Summary and recommendation
Amplitude supports SCIM provisioning, but only on Growth plans (starting around $36K/year) or Enterprise plans with custom pricing. While Amplitude's SCIM implementation covers the core functionality—creating, updating, and deactivating users—it requires SCIM to be specifically enabled for your organization, and regenerating the SCIM key immediately invalidates existing integrations without warning.
For product teams on Plus plans ($49/month), upgrading to Growth just to unlock SCIM means jumping from under $600/year to $36,000+/year—a 60x increase. That's often more than the entire analytics budget for smaller product teams. The gap becomes particularly problematic for cross-functional product teams where analysts, PMs, and engineers need varying levels of access to user behavior data, but manual provisioning creates security risks around sensitive analytics permissions.
The strategic alternative
Amplitude gates SCIM behind Growth or Enterprise. Skip the Growth or Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Amplitude accounts manually. Here's what that costs:
The Amplitude pricing problem
Amplitude gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Starter | Free | ||
| Plus | $49/month | ||
| Growth | ~$36,000/year | ||
| Enterprise | Custom |
Plan Structure
| Plan | Price | SCIM |
|---|---|---|
| Starter | Free | ❌ |
| Plus | $49/month | ❌ |
| Growth | ~$36,000/year | ✓ (if enabled) |
| Enterprise | Custom | ✓ (if enabled) |
Note: SCIM availability depends on organizational enablement and may require contacting Amplitude sales even on qualifying plans.
What this means in practice
For teams currently on Plus looking to add SCIM automation:
| Current Spend | Growth Upgrade Cost | Annual Increase |
|---|---|---|
| $588/year (Plus) | $36,000/year | +$35,412/year |
| Multiple orgs on Plus | Each needs Growth | 6,000%+ cost increase |
This represents one of the steepest SCIM upgrade premiums in the product analytics space - teams pay over 60x more to unlock basic user provisioning automation.
Additional constraints
Summary of challenges
- Amplitude supports SCIM but only at Enterprise tier (Custom (Enterprise))
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Amplitude doesn't sell SCIM standalone. It's bundled with Growth or Enterprise plan features (though availability depends on organizational enablement):
Stitchflow Insight
The Growth plan starts around $36K/year for 300K+ monthly tracked users. If you need advanced analytics capabilities anyway, the upgrade provides value. But if you just want automated user provisioning for basic product analytics, you're paying for sophisticated data science tools your team may never use. We estimate ~80% of Growth/Enterprise features are overkill for teams that only need SCIM to manage analyst and PM access.
What IT admins are saying
Community sentiment on Amplitude's SCIM implementation reveals frustration with access barriers and key management issues. Common complaints:
- SCIM availability depends on organization-level enablement that isn't always accessible
- Regenerating SCIM keys immediately breaks existing integrations without warning
- Having to contact sales teams just to enable SCIM functionality
- Growth plan pricing barriers that force expensive upgrades for basic provisioning
SCIM key changes apply immediately even before saving other changes - caught us off guard during a routine key rotation.
Had to go through sales just to get SCIM enabled on our Growth plan. Should be a standard admin feature.
The recurring theme
Amplitude gates essential provisioning features behind sales conversations and unpredictable enablement processes, making what should be straightforward identity management unnecessarily complex.
The decision
| Your Situation | Recommendation |
|---|---|
| On Plus or lower, need SCIM | Use Stitchflow: avoid the $36K+/year Growth tier jump |
| On Growth but SCIM not enabled | Use Stitchflow: bypass the sales process and enablement delays |
| Already on Growth/Enterprise with SCIM enabled | Use native SCIM: you're paying for it |
| Need Growth analytics features beyond SCIM | Evaluate Growth upgrade: SCIM may come bundled |
| Small analytics team, infrequent user changes | Manual may work: but watch for data access gaps |
The bottom line
Amplitude's SCIM requires Growth tier pricing (starting around $36K/year) plus organizational enablement, creating a significant cost barrier for teams that just need provisioning automation. For product teams on Plus who want secure analytics access without the tier jump, Stitchflow delivers SCIM functionality at a fraction of the cost.
Make Amplitude workflows AI-native
Amplitude gates SCIM behind Growth or Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- SCIM must be enabled for your organization
- Regenerating SCIM key immediately invalidates old key
- SCIM key changes apply immediately even before saving other changes
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
OIN app available. Supports: Import Users/Groups, Create New Users (sends invitation email), Update User Attributes, Deactivate Users, Push Groups. Authenticate with API Token (SCIM key from Amplitude). Regenerating SCIM key immediately invalidates old key.
Amplitude gates SCIM behind Growth or Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Microsoft Entra ID tutorial available for Amplitude SSO and provisioning. SCIM API follows SCIM 2.0 standard.
Amplitude gates SCIM behind Growth or Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Amplitude
Amplitude gates SCIM behind Growth or Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
