration—there's no native SCIM endpoint. This creates a significant vendor lock-in scenario where your provisioning capabilities are entirely dependent on using Okta as your identity provider. Teams using Azure Entra, Google Workspace, or OneLogin are left with manual user management despite Adyen supporting SAML SSO with these platforms. The Okta integration itself requires maintaining a company account (not just a merchant account) and keeping at least one non-SSO admin for troubleshooting, adding operational complexity. For payment platforms handling sensitive financial data, this provisioning gap creates serious compliance risks. Your finance team, payment operations staff, and developers need timely access to process transactions and manage risk controls, but without automated provisioning, you're stuck with manual onboarding that can delay critical payment operations. The requirement to maintain non-SSO admin accounts also creates a security backdoor that compliance auditors will flag.

AfterShip, the e-commerce shipping and tracking platform, does not offer SCIM provisioning on any plan. While AfterShip provides SAML 2.0 SSO on their Enterprise plan with JIT (Just-In-Time) provisioning support, this only handles authentication—not comprehensive user lifecycle management. Users can be automatically created on first login, but there's no automated deprovisioning, group management, or attribute synchronization that IT teams need for proper access governance. This creates a significant operational gap for e-commerce teams managing multiple users across ops, customer support, and logistics functions. Without SCIM, IT administrators must manually create, update, and remove AfterShip accounts when employees join, change roles, or leave the company. Given that logistics platforms often have many users who need controlled access to sensitive shipping data and customer information, this manual process creates both security risks and administrative overhead that scales poorly as e-commerce operations grow.

Agiloft, the enterprise contract lifecycle management platform, does not support native SCIM provisioning on any plan. While Agiloft offers robust SAML 2.0 SSO integration with major identity providers, user provisioning is limited to Just-in-Time (JIT) provisioning only. This means users are automatically created when they first log in via SSO, but there's no automated deprovisioning when employees leave or change roles. For legal teams managing sensitive contract data where user roles determine contract visibility, this creates a significant security gap. The JIT-only approach means IT administrators must manually track and remove former employees from Agiloft to prevent unauthorized access to confidential contracts and legal documents. Given Agiloft's average implementation cost of $68,000/year and its position as a critical system for legal operations, the lack of automated user lifecycle management creates both compliance risks and administrative overhead that scales poorly as organizations grow.

Aha! Roadmaps, the product roadmapping platform, does not support SCIM provisioning on any plan. While Aha! offers SAML 2.0 SSO integration with identity providers like Okta, Entra ID, and OneLogin, this only handles authentication through JIT (Just-In-Time) provisioning. The critical limitation: JIT provisioning creates user accounts with no default role or access permissions, requiring administrators to manually configure access for each user after they first sign in. For product teams managing strategic roadmaps and stakeholder access, this creates significant operational overhead. Since product roadmaps contain sensitive strategic information and stakeholder access typically varies by product area, IT administrators must manually assign appropriate roles and workspace permissions after each user is provisioned. There's no automatic deprovisioning when users leave the organization, creating potential security gaps. This manual process becomes particularly problematic for larger product organizations where dozens of stakeholders across different business units need carefully managed access to specific roadmaps.