Summary and recommendation
Atlassian Confluence supports SCIM 2.0 provisioning, but requires an Atlassian Guard subscription ($4/user/month) unless you're on Enterprise. For teams on Standard ($5.25-6.00/user/month) or Premium ($11.75/user/month), adding Guard increases your total cost by 67-76%. Plus, you'll deal with annual API key expiration management and Google Cloud IdP users losing group sync functionality entirely.
This creates a significant cost barrier for mid-sized teams who need automated user provisioning but don't want Enterprise-level features. A 200-person team on Standard would pay an extra $9,600/year just to unlock SCIM capabilities they should reasonably expect from a modern SaaS platform.
The strategic alternative
Stitchflow provides managed provisioning automation for Confluence without requiring Guard subscriptions or plan upgrades. Works with any Confluence plan and any IdP (including proper Google Cloud support with group sync). Flat pricing under $5K/year, regardless of team size.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | Limited | No group provisioning/deprovisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Atlassian Confluence accounts manually. Here's what that costs:
The Atlassian Confluence pricing problem
Atlassian Confluence gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Standard | $5.25-6.00/user/mo | ||
| Premium | $11.75/user/mo | ||
| Enterprise | ~$23.50/user/mo |
Plan Structure (Billed Annually)
| Plan | Price | Guard Required | SCIM |
|---|---|---|---|
| Standard | $5.25-6.00/user/mo | +$4/user/mo | ✓ |
| Premium | $11.75/user/mo | +$4/user/mo | ✓ |
| Enterprise | ~$23.50/user/mo | Included | ✓ |
Note: Guard Standard ($4/user/mo) provides SCIM 2.0 with full user lifecycle management and group sync. Enterprise plans include Guard Standard at no additional cost.
What this means in practice
For teams not on Enterprise, Guard adds substantial cost:
| Team Size | Standard + Guard | Premium + Guard | vs. Enterprise |
|---|---|---|---|
| 50 users | $5,550/year | $9,450/year | $14,100/year |
| 100 users | $11,100/year | $18,900/year | $28,200/year |
| 200 users | $22,200/year | $37,800/year | $56,400/year |
Calculation: (Base plan + $4 Guard) × users × 12 months
Additional constraints
Summary of challenges
- Atlassian Confluence supports SCIM but only at Enterprise tier (~$23.50/user/month (custom))
- Google Workspace users get limited SCIM (no group sync)
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Atlassian Confluence doesn't require a tier upgrade for SCIM—it requires an Atlassian Guard subscription ($4/user/month) unless you're already on Enterprise (which includes Guard Standard at no extra cost).
Here's what Guard gets you beyond SCIM:
If you're only on Standard ($5.25-6.00/user/month) or Premium ($11.75/user/month), adding Guard increases your total cost by 67-80%. For teams that just want automated user provisioning, roughly 60% of Guard's security features are overkill.
The alternative is jumping to Enterprise (~$23.50/user/month), where Guard Standard is included—but you're paying 4x more than Standard for enterprise features most teams won't use.
What IT admins are saying
Community sentiment on Atlassian Confluence's SCIM implementation centers around the additional subscription costs and operational complexity. Common complaints:
- Being forced to purchase Atlassian Guard subscription just for basic SCIM provisioning
- API key expiration after 1 year requiring manual renewal and rotation
- Confusion between Google Cloud vs Google Workspace integrations (group sync only works with Workspace)
- Having to immediately store SCIM credentials since they're never shown again
The Guard subscription feels like a tax on basic identity features that should be included in the main plans.
API keys expiring annually is a nightmare for operational continuity - one more thing to track and renew.
The recurring theme
Organizations face surprise additional costs and ongoing maintenance overhead for what should be standard identity management functionality, especially when Guard subscription pricing can add $4-8 per user monthly on top of existing Confluence costs.
The decision
| Your Situation | Recommendation |
|---|---|
| Not on Enterprise, need SCIM | Use Stitchflow: avoid the $4/user Guard subscription or Enterprise upgrade |
| On Standard/Premium, budget-conscious | Use Stitchflow: Guard adds 76-34% to your monthly costs |
| Already on Enterprise plan | Use native SCIM: Guard Standard is included in your plan |
| Need Enterprise features beyond SCIM | Evaluate Enterprise upgrade: SCIM comes bundled with Guard |
| Small team, infrequent user changes | Manual may work: but watch for API key expiration headaches |
The bottom line
Confluence's SCIM requires either an Atlassian Guard subscription ($4/user/month) on top of your existing plan or upgrading to Enterprise. For teams on Standard or Premium plans, Stitchflow delivers the same provisioning automation without the 34-76% cost increase or annual API key management.
Automate Atlassian Confluence without the tier upgrade
Stitchflow delivers SCIM-level provisioning through resilient browser automation, backed by 24/7 human in the loop for Atlassian Confluence at <$5K/year, flat, regardless of team size.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- Requires Atlassian Guard subscription (unless on Enterprise)
- Google Cloud: group sync not available (use Google Workspace instead)
- API keys expire after 1 year
- Store SCIM URL and API key immediately - not shown again
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Atlassian Cloud app in OIN supports SSO and SCIM provisioning. Requires Atlassian Guard subscription. Groups pushed from Okta sync to Jira and Confluence.
Native SCIM is available on Enterprise. Use Stitchflow if you need provisioning without the tier upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Microsoft Entra ID integration available. Auto-provision users and groups. Requires Atlassian Guard subscription. 40-minute sync cycle.
Native SCIM is available on Enterprise. Use Stitchflow if you need provisioning without the tier upgrade.
Unlock SCIM for
Atlassian Confluence
Atlassian Confluence gates automation behind Atlassian Guard subscription ($4/user/mo) or Enterprise plan. Stitchflow delivers the same SCIM outcomes for a flat fee.
See how it works