Stitchflow
Back to directory
Aha! logo

Aha! SCIM guide

Connector Only

How to automate Aha! user provisioning, and what it actually costs

Summary and recommendation

Aha! Roadmaps, the product roadmapping platform, does not support SCIM provisioning on any plan. While Aha! offers SAML 2.0 SSO integration with identity providers like Okta, Entra ID, and OneLogin, this only handles authentication through JIT (Just-In-Time) provisioning. The critical limitation: JIT provisioning creates user accounts with no default role or access permissions, requiring administrators to manually configure access for each user after they first sign in.

For product teams managing strategic roadmaps and stakeholder access, this creates significant operational overhead. Since product roadmaps contain sensitive strategic information and stakeholder access typically varies by product area, IT administrators must manually assign appropriate roles and workspace permissions after each user is provisioned. There's no automatic deprovisioning when users leave the organization, creating potential security gaps. This manual process becomes particularly problematic for larger product organizations where dozens of stakeholders across different business units need carefully managed access to specific roadmaps.

The strategic alternative

Aha! has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.

Quick SCIM facts

SCIM available?No
SCIM tier requiredN/A
SSO required first?Yes
SSO available?Yes
SSO protocolSAML 2.0
DocumentationNot available

Supported identity providers

IdPSSOSCIMNotes
OktaVia third-partySSO only - no SCIM provisioning. JIT creates users with no default role/access. Administrators must manually set roles after provisioning.
Microsoft Entra IDVia third-partySSO via SAML. JIT provisioning creates users with no access. ProductPrefix/ProductRole attributes can provision users to specific workspaces. Requires Entra admin and Aha! admin.
Google WorkspaceVia third-partyNo native support
OneLoginVia third-partyNo native support

The cost of not automating

Without SCIM (or an alternative like Stitchflow), your IT team manages Aha! accounts manually. Here's what that costs:

Source: Stitchflow aggregate data across apps with 2+ instances, normalized to 500 employees
Orphaned accounts (ex-employees with access)7
Unused licenses12
IT hours spent on manual management/year101 hours
Unused license cost/year$3,925
IT labor cost/year$6,088
Cost of compliance misses/year$1,741
Total annual financial impact$11,754

The Aha! pricing problem

Aha! gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.

Tier comparison

PlanPriceSSOSCIM
Premium$59/user/month
Enterprise$99/user/month (annual)
Enterprise+$149/user/month (annual)

Pricing structure

PlanPriceSSOSCIM
Premium$59/user/month
Enterprise$99/user/month (annual)
Enterprise+$149/user/month (annual)

Note: All Enterprise plans include unlimited reviewers/viewers

What this means in practice

Without SCIM, Aha! forces IT admins into a manual workflow that defeats the purpose of automated provisioning:

1. JIT creates security gaps: When users authenticate via SSO, Aha! automatically creates accounts with no assigned role or workspace access 2. Manual role assignment required: Admins must log into Aha! after each new user signs in to manually configure their permissions and workspace assignments 3. No automated deprovisioning: Terminated employees retain access until manually removed from each Aha! account

For a 50-person product team, this means potentially dozens of manual interventions per quarter just for basic user lifecycle management.

Additional constraints

Strategic data exposure risk
Product roadmaps contain confidential strategic information, making the JIT security gap particularly problematic
Complex workspace management
Product teams often need different access levels across multiple product areas - all requiring manual configuration
No audit trail
Manual provisioning makes it difficult to track who has access to what roadmaps and when changes were made
Stakeholder access complications
External stakeholders and executives need carefully controlled access that can't be automated through existing SSO

Summary of challenges

  • Aha! does not provide native SCIM at any price tier
  • Organizations must rely on third-party tools or manual provisioning
  • Our research shows teams manually provisioning this app spend significant hidden costs annually

What Aha! actually offers for identity

SAML SSO (Enterprise and Enterprise+ plans)

Aha! supports SAML 2.0 integration but no native SCIM provisioning:

SettingDetails
ProtocolSAML 2.0
Supported IdPsOkta, Entra ID, OneLogin, PingIdentity, generic SAML
JIT Provisioning✓ Yes (creates accounts automatically)
Role AssignmentManual - admins must configure after user creation
DeprovisioningManual only

Critical limitation: JIT provisioning creates users with no default role or workspace access. Administrators must manually assign roles and permissions after each user's first login.

IdP Integration Reality Check

IdPSSOSCIM ProvisioningUser Management
Okta✓ SAML❌ NoManual via JIT
Entra ID✓ SAML❌ NoManual via JIT
OneLogin✓ SAML❌ NoManual via JIT
Google Workspace✓ SAML❌ NoManual via JIT

The Enterprise Plan Reality

At $99-149/user/month, you're paying for:

Advanced roadmapping features
Custom fields and workflows
API access
Advanced reporting
Portfolio management tools

The problem: Teams looking for automated user provisioning get expensive roadmapping features they may not need, while still requiring manual role management after JIT provisioning.

What's Missing

SCIM provisioning is a requested feature but not available. Current gaps include:

No automated user creation with proper roles
No group-based access control
No automated deprovisioning when users leave
Manual role assignment required for every new user

What IT admins are saying

Aha!'s lack of SCIM support creates ongoing friction for IT teams managing product management tools:

The community has been vocal about this gap: "SCIM provisioning is a requested feature" according to Aha!'s own documentation, with an active feature request (A-I-12570) highlighting the demand.

  • No automated user provisioning - all accounts must be manually created
  • JIT provisioning creates users with no default roles or access permissions
  • Administrators must manually configure workspace access after each login
  • No automated deprovisioning when employees leave the organization

No SCIM means manual user management

Community feedback on Aha! Ideas platform

JIT creates accounts anyone in IdP can access

IT administrator discussing security concerns

The recurring theme

Even with SSO configured, IT teams face a two-step process - users can authenticate, but administrators must manually assign roles and workspace access after every new login. For product teams handling sensitive roadmaps and strategic plans, this creates both security risks and administrative overhead.

The decision

Your SituationRecommendation
Small product team (<20 users) with low turnoverManual management with SSO authentication is workable
Growing product organization (30+ users)Use Stitchflow: JIT creates security gaps without role automation
Enterprise with multiple product linesUse Stitchflow: manual role assignment doesn't scale
Organizations with compliance requirementsUse Stitchflow: audit trail essential for strategic roadmap access
Teams with frequent stakeholder changesUse Stitchflow: automation prevents orphaned accounts with roadmap access

The bottom line

Aha! Roadmaps contains your most strategic product information, but its JIT provisioning creates users with no default access controls—admins must manually assign roles after every new user login. For product teams that need secure, scalable access management without the operational overhead, Stitchflow automates the entire workflow.

Make Aha! workflows AI-native

Aha! has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.

Covers apps without native SCIM, including the ones without APIs
Less than a week, start to finish (~2 hours of your time)
Built with your team; extend to anything else in the company
Book a Demo

Technical specifications

SCIM Version

Not specified

Supported Operations

Not specified

Supported Attributes

No native SCIM support (feature request exists)JIT provisioning creates users with no default role/accessAdministrators must manually set roles after provisioningCustom attributes via ProductPrefix/ProductRole for role mapping

Plan requirement

Not specified

Prerequisites

Not specified

Key limitations

  • No native SCIM support (feature request exists)
  • JIT provisioning creates users with no default role/access
  • Administrators must manually set roles after provisioning
  • Custom attributes via ProductPrefix/ProductRole for role mapping

Documentation not available.

Configuration for Okta

Integration type

Okta Integration Network (OIN) app

Prerequisite

SSO must be configured before enabling SCIM.

Where to enable

Okta Admin Console → Applications → Aha! → Sign On

Docs

Okta integration

SSO only - no SCIM provisioning. JIT creates users with no default role/access. Administrators must manually set roles after provisioning.

Use Stitchflow for automated provisioning.

Configuration for Entra ID

Integration type

Microsoft Entra Gallery app

Prerequisite

SSO must be configured before enabling SCIM.

Where to enable

Entra admin center → Enterprise applications → Aha! → Single sign-on

Docs

Microsoft Entra integration

SSO via SAML. JIT provisioning creates users with no access. ProductPrefix/ProductRole attributes can provision users to specific workspaces. Requires Entra admin and Aha! admin.

Use Stitchflow for automated provisioning.

Unlock SCIM for
Aha!

Aha! has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.

See how it works
Admin Console
Directory
Applications
Aha! logo
Aha!
via Stitchflow

Last updated: 2026-01-11

* Pricing and features sourced from public documentation.

Keep exploring

Related apps

ProductPlan logo

ProductPlan

No SCIM

Product Management / Roadmapping

ProvisioningNot Supported
Manual Cost$11,754/yr

ProductPlan, the product roadmap software, does not offer native SCIM provisioning on any plan despite costing $79/user/month for Professional plans where SSO becomes available. While ProductPlan supports SAML 2.0 SSO with JIT (Just-In-Time) provisioning that can automatically create users and map them to Teams based on group attributes, this creates a significant gap for IT administrators who need proper user lifecycle management. JIT provisioning only handles user creation during first login—it cannot proactively provision users, manage role changes, or properly deprovision users when they leave the organization. This JIT-only approach creates compliance and security risks, especially problematic for a tool that handles sensitive product strategy and roadmap data. When employees change roles or leave the company, their ProductPlan access persists until manually removed, violating least-privilege principles. Additionally, the requirement that "Teams must exist before group mapping" means IT teams must coordinate manual setup work before automated group assignments can function, defeating much of the automation benefit.

View full guide
Roadmunk logo

Roadmunk

No SCIM

Product Management / Roadmapping

ProvisioningNot Supported
Manual Cost$11,754/yr

Roadmunk (now Tempo) does not offer native SCIM provisioning. While the product roadmap platform supports SAML 2.0 SSO with major identity providers including Okta, Azure AD, OneLogin, and PingID, user provisioning is only available through specific IdP connectors—namely Okta's OIN integration and OneLogin's marketplace connector. This creates a fragmented provisioning experience that excludes organizations using Azure AD, Google Workspace, or other identity providers. Even with supported IdPs, the provisioning functionality is limited to basic user lifecycle management without advanced features like group syncing or custom attribute mapping. The lack of comprehensive SCIM support becomes particularly problematic for organizations that need to manage access to roadmaps containing sensitive product information. While Roadmunk allows SAML-protected published roadmaps, IT teams still face manual user management tasks for most identity providers, creating security gaps and administrative overhead. Without automated deprovisioning, former employees may retain access to strategic roadmap data longer than necessary.

View full guide
6sense logo

6sense

No SCIM

B2B Revenue Intelligence / ABM

ProvisioningNot Supported
Manual Cost$11,754/yr

6sense, the B2B revenue intelligence platform, has paused SCIM provisioning for new customers until Q4 2026. While existing customers with SCIM enabled can continue using it, new implementations are limited to JIT (Just-In-Time) provisioning through SAML SSO. This creates a significant gap for IT teams managing revenue intelligence access, as JIT only creates users on first login and provides minimal attribute mapping (email, first name, last name only). For an enterprise platform with typical pricing of $55,000-$130,000 annually, the absence of automated user lifecycle management is a substantial limitation. The lack of SCIM until Q4 2026 forces IT teams into manual provisioning workflows for a platform handling sensitive revenue data. While SAML SSO handles authentication, it doesn't address user lifecycle events like role changes, department transfers, or offboarding. This creates compliance risks in revenue teams where access to prospect data and sales intelligence must be tightly controlled. The nearly two-year wait for SCIM restoration means organizations implementing 6sense today face manual user management for the foreseeable future.

View full guide