Summary and recommendation
Airbyte supports SCIM provisioning, but only on Enterprise plans with custom pricing. While their Cloud plan starts at $10/month plus usage credits, SCIM access requires jumping to Enterprise—a significant cost leap that puts automated provisioning out of reach for most data teams. This creates a problematic gap where data engineers get SSO access through OIDC, but IT teams must manually provision and deprovision accounts in a platform that handles sensitive data source connections.
The stakes are particularly high with data integration platforms. Data engineers need timely access to build and maintain pipelines, but manual provisioning delays create bottlenecks. More critically, when engineers leave or change roles, manual deprovisioning risks leaving active accounts with access to production databases, APIs, and other sensitive data sources—a compliance and security nightmare.
The strategic alternative
Airbyte gates SCIM behind Enterprise or Cloud Team/Enterprise. Skip the Enterprise or Cloud Team/Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | OIDC (OpenID Connect) |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Airbyte accounts manually. Here's what that costs:
The Airbyte pricing problem
Airbyte gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Cloud | $10/mo + usage credits | ||
| Plus | Annual (contact sales) | ||
| Teams | Capacity-based (contact sales) | ||
| Enterprise | Custom pricing |
Note: Enterprise is the only tier that includes both SSO and SCIM provisioning. SSO uses OpenID Connect (OIDC) protocol exclusively - no SAML support.
What this means in practice
The Enterprise requirement forces organizations into custom pricing negotiations even for basic provisioning capabilities. This creates several cost scenarios:
For growing data teams: Moving from Cloud ($10/mo + credits) to Enterprise typically represents a 10-20x cost increase, as Enterprise pricing starts in the thousands per month range.
For self-hosted deployments: Enterprise is required for any SSO/SCIM functionality, making it impossible to use identity management with Airbyte's open-source version alone.
Usage-based uncertainty: The new credit system ($2.50/credit, with API sources at $15/million rows and database sources at $10/GB) makes it difficult to predict total Enterprise costs for provisioning-enabled deployments.
Additional constraints
Summary of challenges
- Airbyte supports SCIM but only at Enterprise tier (Custom)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Airbyte doesn't sell SCIM à la carte. It's bundled with Enterprise features that most data teams don't need:
Stitchflow Insight
The pricing jump is significant—from $10/month + usage credits on Cloud to custom Enterprise pricing that typically starts in the tens of thousands annually. If you're running standard data pipelines and just need user provisioning, you're paying for enterprise infrastructure features you'll never use. We estimate ~80% of Enterprise features are overkill for teams that simply want automated user management for their data integration workflows.
What IT admins are saying
Community sentiment on Airbyte's SCIM limitations centers around unnecessary complexity and enterprise gatekeeping. Common complaints:
- Enterprise pricing required just to get basic identity automation
- OIDC-only authentication limits integration flexibility
- Self-hosted deployments still waiting for promised SSO features
- Data pipeline access controls feel half-baked compared to competitors
Why do I need Enterprise just for SSO? We're a small data team that doesn't need all the other enterprise features.
OIDC-only is limiting when our org standardized on SAML everywhere else. Now Airbyte is the exception.
The recurring theme
Basic identity features are locked behind enterprise tiers, forcing data teams to overpay for provisioning automation or manage user access manually in a tool that handles sensitive data connections.
The decision
| Your Situation | Recommendation |
|---|---|
| On Cloud or Plus, need SCIM | Use Stitchflow: avoid the Enterprise tier jump and custom pricing |
| Already on Enterprise plan | Use native SCIM: you're paying for it |
| Need Enterprise features beyond SCIM | Evaluate Enterprise: SCIM comes bundled with self-hosted options |
| Small data team, low employee churn | Manual may be tolerable: but monitor for data access gaps |
| OIDC-only SSO is a dealbreaker | Consider alternatives or Stitchflow: native only supports OIDC |
The bottom line
Airbyte's Enterprise requirement for SCIM means most data teams face custom pricing to automate user provisioning—a significant jump from their $10/month Cloud plan. For teams that need SCIM without the Enterprise tier complexity, Stitchflow delivers managed automation at predictable flat pricing.
Make Airbyte workflows AI-native
Airbyte gates SCIM behind Enterprise or Cloud Team/Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- Enterprise plan required
- SSO via OIDC (not SAML)
- Self-hosted SSO was roadmap item
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
SSO via OpenID Connect (OIDC). Configure as Enterprise Application in Azure Portal. Requires Company Identifier from Airbyte. Admin consent may be required. Can't claim domain if already used by another org.
Airbyte gates SCIM behind Enterprise or Cloud Team/Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Airbyte
Airbyte gates SCIM behind Enterprise or Cloud Team/Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
