Summary and recommendation
ADP Workforce Now does not support inbound SCIM provisioning as a target application. Instead, ADP functions as an HR source system that provisions users TO other applications through third-party bridges like Aquera. This creates a fundamental misunderstanding in the market—while ADP integrates with identity providers like Okta and Azure AD, it's typically pushing employee data OUT to provision accounts in downstream systems, not receiving provisioning requests from your IdP. ADP supports SAML 2.0 and OIDC for SSO authentication, but user accounts must still be manually created and managed within ADP's HR platform.
This architectural reality creates significant operational overhead for IT teams. When new employees join or leave the company, their ADP records must be manually maintained by HR staff, while other applications can be automatically provisioned through your IdP. This breaks the unified identity lifecycle management that SCIM enables, forcing organizations to maintain split processes where some apps provision automatically while their core HR platform requires manual intervention.
The strategic alternative
ADP has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0, OAuth 2.0, OIDC |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | No SCIM available |
| Microsoft Entra ID | ✓ | ❌ | No SCIM available |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages ADP accounts manually. Here's what that costs:
The ADP pricing problem
ADP gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| RUN | $79/month + $4/employee | ||
| Workforce Now | $62/employee/month | ||
| Vantage HCM | Custom pricing |
Provisioning architecture
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| RUN | $79/month + $4/employee | ||
| Workforce Now | $62/employee/month | ||
| Vantage HCM | Custom pricing |
Implementation fees: $25-$200 per employee across all plans
What this means in practice
ADP Workforce Now is designed to be the authoritative HR source that pushes employee data TO other systems via SCIM—not receive provisioning from your IdP. This creates several operational challenges:
Additional constraints
Summary of challenges
- ADP does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What ADP actually offers for identity
SAML SSO (Standard on all plans)
ADP Workforce Now supports federated single sign-on across all plan tiers:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0, OAuth 2.0, OIDC |
| Supported IdPs | Okta, Azure AD, Google Workspace, OneLogin |
| JIT Provisioning | ✓ Yes |
| Configuration | Standard SAML metadata exchange |
SCIM Provisioning (Third-party bridge required)
ADP does not provide native SCIM endpoints for inbound provisioning. Instead, they offer outbound provisioning capabilities:
| Feature | Support Level |
|---|---|
| Inbound SCIM (IdP → ADP) | ❌ Not available |
| Outbound provisioning (ADP → IdP) | ✓ Via Aquera bridge |
| Direct SCIM API | ❌ No |
| Native user sync | ❌ No |
The fundamental issue: ADP Workforce Now is designed as an HR source system that provisions to other applications, not as a target that receives provisioning from your IdP. This creates a backwards flow where HR events in ADP should trigger downstream provisioning to other apps.
Third-party Integration Requirements
To achieve any form of automated provisioning with ADP, you need:
Bottom line: ADP's identity story is backwards from what most IT teams expect. You're not provisioning users into ADP from your IdP - you're using ADP as the authoritative source to provision out to other systems.
What IT admins are saying
Community sentiment on ADP's provisioning centers around role confusion and integration complexity:
- ADP serves as the HR source system, not a typical SCIM target for provisioning
- Third-party Aquera bridge required for any automated identity sync capabilities
- Enterprise pricing tiers create barriers for mid-market organizations
- Integration setup complexity when ADP needs to provision TO other systems
User accounts must exist in ADP to use single sign-on... ADP is typically the authoritative HR source that provisions TO other apps via Aquera.
Complex integration requires Aquera - ADP as source not target creates confusion for IT teams expecting traditional SCIM provisioning.
The recurring theme
ADP Workforce Now fundamentally operates as an HR source system that pushes data outbound, not as a target application that receives provisioning from your IdP. This architectural difference catches many IT teams off-guard who expect standard SCIM inbound provisioning.
The decision
| Your Situation | Recommendation |
|---|---|
| Using ADP as HR source to provision other systems | Use Stitchflow: streamline HR-driven provisioning workflows |
| Need to provision users TO ADP from your IdP | Use Stitchflow: no native SCIM means manual user management otherwise |
| Small payroll team (<25 employees) | Manual management acceptable, but consider automation for growth |
| Enterprise with complex HR workflows | Use Stitchflow: eliminate Aquera licensing and complexity |
| Multi-system environment with ADP as HR hub | Use Stitchflow: centralize all provisioning through one platform |
The bottom line
ADP Workforce Now operates as an HR source system rather than a typical SCIM target, requiring third-party bridges like Aquera for any automation. For organizations that need seamless provisioning TO ADP or want to eliminate complex middleware dependencies, Stitchflow provides direct automation without the enterprise complexity.
Make ADP workflows AI-native
ADP has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- ADP is HR source system - not typical SCIM target
- SCIM requires third-party Aquera bridge
- No native SCIM endpoint for inbound provisioning
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
Enterprise required for SCIM
Use Stitchflow for automated provisioning.
Unlock SCIM for
ADP
ADP has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
