Summary and recommendation
Atlan supports native SCIM 2.0 provisioning with full user and group management capabilities. However, SCIM is only available on Enterprise tier, which requires custom pricing negotiations. Additionally, SSO must be enabled before SCIM can be configured, and Atlan's pricing tiers (Starter, Premier, Enterprise) are not publicly disclosed, making cost planning difficult for IT teams.
This creates a significant barrier for organizations wanting automated provisioning without committing to enterprise-level contracts. For data teams evaluating Atlan, the lack of transparent pricing means you can't budget for provisioning capabilities upfront. The SSO prerequisite also forces organizations into a specific implementation sequence that may not align with their rollout timeline.
The strategic alternative
Atlan gates SCIM behind Enterprise. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across the rest of your stack. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Atlan accounts manually. Here's what that costs:
The Atlan pricing problem
Atlan gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Starter | Custom pricing | ||
| Premier | Custom pricing | ||
| Enterprise | Custom pricing |
Note: Atlan requires SSO to be enabled before SCIM can be configured. Both features are bundled exclusively in the Enterprise tier.
What this means in practice
Without public pricing, organizations face several procurement challenges:
The lack of pricing transparency means IT teams can't quickly assess whether Atlan's SCIM costs justify the investment versus alternative provisioning approaches.
Additional constraints
Summary of challenges
- Atlan supports SCIM but only at Enterprise tier (Custom (Enterprise tier))
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Atlan doesn't sell SCIM à la carte. It's bundled with Enterprise tier features at undisclosed custom pricing:
The challenge: Atlan keeps all pricing tiers (Starter, Premier, Enterprise) behind custom quotes, making it impossible to evaluate costs upfront. You'll need to go through their sales process just to understand what you'll pay for Enterprise features you may not need.
Stitchflow Insight
If you need comprehensive data governance anyway, the Enterprise upgrade may make sense. If you just want automated user provisioning, you're locked into an expensive bundle with features most IT teams won't use. We estimate ~60% of Enterprise features are irrelevant for teams that only need SCIM provisioning.
What IT admins are saying
Community sentiment on Atlan's SCIM implementation reveals frustration with the gatekeeping approach. Common complaints:
- Requiring Enterprise tier for basic SCIM provisioning
- Hidden pricing that forces sales conversations for basic features
- SSO prerequisite adding another layer of complexity
- Username/email sync limitations that break on user updates
Having to enable SSO first before SCIM just adds unnecessary friction to the setup process. Why can't these be independent?
Another vendor hiding their pricing behind 'contact sales' - just tell us what Enterprise costs so we can budget properly.
The recurring theme
Atlan treats SCIM as an enterprise-only luxury rather than a standard identity management requirement, forcing teams into opaque pricing conversations for basic provisioning capabilities.
The decision
| Your Situation | Recommendation |
|---|---|
| On Starter or Premier, need SCIM | Use Stitchflow: avoid the Enterprise tier upgrade |
| Already on Enterprise tier | Use native SCIM: you're paying for it |
| Need Enterprise features beyond SCIM | Evaluate Enterprise: SCIM comes bundled |
| Can't enable SSO due to organizational constraints | Use Stitchflow: bypasses the SSO prerequisite |
| Small data team, minimal user changes | Manual may work: but watch for data access sprawl |
The bottom line
Atlan gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the Atlan workflow gap
Atlan gates SCIM behind Enterprise, but the bigger issue is the workflow around it. Stitchflow builds and maintains the offboarding, access review, or license workflow underneath.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- SSO must be enabled before configuring SCIM
- Pricing tiers (Starter, Premier, Enterprise) not publicly disclosed
- Username and email only synced on initial provisioning
- SCIM token displayed only once after generation
Documentation not available.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Full SCIM provisioning support with Azure AD. Azure AD SSO must be enabled first. Supports user creation, updates, and group sync.
Atlan gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the workflow gap in
Atlan
Atlan gates SCIM behind Enterprise plan. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across your stack.
Start with the free gap diagnostic
