Apps without SCIM support

6sense, the B2B revenue intelligence platform, has paused SCIM provisioning for new customers until Q4 2026. While existing customers with SCIM enabled can continue using it, new implementations are limited to JIT (Just-In-Time) provisioning through SAML SSO. This creates a significant gap for IT teams managing revenue intelligence access, as JIT only creates users on first login and provides minimal attribute mapping (email, first name, last name only). For an enterprise platform with typical pricing of $55,000-$130,000 annually, the absence of automated user lifecycle management is a substantial limitation. The lack of SCIM until Q4 2026 forces IT teams into manual provisioning workflows for a platform handling sensitive revenue data. While SAML SSO handles authentication, it doesn't address user lifecycle events like role changes, department transfers, or offboarding. This creates compliance risks in revenue teams where access to prospect data and sales intelligence must be tightly controlled. The nearly two-year wait for SCIM restoration means organizations implementing 6sense today face manual user management for the foreseeable future.

ActiveCampaign, the marketing automation platform, does not offer native SCIM provisioning on any plan. While the Enterprise plan ($145+/month) includes SAML 2.0 SSO with just-in-time (JIT) provisioning, this only creates user accounts on first login—there's no automated deprovisioning when employees leave or change roles. New SSO users are automatically added to a generic "SSO Users" group with configurable permissions, but IT teams have no way to programmatically manage user lifecycles or enforce granular access controls based on department or role changes. This creates a significant gap for marketing teams that need to manage access to customer data and campaign tools. When employees leave the company or change departments, their ActiveCampaign access must be manually revoked, creating compliance risks and potential data exposure. The lack of automated deprovisioning means former employees could theoretically retain access to sensitive marketing data and customer information until someone manually removes them from the platform.

ADP Workforce Now does not support inbound SCIM provisioning as a target application. Instead, ADP functions as an HR source system that provisions users TO other applications through third-party bridges like Aquera. This creates a fundamental misunderstanding in the market—while ADP integrates with identity providers like Okta and Azure AD, it's typically pushing employee data OUT to provision accounts in downstream systems, not receiving provisioning requests from your IdP. ADP supports SAML 2.0 and OIDC for SSO authentication, but user accounts must still be manually created and managed within ADP's HR platform. This architectural reality creates significant operational overhead for IT teams. When new employees join or leave the company, their ADP records must be manually maintained by HR staff, while other applications can be automatically provisioned through your IdP. This breaks the unified identity lifecycle management that SCIM enables, forcing organizations to maintain split processes where some apps provision automatically while their core HR platform requires manual intervention.

Adyen offers SCIM 2.0 provisioning, but only through Okta's integration—there's no native SCIM endpoint. This creates a significant vendor lock-in scenario where your provisioning capabilities are entirely dependent on using Okta as your identity provider. Teams using Azure Entra, Google Workspace, or OneLogin are left with manual user management despite Adyen supporting SAML SSO with these platforms. The Okta integration itself requires maintaining a company account (not just a merchant account) and keeping at least one non-SSO admin for troubleshooting, adding operational complexity. For payment platforms handling sensitive financial data, this provisioning gap creates serious compliance risks. Your finance team, payment operations staff, and developers need timely access to process transactions and manage risk controls, but without automated provisioning, you're stuck with manual onboarding that can delay critical payment operations. The requirement to maintain non-SSO admin accounts also creates a security backdoor that compliance auditors will flag.

AfterShip, the e-commerce shipping and tracking platform, does not offer SCIM provisioning on any plan. While AfterShip provides SAML 2.0 SSO on their Enterprise plan with JIT (Just-In-Time) provisioning support, this only handles authentication—not comprehensive user lifecycle management. Users can be automatically created on first login, but there's no automated deprovisioning, group management, or attribute synchronization that IT teams need for proper access governance. This creates a significant operational gap for e-commerce teams managing multiple users across ops, customer support, and logistics functions. Without SCIM, IT administrators must manually create, update, and remove AfterShip accounts when employees join, change roles, or leave the company. Given that logistics platforms often have many users who need controlled access to sensitive shipping data and customer information, this manual process creates both security risks and administrative overhead that scales poorly as e-commerce operations grow.

Agiloft, the enterprise contract lifecycle management platform, does not support native SCIM provisioning on any plan. While Agiloft offers robust SAML 2.0 SSO integration with major identity providers, user provisioning is limited to Just-in-Time (JIT) provisioning only. This means users are automatically created when they first log in via SSO, but there's no automated deprovisioning when employees leave or change roles. For legal teams managing sensitive contract data where user roles determine contract visibility, this creates a significant security gap. The JIT-only approach means IT administrators must manually track and remove former employees from Agiloft to prevent unauthorized access to confidential contracts and legal documents. Given Agiloft's average implementation cost of $68,000/year and its position as a critical system for legal operations, the lack of automated user lifecycle management creates both compliance risks and administrative overhead that scales poorly as organizations grow.

Aha! Roadmaps, the product roadmapping platform, does not support SCIM provisioning on any plan. While Aha! offers SAML 2.0 SSO integration with identity providers like Okta, Entra ID, and OneLogin, this only handles authentication through JIT (Just-In-Time) provisioning. The critical limitation: JIT provisioning creates user accounts with no default role or access permissions, requiring administrators to manually configure access for each user after they first sign in. For product teams managing strategic roadmaps and stakeholder access, this creates significant operational overhead. Since product roadmaps contain sensitive strategic information and stakeholder access typically varies by product area, IT administrators must manually assign appropriate roles and workspace permissions after each user is provisioned. There's no automatic deprovisioning when users leave the organization, creating potential security gaps. This manual process becomes particularly problematic for larger product organizations where dozens of stakeholders across different business units need carefully managed access to specific roadmaps.

Ahrefs does not support SCIM provisioning on any plan. While the SEO analytics platform offers SAML 2.0 SSO integration with identity providers like Okta and Azure AD, this only handles authentication, not user lifecycle management. Even on Ahrefs' Enterprise plan ($1,249/month annual), users must be manually created in Ahrefs before SSO can work. The platform does offer Just-in-Time (JIT) provisioning, but this only creates accounts during first login—it doesn't handle deprovisioning when employees leave or role changes. For marketing teams managing SEO tools, this creates a significant security gap. When SEO analysts, content marketers, or agency contractors leave, their Ahrefs access remains active until manually removed. Given that Ahrefs contains sensitive competitive intelligence and keyword data worth thousands in monthly subscriptions, dormant accounts represent both a security risk and compliance issue. The manual overhead becomes particularly problematic for agencies managing multiple client workspaces or large marketing teams with frequent role changes.

Aircall, the cloud-based phone system for customer support and sales teams, does not offer native SCIM provisioning on any plan. While the platform does support SAML 2.0 SSO (available only through account manager request), user provisioning requires a third-party connector from Aquera that only works with Okta. This creates a problematic dependency on external vendors and limits IT teams to a single identity provider ecosystem, even on Aircall's Custom/Enterprise plan that starts at 25 users minimum with custom pricing. The reliance on third-party provisioning connectors introduces operational risk and vendor lock-in that most IT teams want to avoid. Organizations using Azure AD, Google Workspace, or OneLogin are left with no automated provisioning option, forcing manual user management for a platform that handles sensitive customer communications. This gap becomes particularly problematic for growing support teams where rapid onboarding and offboarding is critical for maintaining security and compliance standards.

Almanac, the documentation and workflow template platform, offers SCIM provisioning exclusively through their Enterprise plan with custom pricing. While they provide Okta integration with SAML SSO and SCIM support, there's no public documentation for SCIM capabilities, and you must contact their sales team directly to access enterprise features. This creates a black box situation where IT teams can't evaluate provisioning capabilities or understand limitations before committing to enterprise pricing discussions. The lack of transparent SCIM documentation is particularly problematic for documentation platforms like Almanac, where user access often spans multiple teams and departments. Without clear provisioning capabilities, IT teams face manual user management across what should be a centralized knowledge base, creating security gaps and administrative overhead that scales poorly as organizations grow.

Anecdotes, an enterprise GRC platform for compliance and risk management, does not offer documented SCIM provisioning capabilities on any plan. While the platform supports SSO authentication through SAML 2.0, OIDC, and SWA with providers like Okta and Auth0, there's no public documentation for automated user provisioning. Given Anecdotes' enterprise pricing model (typically $20k-150k+ annually for GRC software) and modular structure, authentication options appear limited to direct vendor consultation rather than self-service integration. This creates a significant operational burden for compliance teams managing access to sensitive GRC data. Without SCIM, IT administrators must manually provision and deprovision users in Anecdotes, creating potential security gaps and audit trail concerns—particularly problematic for a platform designed to manage compliance and risk. Manual user management in a GRC system means delayed access removal when employees leave, potentially exposing sensitive compliance data longer than necessary.

Red Hat Ansible Automation Platform (formerly Ansible Tower) does not support SCIM provisioning on any plan, despite enterprise subscription pricing ranging from $5,000 to $14,000 per year. Instead, Ansible relies on SAML attribute mapping or LDAP synchronization for user provisioning. While this approach can technically automate user creation through just-in-time (JIT) provisioning, it creates significant operational overhead—IT teams must carefully configure SAML attributes to map users to the correct teams and organizations within Ansible, and any changes to team structure or permissions require manual SAML configuration updates. For DevOps teams managing automation credentials and playbook access, this limitation creates a compliance risk. Without true SCIM provisioning, there's no standardized way to automatically provision users with appropriate permissions or deprovision them when they leave teams. The SAML attribute mapping workaround means user access depends on maintaining complex attribute configurations across your identity provider, making it difficult to ensure least-privilege access to critical automation infrastructure.

Apache Superset, the open-source business intelligence platform, provides no native SCIM provisioning capabilities. While Superset supports various authentication methods including OAuth2, OIDC, and LDAP, SAML SSO requires custom development through a CustomSsoSecurityManager class implementation. Even with SSO configured, user provisioning must be handled manually or through Superset's beta User API, which isn't enabled by default and requires additional configuration in superset_config.py. This creates a significant operational burden for IT teams managing data analysts, engineers, and business users who need access to dashboards and datasets. The lack of automated provisioning means manual account creation for every new hire, plus ongoing management of complex dashboard permissions and row-level security settings. For organizations running self-hosted Superset instances, this translates to custom development work just to achieve basic enterprise SSO integration, let alone automated user lifecycle management.

Appcues, the product adoption platform used by product managers and growth teams, explicitly does not support SCIM provisioning on any plan—not even Enterprise. While Appcues offers SAML 2.0 SSO integration starting at the Enterprise tier with just-in-time (JIT) provisioning, this only creates users during first login and provides no automated deprovisioning capabilities. For product teams where access needs change frequently as people move between projects or leave the company, this creates a significant security gap. The lack of SCIM means IT teams must manually manage user lifecycle for Appcues accounts, even though the platform handles sensitive product analytics and user flow data. When employees leave or change roles, their Appcues access remains active until manually revoked—a compliance risk that's particularly problematic given Appcues' role in tracking user behavior and product metrics. With MAU-based pricing starting at $300/month and scaling significantly with usage, paying for orphaned accounts also creates unnecessary cost bloat.

AppDynamics does not offer native SCIM provisioning, despite being an enterprise-focused APM platform with pricing starting at $50/vCPU/month on the Enterprise tier. While AppDynamics supports SAML 2.0 SSO with major identity providers and offers Just-In-Time (JIT) provisioning, IT teams are limited to SAML group mappings for role assignment—meaning users must be manually created or rely on JIT creation during first login. For DevOps and SRE teams managing application performance monitoring across multiple environments, this creates a significant gap in automated user lifecycle management. Interestingly, Okta's App Integration Network lists SCIM support for AppDynamics with features like schema discovery and group linking, but this appears to be through Okta's proprietary connector rather than a native AppDynamics SCIM endpoint. This inconsistency across identity providers creates operational complexity, particularly for organizations using Entra ID or Google Workspace, which must rely solely on JIT provisioning. For compliance-sensitive environments where user access to performance data and alerting systems requires precise control, the lack of standardized provisioning automation represents a security and operational risk.

Argo CD, the popular open-source GitOps continuous delivery tool, does not support SCIM provisioning at all. As an open-source project, Argo CD relies on SSO via the bundled Dex identity provider (supporting SAML, OIDC, and LDAP) for authentication, but user access management happens through manual ConfigMap edits. Platform teams must maintain RBAC policies in the argocd-rbac-cm ConfigMap, mapping IdP groups to Argo CD roles, while group information only refreshes at authentication time—not when group membership changes in your identity provider. This creates significant operational overhead for platform teams managing Kubernetes deployments. When developers join or leave teams, or when project access needs change, administrators must manually update ConfigMaps and restart Argo CD components to reflect new permissions. For organizations with frequent team changes or complex namespace-based access patterns, this manual process becomes a bottleneck that contradicts the automation principles GitOps is meant to deliver. Even Akuity's enterprise managed service doesn't add SCIM support—it only provides hosting and support for the same underlying architecture.

Around, the video conferencing platform, was discontinued on March 31, 2025, following its acquisition by Miro in June 2022. The product never supported SCIM provisioning or enterprise SSO integrations during its operational period, leaving IT teams to manage user accounts manually. Around's features have been integrated into Miro Video Calls, which offers robust enterprise identity management capabilities including SAML SSO and SCIM provisioning. For organizations that relied on Around, the discontinuation creates an immediate need to migrate to alternative video conferencing solutions. Popular enterprise alternatives include Zoom, Microsoft Teams, Google Meet, and Whereby, all of which offer varying levels of SCIM support and SSO integration. Miro Video Calls represents the direct successor, incorporating Around's unique spatial video features while adding enterprise-grade identity management that Around lacked.

Atera, the RMM platform used by MSPs and IT departments, does not offer SCIM provisioning on any plan. While Atera provides SAML 2.0 SSO integration starting on Enterprise/Superpower tiers ($219-$269/month per technician), this only handles authentication for existing users. The Azure AD integration documented by Atera syncs customer contacts one-way from Azure AD to Atera, but explicitly does not provision technician user accounts. For MSPs managing multiple client environments and IT teams with fluctuating staffing needs, this means every technician must be manually provisioned and deprovisioned in Atera. This creates a significant operational burden for organizations where technician access is cost-sensitive—Atera's per-technician pricing model means every unnecessary active account directly impacts monthly costs. Without automated provisioning, departing technicians may remain active in Atera longer than necessary, and new hires face delays getting access to critical RMM tools. For MSPs handling multiple client environments, manual user management becomes even more complex as technician permissions must be configured individually across different customer portals.

Autotask PSA (now part of the Datto/Kaseya portfolio) does not offer native SCIM provisioning capabilities. While SCIM-like functionality is available through Okta's integration in the Okta Integration Network, this creates a vendor lock-in scenario where your provisioning workflow is entirely dependent on Okta. For MSPs using other identity providers like Entra ID or Google Workspace, there's no automated provisioning option—despite Autotask supporting SAML 2.0 and OIDC SSO across these platforms. Given that Autotask starts at $50/user/month with additional module costs, the lack of universal SCIM support is a significant gap. This limitation is particularly problematic for MSPs where technicians, project managers, and billing staff need different role-based access to client financial data within the PSA. Manual user provisioning creates compliance risks when technicians should only access specific client accounts, while SSO alone doesn't handle the complex role assignments that MSP workflows require. The Okta-only provisioning approach forces organizations to either accept manual processes or commit to a single identity provider ecosystem.

Axure RP, the wireframing and prototyping platform used by UX teams worldwide, does not support SCIM provisioning on any plan. While Axure offers SAML 2.0 SSO for authentication on Business and Enterprise plans, this only handles login verification—not user lifecycle management. Teams must still manually create user accounts, assign project permissions, and manage access to shared prototypes. For organizations with distributed design teams or frequent contractor onboarding, this creates a significant administrative burden. The gap becomes particularly problematic for design-driven organizations where prototype access needs to be tightly controlled. Without automated provisioning, IT teams face a choice between manual user management (slowing down design workflows) or over-provisioning access (creating security risks around sensitive product designs). LDAP and Active Directory integration is limited to on-premises Axure Cloud deployments only, leaving cloud customers without directory-based provisioning options.

Balsamiq Cloud, the wireframing and UX design platform, does not support SCIM provisioning on any plan. While Balsamiq offers SAML 2.0 SSO integration (available on Enterprise plans at $599/month) with identity providers like Okta and Azure AD, this only handles authentication through Just-in-Time (JIT) provisioning. When SSO is enabled, all authenticated users automatically become Staff Members within the Space, creating a significant access control limitation. Manual user management and deprovisioning remain required, and there's no way to programmatically control project-level permissions or Space access. This creates substantial operational overhead for design teams, particularly those working across multiple projects with varying stakeholder access requirements. IT administrators must manually remove users from Spaces when they leave the organization or change roles, creating compliance gaps and potential security exposure to sensitive design assets and project information.

BambooHR does not support inbound SCIM provisioning on any plan. While BambooHR integrates with identity providers like Okta and Entra ID, it functions as the HR source of truth that provisions users TO other systems, not the other way around. This means your IdP cannot automatically create, update, or deactivate user accounts in BambooHR based on HR events or group membership changes. BambooHR offers SAML 2.0 SSO with JIT provisioning, but this only handles authentication for users who already exist in the system. This creates a significant operational gap for IT teams managing employee lifecycle automation. While BambooHR can push employee data to your IdP when HR makes changes, there's no way to automate the reverse flow - provisioning new users into BambooHR itself still requires manual account creation or CSV imports. For organizations where BambooHR isn't the primary HR system of record, this means maintaining dual data entry processes and accepting the compliance risks that come with manual provisioning workflows.

Bandwidth, the Communications Platform as a Service (CPaaS) provider, does not offer SCIM provisioning on any plan. While Bandwidth supports SAML 2.0 SSO integration for dashboard access with identity providers like Okta, Azure AD, and OneLogin, this only handles authentication for the Bandwidth App dashboard—not automated user lifecycle management or API access controls. The platform's usage-based pricing model (starting at $0.0055/min for inbound calls) focuses on API consumption rather than seat-based user management, leaving IT teams without automated provisioning capabilities. This creates a significant operational gap for organizations using Bandwidth's APIs in production environments. IT administrators must manually manage dashboard access for developers, operations teams, and other users who need to monitor call analytics, configure webhooks, or manage API credentials. Without SCIM, there's no automated way to provision or deprovision users when team members join, change roles, or leave the organization—creating both security risks and compliance challenges for companies that rely on Bandwidth for critical communications infrastructure.

Baremetrics, the subscription analytics platform for SaaS companies, provides no SCIM provisioning or SSO capabilities on any plan. This specialized financial analytics tool requires completely manual user management, with IT teams needing to create, update, and deactivate user accounts individually through the web interface. For a platform that handles sensitive financial data like MRR, churn rates, and customer lifetime value, this creates significant access control challenges. The lack of identity integration means IT teams have no automated way to enforce access policies or maintain audit trails for who can view critical business metrics. When employees join, leave, or change roles, administrators must manually track and update Baremetrics access—creating compliance gaps and potential data exposure risks. Given that Baremetrics users typically include founders, finance teams, and executives with access to highly sensitive revenue data, this manual approach becomes particularly problematic for growing companies with SOC 2 or other compliance requirements.