Apps without SCIM support

6sense, the B2B revenue intelligence platform, has paused SCIM provisioning for new customers until Q4 2026. While existing customers with SCIM enabled can continue using it, new implementations are limited to JIT (Just-In-Time) provisioning through SAML SSO. This creates a significant gap for IT teams managing revenue intelligence access, as JIT only creates users on first login and provides minimal attribute mapping (email, first name, last name only). For an enterprise platform with typical pricing of $55,000-$130,000 annually, the absence of automated user lifecycle management is a substantial limitation. The lack of SCIM until Q4 2026 forces IT teams into manual provisioning workflows for a platform handling sensitive revenue data. While SAML SSO handles authentication, it doesn't address user lifecycle events like role changes, department transfers, or offboarding. This creates compliance risks in revenue teams where access to prospect data and sales intelligence must be tightly controlled. The nearly two-year wait for SCIM restoration means organizations implementing 6sense today face manual user management for the foreseeable future.

Abnormal Security, the AI-powered email security platform protecting against BEC and phishing attacks, does not offer SCIM provisioning on any plan. While the platform supports SAML 2.0 SSO integration with identity providers like Okta and Entra ID, this only handles authentication—not automated user lifecycle management. Security teams must manually provision and deprovision analyst access through Abnormal's portal, creating operational overhead and potential security gaps in a platform specifically designed to protect against email-based threats. This manual provisioning model creates significant challenges for security operations. When new SOC analysts join or existing team members change roles, IT admins must coordinate manual account creation and permission updates in Abnormal Security. For a platform that's critical to threat detection and incident response, delays in provisioning can leave security gaps, while delayed deprovisioning creates compliance risks. The irony is stark: a security platform designed to prevent account takeover and credential abuse lacks the automated provisioning controls that prevent exactly these risks.

ActiveCampaign, the marketing automation platform, does not offer native SCIM provisioning on any plan. While the Enterprise plan ($145+/month) includes SAML 2.0 SSO with just-in-time (JIT) provisioning, this only creates user accounts on first login—there's no automated deprovisioning when employees leave or change roles. New SSO users are automatically added to a generic "SSO Users" group with configurable permissions, but IT teams have no way to programmatically manage user lifecycles or enforce granular access controls based on department or role changes. This creates a significant gap for marketing teams that need to manage access to customer data and campaign tools. When employees leave the company or change departments, their ActiveCampaign access must be manually revoked, creating compliance risks and potential data exposure. The lack of automated deprovisioning means former employees could theoretically retain access to sensitive marketing data and customer information until someone manually removes them from the platform.

ADP Workforce Now does not support inbound SCIM provisioning as a target application. Instead, ADP functions as an HR source system that provisions users TO other applications through third-party bridges like Aquera. This creates a fundamental misunderstanding in the market—while ADP integrates with identity providers like Okta and Azure AD, it's typically pushing employee data OUT to provision accounts in downstream systems, not receiving provisioning requests from your IdP. ADP supports SAML 2.0 and OIDC for SSO authentication, but user accounts must still be manually created and managed within ADP's HR platform. This architectural reality creates significant operational overhead for IT teams. When new employees join or leave the company, their ADP records must be manually maintained by HR staff, while other applications can be automatically provisioned through your IdP. This breaks the unified identity lifecycle management that SCIM enables, forcing organizations to maintain split processes where some apps provision automatically while their core HR platform requires manual intervention.

Adyen offers SCIM 2.0 provisioning, but only through Okta's integration—there's no native SCIM endpoint. This creates a significant vendor lock-in scenario where your provisioning capabilities are entirely dependent on using Okta as your identity provider. Teams using Azure Entra, Google Workspace, or OneLogin are left with manual user management despite Adyen supporting SAML SSO with these platforms. The Okta integration itself requires maintaining a company account (not just a merchant account) and keeping at least one non-SSO admin for troubleshooting, adding operational complexity. For payment platforms handling sensitive financial data, this provisioning gap creates serious compliance risks. Your finance team, payment operations staff, and developers need timely access to process transactions and manage risk controls, but without automated provisioning, you're stuck with manual onboarding that can delay critical payment operations. The requirement to maintain non-SSO admin accounts also creates a security backdoor that compliance auditors will flag.

AfterShip, the e-commerce shipping and tracking platform, does not offer SCIM provisioning on any plan. While AfterShip provides SAML 2.0 SSO on their Enterprise plan with JIT (Just-In-Time) provisioning support, this only handles authentication—not comprehensive user lifecycle management. Users can be automatically created on first login, but there's no automated deprovisioning, group management, or attribute synchronization that IT teams need for proper access governance. This creates a significant operational gap for e-commerce teams managing multiple users across ops, customer support, and logistics functions. Without SCIM, IT administrators must manually create, update, and remove AfterShip accounts when employees join, change roles, or leave the company. Given that logistics platforms often have many users who need controlled access to sensitive shipping data and customer information, this manual process creates both security risks and administrative overhead that scales poorly as e-commerce operations grow.

Agiloft, the enterprise contract lifecycle management platform, does not support native SCIM provisioning on any plan. While Agiloft offers robust SAML 2.0 SSO integration with major identity providers, user provisioning is limited to Just-in-Time (JIT) provisioning only. This means users are automatically created when they first log in via SSO, but there's no automated deprovisioning when employees leave or change roles. For legal teams managing sensitive contract data where user roles determine contract visibility, this creates a significant security gap. The JIT-only approach means IT administrators must manually track and remove former employees from Agiloft to prevent unauthorized access to confidential contracts and legal documents. Given Agiloft's average implementation cost of $68,000/year and its position as a critical system for legal operations, the lack of automated user lifecycle management creates both compliance risks and administrative overhead that scales poorly as organizations grow.

Aha! Roadmaps, the product roadmapping platform, does not support SCIM provisioning on any plan. While Aha! offers SAML 2.0 SSO integration with identity providers like Okta, Entra ID, and OneLogin, this only handles authentication through JIT (Just-In-Time) provisioning. The critical limitation: JIT provisioning creates user accounts with no default role or access permissions, requiring administrators to manually configure access for each user after they first sign in. For product teams managing strategic roadmaps and stakeholder access, this creates significant operational overhead. Since product roadmaps contain sensitive strategic information and stakeholder access typically varies by product area, IT administrators must manually assign appropriate roles and workspace permissions after each user is provisioned. There's no automatic deprovisioning when users leave the organization, creating potential security gaps. This manual process becomes particularly problematic for larger product organizations where dozens of stakeholders across different business units need carefully managed access to specific roadmaps.

Ahrefs does not support SCIM provisioning on any plan. While the SEO analytics platform offers SAML 2.0 SSO integration with identity providers like Okta and Azure AD, this only handles authentication, not user lifecycle management. Even on Ahrefs' Enterprise plan ($1,249/month annual), users must be manually created in Ahrefs before SSO can work. The platform does offer Just-in-Time (JIT) provisioning, but this only creates accounts during first login—it doesn't handle deprovisioning when employees leave or role changes. For marketing teams managing SEO tools, this creates a significant security gap. When SEO analysts, content marketers, or agency contractors leave, their Ahrefs access remains active until manually removed. Given that Ahrefs contains sensitive competitive intelligence and keyword data worth thousands in monthly subscriptions, dormant accounts represent both a security risk and compliance issue. The manual overhead becomes particularly problematic for agencies managing multiple client workspaces or large marketing teams with frequent role changes.

Aircall, the cloud-based phone system for customer support and sales teams, does not offer native SCIM provisioning on any plan. While the platform does support SAML 2.0 SSO (available only through account manager request), user provisioning requires a third-party connector from Aquera that only works with Okta. This creates a problematic dependency on external vendors and limits IT teams to a single identity provider ecosystem, even on Aircall's Custom/Enterprise plan that starts at 25 users minimum with custom pricing. The reliance on third-party provisioning connectors introduces operational risk and vendor lock-in that most IT teams want to avoid. Organizations using Azure AD, Google Workspace, or OneLogin are left with no automated provisioning option, forcing manual user management for a platform that handles sensitive customer communications. This gap becomes particularly problematic for growing support teams where rapid onboarding and offboarding is critical for maintaining security and compliance standards.

Airwallex, the global payments and treasury platform, offers no SCIM provisioning support on any plan, including their custom Accelerate enterprise tier. Despite being positioned for enterprise use with features like multi-entity management and advanced treasury controls, Airwallex lacks any official identity provider integrations—no SSO, no provisioning, and no presence in major IdP galleries like Okta's OIN or Microsoft Entra. This creates a significant operational burden for IT teams managing financial access across growing organizations, where manual user provisioning and deprovisioning in a payments platform presents both efficiency and security risks. The absence of identity management capabilities means IT administrators must manually create, update, and remove user accounts in Airwallex—a particularly concerning gap given that this platform handles sensitive financial operations, cross-border payments, and treasury management. Without automated deprovisioning, former employees could retain access to financial systems, creating compliance risks and potential security vulnerabilities that most finance and IT teams cannot afford to overlook.

Alkami, the digital banking platform used by banks and credit unions, does not offer SCIM provisioning or public SSO integrations. As an enterprise-only platform with custom pricing, Alkami appears to handle user management through direct account administration rather than standardized identity protocols. This creates significant challenges for financial institutions that need to integrate Alkami with their existing identity infrastructure—particularly problematic given the compliance requirements and security standards that banks must maintain. The lack of automated provisioning means IT teams at financial institutions must manually create, update, and deprovision user accounts in Alkami. For a platform handling sensitive financial data and customer information, this manual approach introduces compliance risks and operational overhead. Banks typically require seamless integration between their core identity systems and all applications accessing customer data.

Almanac, the documentation and workflow template platform, offers SCIM provisioning exclusively through their Enterprise plan with custom pricing. While they provide Okta integration with SAML SSO and SCIM support, there's no public documentation for SCIM capabilities, and you must contact their sales team directly to access enterprise features. This creates a black box situation where IT teams can't evaluate provisioning capabilities or understand limitations before committing to enterprise pricing discussions. The lack of transparent SCIM documentation is particularly problematic for documentation platforms like Almanac, where user access often spans multiple teams and departments. Without clear provisioning capabilities, IT teams face manual user management across what should be a centralized knowledge base, creating security gaps and administrative overhead that scales poorly as organizations grow.

AmazingHiring, the recruiting platform priced from $4,800 per user annually, provides no SCIM provisioning support whatsoever. The platform lacks native SCIM capabilities, has no Okta Integration Network listing, and is absent from the Microsoft Entra ID gallery. This forces IT teams into purely manual user management through AmazingHiring's admin console—a significant operational burden given the platform's high per-seat pricing model where a five-person recruiting team costs $24,000 annually. This manual provisioning approach creates substantial compliance and security risks for organizations using AmazingHiring for sensitive recruiting operations. When recruiters leave or change roles, IT teams must remember to manually deprovision access to candidate data and recruiting workflows. The lack of automated lifecycle management means orphaned accounts can persist indefinitely, creating data exposure risks and compliance violations—particularly problematic given that recruiting platforms handle sensitive personal information covered by privacy regulations.

Anecdotes, an enterprise GRC platform for compliance and risk management, does not offer documented SCIM provisioning capabilities on any plan. While the platform supports SSO authentication through SAML 2.0, OIDC, and SWA with providers like Okta and Auth0, there's no public documentation for automated user provisioning. Given Anecdotes' enterprise pricing model (typically $20k-150k+ annually for GRC software) and modular structure, authentication options appear limited to direct vendor consultation rather than self-service integration. This creates a significant operational burden for compliance teams managing access to sensitive GRC data. Without SCIM, IT administrators must manually provision and deprovision users in Anecdotes, creating potential security gaps and audit trail concerns—particularly problematic for a platform designed to manage compliance and risk. Manual user management in a GRC system means delayed access removal when employees leave, potentially exposing sensitive compliance data longer than necessary.

Red Hat Ansible Automation Platform (formerly Ansible Tower) does not support SCIM provisioning on any plan, despite enterprise subscription pricing ranging from $5,000 to $14,000 per year. Instead, Ansible relies on SAML attribute mapping or LDAP synchronization for user provisioning. While this approach can technically automate user creation through just-in-time (JIT) provisioning, it creates significant operational overhead—IT teams must carefully configure SAML attributes to map users to the correct teams and organizations within Ansible, and any changes to team structure or permissions require manual SAML configuration updates. For DevOps teams managing automation credentials and playbook access, this limitation creates a compliance risk. Without true SCIM provisioning, there's no standardized way to automatically provision users with appropriate permissions or deprovision them when they leave teams. The SAML attribute mapping workaround means user access depends on maintaining complex attribute configurations across your identity provider, making it difficult to ensure least-privilege access to critical automation infrastructure.

Apache Superset, the open-source business intelligence platform, provides no native SCIM provisioning capabilities. While Superset supports various authentication methods including OAuth2, OIDC, and LDAP, SAML SSO requires custom development through a CustomSsoSecurityManager class implementation. Even with SSO configured, user provisioning must be handled manually or through Superset's beta User API, which isn't enabled by default and requires additional configuration in superset_config.py. This creates a significant operational burden for IT teams managing data analysts, engineers, and business users who need access to dashboards and datasets. The lack of automated provisioning means manual account creation for every new hire, plus ongoing management of complex dashboard permissions and row-level security settings. For organizations running self-hosted Superset instances, this translates to custom development work just to achieve basic enterprise SSO integration, let alone automated user lifecycle management.

Appcues, the product adoption platform used by product managers and growth teams, explicitly does not support SCIM provisioning on any plan—not even Enterprise. While Appcues offers SAML 2.0 SSO integration starting at the Enterprise tier with just-in-time (JIT) provisioning, this only creates users during first login and provides no automated deprovisioning capabilities. For product teams where access needs change frequently as people move between projects or leave the company, this creates a significant security gap. The lack of SCIM means IT teams must manually manage user lifecycle for Appcues accounts, even though the platform handles sensitive product analytics and user flow data. When employees leave or change roles, their Appcues access remains active until manually revoked—a compliance risk that's particularly problematic given Appcues' role in tracking user behavior and product metrics. With MAU-based pricing starting at $300/month and scaling significantly with usage, paying for orphaned accounts also creates unnecessary cost bloat.

AppDynamics does not offer native SCIM provisioning, despite being an enterprise-focused APM platform with pricing starting at $50/vCPU/month on the Enterprise tier. While AppDynamics supports SAML 2.0 SSO with major identity providers and offers Just-In-Time (JIT) provisioning, IT teams are limited to SAML group mappings for role assignment—meaning users must be manually created or rely on JIT creation during first login. For DevOps and SRE teams managing application performance monitoring across multiple environments, this creates a significant gap in automated user lifecycle management. Interestingly, Okta's App Integration Network lists SCIM support for AppDynamics with features like schema discovery and group linking, but this appears to be through Okta's proprietary connector rather than a native AppDynamics SCIM endpoint. This inconsistency across identity providers creates operational complexity, particularly for organizations using Entra ID or Google Workspace, which must rely solely on JIT provisioning. For compliance-sensitive environments where user access to performance data and alerting systems requires precise control, the lack of standardized provisioning automation represents a security and operational risk.

Arctic Wolf, the managed security service provider, does not offer SCIM provisioning on any plan. As a managed security service, Arctic Wolf controls user access management internally rather than exposing standard provisioning APIs. While Arctic Wolf supports SAML SSO integration with identity providers like Okta and Entra ID for authentication, this leaves a critical gap in user lifecycle management. IT teams cannot automatically provision, deprovision, or update user accounts through their IdP - all user management must be handled manually through Arctic Wolf's interface or via support requests. This creates significant operational overhead for IT teams managing Arctic Wolf access. Without automated provisioning, onboarding new security analysts requires manual coordination with Arctic Wolf support. More critically, offboarding departing employees becomes a compliance risk - there's no automated way to ensure Arctic Wolf access is immediately revoked when someone leaves the organization. For a security platform that often has access to sensitive threat intelligence and security infrastructure, manual user management introduces unnecessary risk exposure.

Argo CD, the popular open-source GitOps continuous delivery tool, does not support SCIM provisioning at all. As an open-source project, Argo CD relies on SSO via the bundled Dex identity provider (supporting SAML, OIDC, and LDAP) for authentication, but user access management happens through manual ConfigMap edits. Platform teams must maintain RBAC policies in the argocd-rbac-cm ConfigMap, mapping IdP groups to Argo CD roles, while group information only refreshes at authentication time—not when group membership changes in your identity provider. This creates significant operational overhead for platform teams managing Kubernetes deployments. When developers join or leave teams, or when project access needs change, administrators must manually update ConfigMaps and restart Argo CD components to reflect new permissions. For organizations with frequent team changes or complex namespace-based access patterns, this manual process becomes a bottleneck that contradicts the automation principles GitOps is meant to deliver. Even Akuity's enterprise managed service doesn't add SCIM support—it only provides hosting and support for the same underlying architecture.

Around, the video conferencing platform, was discontinued on March 31, 2025, following its acquisition by Miro in June 2022. The product never supported SCIM provisioning or enterprise SSO integrations during its operational period, leaving IT teams to manage user accounts manually. Around's features have been integrated into Miro Video Calls, which offers robust enterprise identity management capabilities including SAML SSO and SCIM provisioning. For organizations that relied on Around, the discontinuation creates an immediate need to migrate to alternative video conferencing solutions. Popular enterprise alternatives include Zoom, Microsoft Teams, Google Meet, and Whereby, all of which offer varying levels of SCIM support and SSO integration. Miro Video Calls represents the direct successor, incorporating Around's unique spatial video features while adding enterprise-grade identity management that Around lacked.

Atera, the RMM platform used by MSPs and IT departments, does not offer SCIM provisioning on any plan. While Atera provides SAML 2.0 SSO integration starting on Enterprise/Superpower tiers ($219-$269/month per technician), this only handles authentication for existing users. The Azure AD integration documented by Atera syncs customer contacts one-way from Azure AD to Atera, but explicitly does not provision technician user accounts. For MSPs managing multiple client environments and IT teams with fluctuating staffing needs, this means every technician must be manually provisioned and deprovisioned in Atera. This creates a significant operational burden for organizations where technician access is cost-sensitive—Atera's per-technician pricing model means every unnecessary active account directly impacts monthly costs. Without automated provisioning, departing technicians may remain active in Atera longer than necessary, and new hires face delays getting access to critical RMM tools. For MSPs handling multiple client environments, manual user management becomes even more complex as technician permissions must be configured individually across different customer portals.

athenaOne, the cloud-based EHR platform used by healthcare organizations, does not support SCIM provisioning on any plan. While athenaOne offers SSO integration through federated identity with major providers like Okta and Entra ID, this only handles authentication, not user lifecycle management. Healthcare IT teams must manually create, modify, and deactivate user accounts within athenaOne's role-based access system, despite paying $140+ per provider monthly plus 4-7% of collections. This creates a significant operational burden for organizations managing dozens or hundreds of clinical users across multiple locations. The lack of automated provisioning creates serious compliance and security risks in healthcare environments. Without SCIM, IT teams can't automatically enforce role changes when staff transitions between departments, or immediately revoke access when employees leave - both critical requirements under HIPAA. Manual user management also increases the likelihood of over-privileged accounts remaining active, creating potential audit findings and data exposure risks. Third-party solutions like Cerby have been suggested, but these add complexity and cost to an already expensive EHR investment.