Summary and recommendation
Autotask PSA (now part of the Datto/Kaseya portfolio) does not offer native SCIM provisioning capabilities. While SCIM-like functionality is available through Okta's integration in the Okta Integration Network, this creates a vendor lock-in scenario where your provisioning workflow is entirely dependent on Okta. For MSPs using other identity providers like Entra ID or Google Workspace, there's no automated provisioning option—despite Autotask supporting SAML 2.0 and OIDC SSO across these platforms. Given that Autotask starts at $50/user/month with additional module costs, the lack of universal SCIM support is a significant gap.
This limitation is particularly problematic for MSPs where technicians, project managers, and billing staff need different role-based access to client financial data within the PSA. Manual user provisioning creates compliance risks when technicians should only access specific client accounts, while SSO alone doesn't handle the complex role assignments that MSP workflows require. The Okta-only provisioning approach forces organizations to either accept manual processes or commit to a single identity provider ecosystem.
The strategic alternative
Autotask PSA has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0, OAuth, OIDC |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | No SCIM available |
| Microsoft Entra ID | ✓ | ❌ | No SCIM available |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Autotask PSA accounts manually. Here's what that costs:
The Autotask PSA pricing problem
Autotask PSA gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Manual provisioning | High | Staff time | |
| Okta integration | Medium | Okta Enterprise required | |
| Third-party automation | Low | Additional vendor costs |
Provisioning options
| Method | Reliability | IdP Support | Cost Impact |
|---|---|---|---|
| Manual provisioning | High | All IdPs | Staff time |
| Okta integration | Medium | Okta only | Okta Enterprise required |
| Third-party automation | Low | Varies | Additional vendor costs |
Autotask pricing context
What this means in practice
For Okta shops: You can use automated provisioning, but you're locked into Okta's reliability and pricing. If Okta's integration breaks or becomes unavailable, you're back to manual processes.
For Entra/Google Workspace users: No automated provisioning options. Every new MSP technician, project manager, or billing user must be manually created in Autotask, then have their roles and permissions configured individually.
For multi-IdP environments: You can't standardize on one provisioning approach across your SaaS stack, creating operational complexity.
Additional constraints
Summary of challenges
- Autotask PSA does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Autotask PSA actually offers for identity
SCIM Provisioning (Okta integration only)
Autotask PSA doesn't offer native SCIM but provides SCIM-based provisioning through the Okta Integration Network:
| Feature | Supported? |
|---|---|
| Create users | ✓ Yes (via Okta) |
| Update user attributes | ✓ Yes (via Okta) |
| Deactivate users | ✓ Yes (via Okta) |
| Group linking | ✓ Yes (via Okta) |
| Schema discovery | ✓ Yes (via Okta) |
| Entra ID provisioning | ❌ No |
| Google Workspace provisioning | ❌ No |
| OneLogin provisioning | ❌ No |
Critical limitation: SCIM provisioning is exclusively available through Okta. Organizations using Entra ID, Google Workspace, or OneLogin have no automated provisioning path.
SSO Options (All plans)
| Protocol | Supported IdPs |
|---|---|
| SAML 2.0 | Okta, Entra ID, custom SAML providers |
| OIDC | Okta, Entra ID, custom OIDC providers |
| Just-in-time provisioning | ✓ Yes |
The Okta lock-in problem
For MSPs managing sensitive client data and billing information, automated provisioning is essential for security and compliance. Autotask's Okta-only SCIM support creates a vendor lock-in scenario where your identity provider choice determines your provisioning capabilities.
Organizations already committed to Entra ID or Google Workspace face manual user management—a significant security risk in PSA environments containing financial and client data.
What IT admins are saying
Community sentiment on Autotask PSA's provisioning reveals frustration with the Okta-only SCIM approach and complex Kaseya ecosystem integration:
- SCIM provisioning only works through Okta integration, leaving Azure AD and other IdP users with manual processes
- Complex pricing structure as part of the broader Kaseya/Datto bundle makes cost planning difficult
- Integration complexity increases when managing the full PSA platform across multiple client environments
- No native SCIM support means you're locked into specific identity provider workflows
Complex pricing as part of Kaseya bundle
Integration complexity
The recurring theme
MSPs need reliable, cross-platform provisioning for their PSA system since it contains sensitive client financial data and requires precise role-based access, but Autotask's Okta-dependent approach leaves many organizations managing user lifecycles manually across their most critical business application.
The decision
| Your Situation | Recommendation |
|---|---|
| Small MSP (<10 technicians) | Manual management acceptable, focus on SSO setup |
| Using Okta with existing SCIM requirements | Try Okta's native integration first |
| Multi-location MSP with frequent tech turnover | Use Stitchflow: automation essential for scaling |
| Enterprise MSP with compliance requirements | Use Stitchflow: audit trail and automation critical |
| Using Entra ID or Google Workspace | Use Stitchflow: native integration gaps require workarounds |
The bottom line
Autotask PSA offers SCIM provisioning, but only through Okta's integration—leaving Entra ID and Google Workspace users without automated options. For MSPs managing technician access across multiple client environments, Stitchflow eliminates the IdP dependency and provides consistent automation regardless of your identity provider.
Make Autotask PSA workflows AI-native
Autotask PSA has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- SCIM via Okta integration primarily
- Enterprise pricing required
- Part of larger Kaseya ecosystem
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Docs
Enterprise required for SCIM
Use Stitchflow for automated provisioning.
Unlock SCIM for
Autotask PSA
Autotask PSA has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
