Summary and recommendation
Atlan supports native SCIM 2.0 provisioning with full user and group management capabilities. However, SCIM is only available on Enterprise tier, which requires custom pricing negotiations. Additionally, SSO must be enabled before SCIM can be configured, and Atlan's pricing tiers (Starter, Premier, Enterprise) are not publicly disclosed, making cost planning difficult for IT teams.
This creates a significant barrier for organizations wanting automated provisioning without committing to enterprise-level contracts. For data teams evaluating Atlan, the lack of transparent pricing means you can't budget for provisioning capabilities upfront. The SSO prerequisite also forces organizations into a specific implementation sequence that may not align with their rollout timeline.
The strategic alternative
Atlan gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Atlan accounts manually. Here's what that costs:
The Atlan pricing problem
Atlan gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Starter | Custom pricing | ||
| Premier | Custom pricing | ||
| Enterprise | Custom pricing |
Note: Atlan requires SSO to be enabled before SCIM can be configured. Both features are bundled exclusively in the Enterprise tier.
What this means in practice
Without public pricing, organizations face several procurement challenges:
The lack of pricing transparency means IT teams can't quickly assess whether Atlan's SCIM costs justify the investment versus alternative provisioning approaches.
Additional constraints
Summary of challenges
- Atlan supports SCIM but only at Enterprise tier (Custom (Enterprise tier))
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Atlan doesn't sell SCIM à la carte. It's bundled with Enterprise tier features at undisclosed custom pricing:
The challenge: Atlan keeps all pricing tiers (Starter, Premier, Enterprise) behind custom quotes, making it impossible to evaluate costs upfront. You'll need to go through their sales process just to understand what you'll pay for Enterprise features you may not need.
Stitchflow Insight
If you need comprehensive data governance anyway, the Enterprise upgrade may make sense. If you just want automated user provisioning, you're locked into an expensive bundle with features most IT teams won't use. We estimate ~60% of Enterprise features are irrelevant for teams that only need SCIM provisioning.
What IT admins are saying
Community sentiment on Atlan's SCIM implementation reveals frustration with the gatekeeping approach. Common complaints:
- Requiring Enterprise tier for basic SCIM provisioning
- Hidden pricing that forces sales conversations for basic features
- SSO prerequisite adding another layer of complexity
- Username/email sync limitations that break on user updates
Having to enable SSO first before SCIM just adds unnecessary friction to the setup process. Why can't these be independent?
Another vendor hiding their pricing behind 'contact sales' - just tell us what Enterprise costs so we can budget properly.
The recurring theme
Atlan treats SCIM as an enterprise-only luxury rather than a standard identity management requirement, forcing teams into opaque pricing conversations for basic provisioning capabilities.
The decision
| Your Situation | Recommendation |
|---|---|
| On Starter or Premier, need SCIM | Use Stitchflow: avoid the Enterprise tier upgrade |
| Already on Enterprise tier | Use native SCIM: you're paying for it |
| Need Enterprise features beyond SCIM | Evaluate Enterprise: SCIM comes bundled |
| Can't enable SSO due to organizational constraints | Use Stitchflow: bypasses the SSO prerequisite |
| Small data team, minimal user changes | Manual may work: but watch for data access sprawl |
The bottom line
Atlan's SCIM requires both Enterprise tier pricing and SSO enablement—two significant barriers for teams that simply want automated user provisioning. For organizations on lower tiers or those with SSO constraints, Stitchflow delivers the same provisioning outcomes without the tier jump or prerequisites.
Make Atlan workflows AI-native
Atlan gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- SSO must be enabled before configuring SCIM
- Pricing tiers (Starter, Premier, Enterprise) not publicly disclosed
- Username and email only synced on initial provisioning
- SCIM token displayed only once after generation
Documentation not available.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Full SCIM provisioning support with Azure AD. Azure AD SSO must be enabled first. Supports user creation, updates, and group sync.
Atlan gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Atlan
Atlan gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
