Stitchflow
ADP logo

ADP SCIM guide

Connector Only

How to automate ADP user provisioning, and what it actually costs

Native SCIM requires Enterprise plan

Summary and recommendation

ADP Workforce Now does not support inbound SCIM provisioning as a target application. Instead, ADP functions as an HR source system that provisions users TO other applications through third-party bridges like Aquera. This creates a fundamental misunderstanding in the market—while ADP integrates with identity providers like Okta and Azure AD, it's typically pushing employee data OUT to provision accounts in downstream systems, not receiving provisioning requests from your IdP. ADP supports SAML 2.0 and OIDC for SSO authentication, but user accounts must still be manually created and managed within ADP's HR platform.

This architectural reality creates significant operational overhead for IT teams. When new employees join or leave the company, their ADP records must be manually maintained by HR staff, while other applications can be automatically provisioned through your IdP. This breaks the unified identity lifecycle management that SCIM enables, forcing organizations to maintain split processes where some apps provision automatically while their core HR platform requires manual intervention.

The strategic alternative

Stitchflow provides managed provisioning automation for ADP Workforce Now, enabling true bidirectional sync between your HR source of truth and identity provider. Works with any ADP plan and any IdP (Okta, Entra, Google Workspace, OneLogin). Flat pricing under $5K/year, regardless of employee count.

Quick SCIM facts

SCIM available?No
SCIM tier requiredN/A
SSO required first?No
SSO available?Yes
SSO protocolSAML 2.0, OAuth 2.0, OIDC
DocumentationNot available

Supported identity providers

IdPSSOSCIMNotes
OktaNo SCIM available
Microsoft Entra IDNo SCIM available
Google WorkspaceVia third-partyNo native support
OneLoginVia third-partyNo native support

The cost of not automating

Without SCIM (or an alternative like Stitchflow), your IT team manages ADP accounts manually. Here's what that costs:

Source: Stitchflow customers using ADP, normalized to 500 employees:
Orphaned accounts (ex-employees with access)52
Unused licenses0
IT hours spent on manual management/year136 hours
Unused license cost/year$0
IT labor cost/year$8,153
Cost of compliance misses/year$12,544
Total annual financial impact$20,697

The ADP pricing problem

ADP gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.

Tier comparison

PlanPriceSSOSCIM
RUN$79/month + $4/employee
Workforce Now$62/employee/month
Vantage HCMCustom pricing

Provisioning architecture

PlanPriceSSOSCIM
RUN$79/month + $4/employee
Workforce Now$62/employee/month
Vantage HCMCustom pricing

Implementation fees: $25-$200 per employee across all plans

What this means in practice

ADP Workforce Now is designed to be the authoritative HR source that pushes employee data TO other systems via SCIM—not receive provisioning from your IdP. This creates several operational challenges:

Reverse data flow
HR changes in ADP should trigger user provisioning in downstream apps, but your IdP can't provision users into ADP
Manual user creation
New ADP users must be created through HR processes, not IT provisioning workflows
Third-party dependency
Any SCIM connectivity requires Aquera Identity Directory Sync Bridge or similar solutions

Additional constraints

Aquera bridge requirement
SCIM functionality only available through third-party Aquera integration, adding complexity and cost
HR-driven workflow
User lifecycle events originate in ADP's HR system, not your identity provider's admin console
No inbound provisioning
Cannot disable/suspend ADP access through standard IdP deprovisioning workflows
Enterprise implementation costs
$25-$200 per employee setup fees make small deployments expensive relative to user count

Summary of challenges

  • ADP does not provide native SCIM at any price tier
  • Organizations must rely on third-party tools or manual provisioning
  • Our research shows teams manually provisioning this app spend significant hidden costs annually

What ADP actually offers for identity

SAML SSO (Standard on all plans)

ADP Workforce Now supports federated single sign-on across all plan tiers:

SettingDetails
ProtocolSAML 2.0, OAuth 2.0, OIDC
Supported IdPsOkta, Azure AD, Google Workspace, OneLogin
JIT Provisioning✓ Yes
ConfigurationStandard SAML metadata exchange

SCIM Provisioning (Third-party bridge required)

ADP does not provide native SCIM endpoints for inbound provisioning. Instead, they offer outbound provisioning capabilities:

FeatureSupport Level
Inbound SCIM (IdP → ADP)❌ Not available
Outbound provisioning (ADP → IdP)✓ Via Aquera bridge
Direct SCIM API❌ No
Native user sync❌ No

The fundamental issue: ADP Workforce Now is designed as an HR source system that provisions to other applications, not as a target that receives provisioning from your IdP. This creates a backwards flow where HR events in ADP should trigger downstream provisioning to other apps.

Third-party Integration Requirements

To achieve any form of automated provisioning with ADP, you need:

Aquera Identity Directory Sync Bridge
Third-party connector that costs additional licensing
Enterprise-level ADP contract
Required for API access that Aquera depends on
Custom integration work
Most implementations require professional services

Bottom line: ADP's identity story is backwards from what most IT teams expect. You're not provisioning users into ADP from your IdP - you're using ADP as the authoritative source to provision out to other systems.

What IT admins are saying

Community sentiment on ADP's provisioning centers around role confusion and integration complexity:

  • ADP serves as the HR source system, not a typical SCIM target for provisioning
  • Third-party Aquera bridge required for any automated identity sync capabilities
  • Enterprise pricing tiers create barriers for mid-market organizations
  • Integration setup complexity when ADP needs to provision TO other systems

User accounts must exist in ADP to use single sign-on... ADP is typically the authoritative HR source that provisions TO other apps via Aquera.

ADP Integration Documentation

Complex integration requires Aquera - ADP as source not target creates confusion for IT teams expecting traditional SCIM provisioning.

IT Admin, Reddit

The recurring theme

ADP Workforce Now fundamentally operates as an HR source system that pushes data outbound, not as a target application that receives provisioning from your IdP. This architectural difference catches many IT teams off-guard who expect standard SCIM inbound provisioning.

The decision

Your SituationRecommendation
Using ADP as HR source to provision other systemsUse Stitchflow: streamline HR-driven provisioning workflows
Need to provision users TO ADP from your IdPUse Stitchflow: no native SCIM means manual user management otherwise
Small payroll team (<25 employees)Manual management acceptable, but consider automation for growth
Enterprise with complex HR workflowsUse Stitchflow: eliminate Aquera licensing and complexity
Multi-system environment with ADP as HR hubUse Stitchflow: centralize all provisioning through one platform

The bottom line

ADP Workforce Now operates as an HR source system rather than a typical SCIM target, requiring third-party bridges like Aquera for any automation. For organizations that need seamless provisioning TO ADP or want to eliminate complex middleware dependencies, Stitchflow provides direct automation without the enterprise complexity.

Automate ADP without third-party complexity

Stitchflow delivers SCIM-level provisioning through resilient browser automation, backed by 24/7 human in the loop for ADP at <$5K/year, flat, regardless of team size.

Works alongside or instead of native SCIM
Syncs with your existing IdP (Okta, Entra ID, Google Workspace)
Automates onboarding and offboarding
SOC 2 Type II certified
24/7 human-in-the-loop monitoring
Book a Demo

Technical specifications

SCIM Version

Not specified

Supported Operations

Not specified

Supported Attributes

ADP is HR source system - not typical SCIM targetSCIM requires third-party Aquera bridgeNo native SCIM endpoint for inbound provisioning

Plan requirement

Not specified

Prerequisites

Not specified

Key limitations

  • ADP is HR source system - not typical SCIM target
  • SCIM requires third-party Aquera bridge
  • No native SCIM endpoint for inbound provisioning

Documentation not available.

Configuration for Okta

Integration type

Okta Integration Network (OIN) app

Where to enable

Okta Admin Console → Applications → ADP → Sign On

Docs

Okta integration

Enterprise required for SCIM

Use Stitchflow for automated provisioning.

Unlock SCIM for
ADP

ADP doesn't offer SCIM. Get an enterprise-grade SCIM endpoint in your IdP, even without native support.

See how it works
Admin Console
Directory
Applications
ADP logo
ADP
via Stitchflow

Last updated: 2026-01-11

* Pricing and features sourced from public documentation.