Summary and recommendation
AppDynamics does not offer native SCIM provisioning, despite being an enterprise-focused APM platform with pricing starting at $50/vCPU/month on the Enterprise tier. While AppDynamics supports SAML 2.0 SSO with major identity providers and offers Just-In-Time (JIT) provisioning, IT teams are limited to SAML group mappings for role assignment—meaning users must be manually created or rely on JIT creation during first login. For DevOps and SRE teams managing application performance monitoring across multiple environments, this creates a significant gap in automated user lifecycle management.
Interestingly, Okta's App Integration Network lists SCIM support for AppDynamics with features like schema discovery and group linking, but this appears to be through Okta's proprietary connector rather than a native AppDynamics SCIM endpoint. This inconsistency across identity providers creates operational complexity, particularly for organizations using Entra ID or Google Workspace, which must rely solely on JIT provisioning. For compliance-sensitive environments where user access to performance data and alerting systems requires precise control, the lack of standardized provisioning automation represents a security and operational risk.
The strategic alternative
AppDynamics has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | Okta integration supports SCIM provisioning with schema discovery and group linking. |
| Microsoft Entra ID | ✓ | ❌ | AppDynamics uses JIT provisioning with Entra - users created on first SSO login. No SCIM endpoint for Entra. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages AppDynamics accounts manually. Here's what that costs:
The AppDynamics pricing problem
AppDynamics gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Infrastructure | $6/vCPU/month | ||
| Premium | $33/vCPU/month | ||
| Enterprise | $50/vCPU/month |
Pricing structure
| Plan | Price | SCIM Support |
|---|---|---|
| Infrastructure | $6/vCPU/month | ❌ No native SCIM |
| Premium | $33/vCPU/month | ❌ No native SCIM |
| Enterprise | $50/vCPU/month | ❌ No native SCIM |
All pricing is annual, with custom enterprise quotes for large deployments
What this means in practice
For most organizations: You're limited to SAML JIT provisioning, which creates users only when they first log in. There's no way to pre-provision accounts, bulk import users, or automatically deactivate access when someone leaves the company.
For Okta customers: Okta's connector may provide some provisioning functionality, but this creates a dependency on Okta's proprietary integration rather than standard SCIM protocols. This won't work with other IdPs like Microsoft Entra ID or Google Workspace.
User management gaps
Additional constraints
Summary of challenges
- AppDynamics does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What AppDynamics actually offers for identity
SAML SSO with JIT Provisioning (Enterprise plans)
AppDynamics provides SAML 2.0 integration but no native SCIM provisioning:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, Entra ID, CyberArk, SecureAuth, generic SAML |
| JIT Provisioning | ✓ Yes |
| User Creation | Automatic on first SSO login |
| Role Assignment | Via SAML group mappings |
Critical gap: AppDynamics relies entirely on SAML group mappings for access control. You must configure specific group names in both your IdP and AppDynamics, then manually map them to roles within the platform.
Third-party Provisioning Status
Different IdPs offer varying levels of automation:
| IdP | SCIM Support | Provisioning Method |
|---|---|---|
| Okta | ✓ Yes | SCIM 2.0 via OIN connector |
| Entra ID | ❌ No | JIT only |
| Google Workspace | ❌ No | JIT only |
| OneLogin | ❌ No | JIT only |
The reality: Only Okta provides true SCIM provisioning through their Integration Network connector. All other major IdPs are limited to JIT provisioning with manual group configuration.
Why SAML group mapping isn't enough
For APM platforms serving DevOps and SRE teams, access control needs are complex:
SAML group mappings require manual coordination between IT and AppDynamics admins for every access change, creating bottlenecks for fast-moving development teams.
What IT admins are saying
AppDynamics's lack of native SCIM provisioning forces IT teams into manual workarounds for user management:
- No automated user provisioning - accounts must be created manually or through SAML JIT
- Complex SAML group mapping configuration required for role assignments
- User deprovisioning requires manual intervention in AppDynamics interface
- Inconsistent provisioning experience across different identity providers
SAML group name must be configured for role assignment
No SCIM for automated provisioning
The recurring theme
IT teams managing DevOps and SRE access are stuck with manual user lifecycle management in a platform where access controls around performance data and alerts are critical. When team members join or leave, administrators must remember to manually provision or deprovision AppDynamics access separately from their IdP workflows.
The decision
| Your Situation | Recommendation |
|---|---|
| Small DevOps team (<20 users) with Okta | Use Okta's SCIM integration if available |
| Large operations team (50+ users) | Use Stitchflow: automation essential for scale |
| Multi-team environment with complex permissions | Use Stitchflow: granular access control automation |
| Enterprise with compliance requirements | Use Stitchflow: audit trail and automated deprovisioning |
| Using Entra ID or other non-Okta IdPs | Use Stitchflow: only reliable automation option |
The bottom line
AppDynamics offers SCIM provisioning through Okta's integration, but leaves Entra ID and other IdP users relying on manual SAML group mappings. For enterprises managing complex APM access across development and operations teams, Stitchflow provides consistent automation regardless of your identity provider.
Make AppDynamics workflows AI-native
AppDynamics has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No native SCIM provisioning documented
- User management via SAML group mappings
- SAML group name must be configured for role assignment
- Manual user creation may be required
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
Okta integration supports SCIM provisioning with schema discovery and group linking.
Use Stitchflow for automated provisioning.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app
Where to enable
AppDynamics uses JIT provisioning with Entra - users created on first SSO login. No SCIM endpoint for Entra.
Use Stitchflow for automated provisioning.
Unlock SCIM for
AppDynamics
AppDynamics has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
