Summary and recommendation
Atlassian Loom supports SCIM 2.0 for automated user provisioning, but only on Enterprise plans with custom pricing. This creates a significant barrier for teams on Business plans ($15-20/user/month) who need automated provisioning but can't justify Enterprise-level costs. The limitation is particularly problematic because Loom's domain capture feature can automatically add users to Enterprise workspaces, creating provisioning gaps where some users get automatic access while others require manual management.
For video messaging platforms handling sensitive content, this creates a compliance risk. Teams often deploy Loom organization-wide for async communication, but without automated deprovisioning on Business plans, former employees may retain access to recorded videos containing confidential information. SSO alone doesn't solve this - you need SCIM to ensure departing users lose access immediately when removed from your identity provider.
The strategic alternative
Atlassian Loom gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Atlassian Loom accounts manually. Here's what that costs:
The Atlassian Loom pricing problem
Atlassian Loom gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure (Billed Annually)
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Business | $15/user/month | ||
| Business + AI | $20/user/month | ||
| Enterprise | Custom pricing |
Note: Business plans purchased directly from Atlassian.com do not include Atlassian Guard and require a separate Guard purchase for SSO/SCIM access.
What this means in practice
The Enterprise requirement creates a substantial pricing jump from Business plans. While Atlassian doesn't publish Enterprise pricing, industry reports suggest Enterprise typically costs 2-3x Business rates:
| Team Size | Estimated Annual Upgrade Cost |
|---|---|
| 50 users | $9,000 - $18,000/year |
| 100 users | $18,000 - $36,000/year |
| 200 users | $36,000 - $72,000/year |
These estimates assume Enterprise pricing of $30-45/user/month based on market positioning.
Additional constraints
Summary of challenges
- Atlassian Loom supports SCIM but only at Enterprise tier (Custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Atlassian Loom doesn't sell SCIM à la carte. It's bundled with Enterprise features through Atlassian Guard:
The catch: Business plans purchased directly from Atlassian.com don't include Guard, requiring a separate purchase for SSO/SCIM. Only Enterprise plans include Guard by default.
Stitchflow Insight
If you need enterprise security controls anyway, the upgrade may make sense. If you just want automated user provisioning for your video messaging tool, you're paying for extensive enterprise features you won't use. We estimate ~60% of Enterprise features are irrelevant for teams that only need SCIM for basic user lifecycle management.
What IT admins are saying
Community sentiment on Atlassian Loom's SCIM requirements is mixed, with frustration centered on the Enterprise paywall and domain complexity.
- Enterprise plan requirement locks out smaller teams needing basic SCIM
- Domain verification and capture rules create deployment headaches
- Business plans from Atlassian.com require separate Guard purchase for SSO/SCIM
- Custom Enterprise pricing with no transparent cost structure
Why does every Atlassian product require Enterprise for basic SSO? We just need to sync users, not buy the entire platform suite.
The domain capture thing is confusing - users end up in different workspaces depending on how you set it up. Not intuitive at all.
The recurring theme
Basic identity automation is held hostage behind expensive Enterprise upgrades, with confusing domain management that complicates deployment even after paying the premium.
The decision
| Your Situation | Recommendation |
|---|---|
| On Business plan, need SCIM | Use Stitchflow: avoid the Enterprise tier jump and custom pricing negotiation |
| Already on Enterprise with Guard | Use native SCIM: you're paying for Atlassian Guard provisioning |
| Need Enterprise features beyond SCIM | Evaluate Enterprise: SCIM comes bundled with Guard |
| Domain verification blocked by IT policies | Use Stitchflow: bypass Atlassian's domain capture requirements |
| Small video team, low turnover | Manual may work: but consider security risks with video content |
The bottom line
Loom's Enterprise-only SCIM requirement forces a jump from $15-20/user/month to custom Enterprise pricing, plus mandatory domain verification. For teams that need video messaging provisioning without the Enterprise commitment, Stitchflow delivers SCIM automation at flat-rate pricing with any Loom plan.
Make Atlassian Loom workflows AI-native
Atlassian Loom gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- Enterprise plan required for SSO/SCIM
- Must authorize domains before SSO/SCIM setup
- Domain capture affects user workspace placement
- Business plans purchased from Atlassian.com require separate Guard purchase for SSO
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
SCIM via Atlassian Guard. Configure in Okta using WorkOS setup. Push users, profile updates, and groups.
Atlassian Loom gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
SCIM via Atlassian Guard. Requires Atlassian Guard subscription or Enterprise plan.
Atlassian Loom gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Atlassian Loom
Atlassian Loom gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
