Stitchflow
Back to directory
Atlassian Confluence logo

Atlassian Confluence SCIM guide

Native SCIM

How to automate Atlassian Confluence user provisioning, and what it actually costs

Native SCIM requires Atlassian Guard subscription ($4/user/mo) or Enterprise plan

Summary and recommendation

Atlassian Confluence supports SCIM 2.0 provisioning, but requires an Atlassian Guard subscription ($4/user/month) unless you're on Enterprise. For teams on Standard ($5.25-6.00/user/month) or Premium ($11.75/user/month), adding Guard increases your total cost by 67-76%. Plus, you'll deal with annual API key expiration management and Google Cloud IdP users losing group sync functionality entirely.

This creates a significant cost barrier for mid-sized teams who need automated user provisioning but don't want Enterprise-level features. A 200-person team on Standard would pay an extra $9,600/year just to unlock SCIM capabilities they should reasonably expect from a modern SaaS platform.

The strategic alternative

Atlassian Confluence gates SCIM behind Atlassian Guard subscription ($4/user/mo) or Enterprise. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across the rest of your stack. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.

Quick SCIM facts

SCIM available?Yes
SCIM tier requiredEnterprise
SSO required first?Yes
SSO available?Yes
SSO protocolSAML 2.0
DocumentationOfficial docs

Supported identity providers

IdPSSOSCIMNotes
OktaOIN app with full provisioning
Microsoft Entra IDGallery app with SCIM
Google WorkspaceLimitedNo group provisioning/deprovisioning
OneLoginSupported

The cost of not automating

Without SCIM (or an alternative like Stitchflow), your IT team manages Atlassian Confluence accounts manually. Here's what that costs:

Source: Stitchflow aggregate data across apps with 2+ instances, normalized to 500 employees
Orphaned accounts (ex-employees with access)7
Unused licenses12
IT hours spent on manual management/year101 hours
Unused license cost/year$3,925
IT labor cost/year$6,088
Cost of compliance misses/year$1,741
Total annual financial impact$11,754

The Atlassian Confluence pricing problem

Atlassian Confluence gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.

Tier comparison

PlanPriceSSOSCIM
Standard$5.25-6.00/user/mo
Premium$11.75/user/mo
Enterprise~$23.50/user/mo

Plan Structure (Billed Annually)

PlanPriceGuard RequiredSCIM
Standard$5.25-6.00/user/mo+$4/user/mo
Premium$11.75/user/mo+$4/user/mo
Enterprise~$23.50/user/moIncluded

Note: Guard Standard ($4/user/mo) provides SCIM 2.0 with full user lifecycle management and group sync. Enterprise plans include Guard Standard at no additional cost.

What this means in practice

For teams not on Enterprise, Guard adds substantial cost:

Team SizeStandard + GuardPremium + Guardvs. Enterprise
50 users$5,550/year$9,450/year$14,100/year
100 users$11,100/year$18,900/year$28,200/year
200 users$22,200/year$37,800/year$56,400/year

Calculation: (Base plan + $4 Guard) × users × 12 months

Additional constraints

API key expiration
SCIM API keys expire after 1 year and must be manually renewed, creating ongoing maintenance overhead.
Google Cloud limitation
Teams using Google Cloud Identity cannot sync groups - they must use Google Workspace instead, forcing IdP decisions based on Confluence requirements.
One-time credential display
SCIM URL and API key are shown only once during setup. If not captured immediately, administrators must regenerate credentials.
Price increases ahead
Atlassian announced 5% increases for Standard and 7.5% for Premium/Enterprise effective October 2025, further widening cost gaps.

Summary of challenges

  • Atlassian Confluence supports SCIM but only at Enterprise tier (~$23.50/user/month (custom))
  • Google Workspace users get limited SCIM (no group sync)
  • Our research shows teams manually provisioning this app spend significant hidden costs annually

What the upgrade actually includes

Atlassian Confluence doesn't require a tier upgrade for SCIM—it requires an Atlassian Guard subscription ($4/user/month) unless you're already on Enterprise (which includes Guard Standard at no extra cost).

Here's what Guard gets you beyond SCIM:

SCIM 2.0 automated provisioning and group sync
Enhanced security monitoring and alerts
Advanced audit logging across Atlassian products
Data residency controls
IP allowlisting and session management
Mobile device management integration
Advanced user lifecycle management

If you're only on Standard ($5.25-6.00/user/month) or Premium ($11.75/user/month), adding Guard increases your total cost by 67-80%. For teams that just want automated user provisioning, roughly 60% of Guard's security features are overkill.

The alternative is jumping to Enterprise (~$23.50/user/month), where Guard Standard is included—but you're paying 4x more than Standard for enterprise features most teams won't use.

What IT admins are saying

Community sentiment on Atlassian Confluence's SCIM implementation centers around the additional subscription costs and operational complexity. Common complaints:

  • Being forced to purchase Atlassian Guard subscription just for basic SCIM provisioning
  • API key expiration after 1 year requiring manual renewal and rotation
  • Confusion between Google Cloud vs Google Workspace integrations (group sync only works with Workspace)
  • Having to immediately store SCIM credentials since they're never shown again

The Guard subscription feels like a tax on basic identity features that should be included in the main plans.

Reddit r/sysadmin

API keys expiring annually is a nightmare for operational continuity - one more thing to track and renew.

Atlassian Community Forums

The recurring theme

Organizations face surprise additional costs and ongoing maintenance overhead for what should be standard identity management functionality, especially when Guard subscription pricing can add $4-8 per user monthly on top of existing Confluence costs.

The decision

Your SituationRecommendation
Not on Enterprise, need SCIMUse Stitchflow: avoid the $4/user Guard subscription or Enterprise upgrade
On Standard/Premium, budget-consciousUse Stitchflow: Guard adds 76-34% to your monthly costs
Already on Enterprise planUse native SCIM: Guard Standard is included in your plan
Need Enterprise features beyond SCIMEvaluate Enterprise upgrade: SCIM comes bundled with Guard
Small team, infrequent user changesManual may work: but watch for API key expiration headaches

The bottom line

Atlassian Confluence gates SCIM behind Atlassian Guard subscription ($4/user/mo) or Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.

Close the Atlassian Confluence workflow gap

Atlassian Confluence gates SCIM behind Atlassian Guard subscription ($4/user/mo) or Enterprise, but the bigger issue is the workflow around it. Stitchflow builds and maintains the offboarding, access review, or license workflow underneath.

Across every app in the workflow, including the ones without APIs
Built in less than a week, with roughly 2 hours from your team
You review the exceptions. Stitchflow maintains the workflow underneath
Start with the free gap diagnostic

Technical specifications

SCIM Version

2.0

Supported Operations

Create, Update, Deactivate, Groups

Supported Attributes

Not specified

Plan requirement

Enterprise

Prerequisites

SSO must be configured first

Key limitations

  • Requires Atlassian Guard subscription (unless on Enterprise)
  • Google Cloud: group sync not available (use Google Workspace instead)
  • API keys expire after 1 year
  • Store SCIM URL and API key immediately - not shown again
View Official Documentation

Configuration for Okta

Integration type

Okta Integration Network (OIN) app with SCIM provisioning

Prerequisite

SSO must be configured before enabling SCIM.

Where to enable

Okta Admin Console → Applications → Atlassian Confluence → Provisioning

Required credentials

SCIM endpoint URL and bearer token (generated in app admin console).

Configuration steps

Enable Create Users, Update User Attributes, and Deactivate Users.

Provisioning trigger

Okta provisions based on app assignments (users or groups).

Docs

Okta integrationAtlassian Confluence SCIM setup

Atlassian Cloud app in OIN supports SSO and SCIM provisioning. Requires Atlassian Guard subscription. Groups pushed from Okta sync to Jira and Confluence.

Atlassian Confluence gates SCIM behind Atlassian Guard subscription ($4/user/mo) or Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.

Configuration for Entra ID

Integration type

Microsoft Entra Gallery app with SCIM provisioning

Prerequisite

SSO must be configured before enabling SCIM.

Where to enable

Entra admin center → Enterprise applications → Atlassian Confluence → Provisioning

Required credentials

Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).

Configuration steps

Set Provisioning Mode = Automatic, configure SCIM connection.

Provisioning trigger

Entra provisions based on user/group assignments to the enterprise app.

Sync behavior

Entra provisioning runs on a scheduled cycle (typically every 40 minutes).

Docs

Microsoft Entra integrationAtlassian Confluence SCIM setup

Microsoft Entra ID integration available. Auto-provision users and groups. Requires Atlassian Guard subscription. 40-minute sync cycle.

Atlassian Confluence gates SCIM behind Atlassian Guard subscription ($4/user/mo) or Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.

Close the workflow gap in
Atlassian Confluence

Atlassian Confluence gates SCIM behind Atlassian Guard subscription ($4/user/mo) or Enterprise plan. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across your stack.

Start with the free gap diagnostic
Admin Console
Directory
Applications
Atlassian Confluence logo
Atlassian Confluence
via Stitchflow

Last updated: 2026-01-11

* Pricing and features sourced from public documentation.

Keep exploring

Related apps

8x8 logo

8x8

SCIM Tax

UCaaS / Business Communications

SCIM StatusIncluded
Manual Cost$11,754/yr

8x8 supports SCIM 2.0 for automated user provisioning, but only on their quote-based X Series plans (previously $24-44/user/month range before they moved to custom pricing). While SCIM can create, update, and deactivate users, it has critical gaps that create ongoing manual overhead: license assignment must be done manually after every user is provisioned, users can't be deleted (only deactivated), and provisioned users don't automatically appear in the Company Directory. For IT teams managing a unified communications platform that typically covers all employees, these limitations defeat much of SCIM's purpose. You're still manually touching every user account to assign licenses and ensure directory visibility. The lack of user deletion support also creates compliance headaches when employees leave - accounts accumulate as "deactivated" rather than being properly removed.

View full guide
Airbase logo

Airbase

SCIM Tax

Spend Management / Corporate Cards

SCIM StatusIncluded
Manual Cost$11,754/yr

Airbase supports SCIM provisioning, but only on Enterprise plans starting around $8,500/year. While SCIM works with all major identity providers (Okta, Entra ID, Google Workspace), the Enterprise requirement creates a significant barrier for smaller finance teams who need automated provisioning for spend management but can't justify enterprise-level spend management software costs. This creates a particular challenge in finance applications where rapid provisioning and deprovisioning is critical for corporate card access and financial controls. Manual user management means delayed access for new employees needing corporate cards, and more critically, potential security gaps when departing employees retain access to spend management systems. For finance teams handling sensitive financial data and corporate spending, these delays and oversights create both operational friction and compliance risks.

View full guide
Airfocus logo

Airfocus

SCIM Tax

Product Management / Roadmapping

SCIM StatusIncluded
Manual Cost$11,754/yr

Airfocus supports SCIM provisioning, but only on Enterprise plans with custom pricing. While it handles basic user lifecycle management (create, update, deactivate), it lacks group provisioning entirely—meaning team assignments and workspace access must be managed manually. The Azure Entra integration also suffers from significant delays (~40 minutes for provisioning), creating gaps where users can't access product roadmaps they need immediately. For product management teams, this creates operational friction. Product managers, executives, and engineering leads need timely access to strategic roadmaps, but manual group assignments slow onboarding and complicate offboarding. Without automated group provisioning, IT teams must coordinate with product leads to ensure the right stakeholders have appropriate workspace access—exactly the kind of manual work SCIM should eliminate.

View full guide