Summary and recommendation
Atlassian Jira supports SCIM 2.0 for automated user provisioning, but only with an Atlassian Guard subscription—an additional $3-4/user/month on top of your base Jira plan. For a 100-person team on Standard ($9.05/user/month), adding Guard means a 33-44% cost increase just to unlock basic provisioning automation. Enterprise customers get Guard included, but that's $155/user/year with an 801-user minimum—$124,355 upfront commitment.
The Guard subscription requirement creates a frustrating gap for growing teams. You're paying for Jira licenses but still manually managing user accounts, group assignments, and project access. SSO with JIT provisioning helps with login, but doesn't handle deprovisioning when employees leave or group sync for project permissions. For development teams where access delays impact sprint velocity, manual provisioning becomes a bottleneck.
The strategic alternative
Stitchflow provides managed SCIM automation for Atlassian Jira without requiring the Guard subscription upgrade. Works with any Jira plan and any identity provider. Flat pricing under $5K/year, regardless of team size—saving most organizations thousands compared to the Guard licensing fees.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Custom |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | ✓ | Full SCIM support |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Atlassian Jira accounts manually. Here's what that costs:
The Atlassian Jira pricing problem
Atlassian Jira gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure (Billed Annually)
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Standard | $9.05/user/mo | ||
| Premium | $18.30/user/mo | ||
| Enterprise | $155/user/year (801+ users) | ||
| Any plan + Guard Standard | Base price + $3-4/user/mo |
Note: Enterprise plans include Guard Standard. For teams under 801 users, Guard Standard subscription is required for SCIM access regardless of your Jira plan tier.
What this means in practice
Adding Guard Standard to existing Jira plans:
| Team Size | Standard + Guard | Premium + Guard | Annual Guard Cost |
|---|---|---|---|
| 50 users | ~$13/user/mo | ~$22/user/mo | +$1,800-2,400/year |
| 100 users | ~$13/user/mo | ~$22/user/mo | +$3,600-4,800/year |
| 200 users | ~$13/user/mo | ~$22/user/mo | +$7,200-9,600/year |
Calculation: Guard Standard adds approximately 30-40% to your existing Jira costs solely for provisioning capabilities.
Additional constraints
Summary of challenges
- Atlassian Jira supports SCIM but only at Custom tier ($155/user/year (min 801 users))
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Atlassian doesn't sell SCIM directly through Jira plans. It requires an Atlassian Guard subscription (formerly Access) that bundles identity features:
Guard Standard costs $3-4/user/month on top of your Jira plan. Enterprise customers ($155/user/year minimum) get Guard included, but that's an 801-user minimum commitment.
Stitchflow Insight
If you just want SCIM for a smaller team, you're paying for cross-product administration features you likely don't need. The Guard subscription applies to your entire Atlassian organization, not just Jira users. We estimate ~60% of Guard features are irrelevant for teams that only want Jira user provisioning.
What IT admins are saying
Community sentiment on Atlassian Jira's SCIM implementation centers around the additional subscription requirement. Common complaints:
- Having to purchase Atlassian Guard/Access subscription just for SCIM provisioning
- Annual API key expiration creating ongoing maintenance overhead
- Group sync limitations across different Atlassian products
- Feeling forced into higher-tier subscriptions for basic identity automation
The extra Access subscription cost feels like a tax on security - we already pay per user, why can't SCIM just be included?
Managing API key expiration every year is just another thing on the todo list that shouldn't be there in 2025.
The recurring theme
Organizations feel penalized for wanting automated provisioning, with SCIM treated as an expensive add-on rather than a standard security feature included in base Jira pricing.
The decision
| Your Situation | Recommendation |
|---|---|
| On Standard/Premium, need SCIM | Use Stitchflow: avoid the $36K-124K/year Access subscription |
| On Enterprise without Access/Guard | Use Stitchflow: add automation without Guard complexity |
| Already have Atlassian Access/Guard | Use native SCIM: you're paying for it |
| Need Enterprise features + SSO + SCIM | Evaluate Enterprise plan: Guard Standard is included |
| Small dev team, low turnover | Manual may work: but developer onboarding delays cost more |
The bottom line
Atlassian's SCIM requires an Access/Guard subscription that can cost $36K-124K annually on top of your Jira plan. For development teams that need automated provisioning without the Access overhead, Stitchflow delivers the same automation at a fraction of the cost.
Automate Atlassian Jira without the tier upgrade
Stitchflow delivers SCIM-level provisioning through resilient browser automation, backed by 24/7 human in the loop for Atlassian Jira at <$5K/year, flat, regardless of team size.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Custom
Prerequisites
SSO must be configured first
Key limitations
- Requires Atlassian Access/Guard subscription
- Group sync not available for Bitbucket
- API key expiration requires management
- JSM portal SCIM expected Q2 2025
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Full SCIM 2.0 support via Atlassian Cloud app in OIN. Supports user create/update/deactivate and group sync. SCIM API keys expire after 1 year (as of Jan 2025).
Native SCIM is available on Custom. Use Stitchflow if you need provisioning without the tier upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Full SCIM 2.0 provisioning with attribute sync (job title, department). Initial sync takes longer, subsequent syncs every 40 minutes.
Native SCIM is available on Custom. Use Stitchflow if you need provisioning without the tier upgrade.
Unlock SCIM for
Atlassian Jira
Atlassian Jira gates automation behind Atlassian Access/Guard subscription plan. Stitchflow delivers the same SCIM outcomes for a flat fee.
See how it works