Summary and recommendation
Avalara, the automated tax compliance platform, does not support SCIM provisioning on any plan. While Avalara integrates with identity providers like Okta and Entra for SAML SSO, these integrations are limited to authentication only. The Okta integration specifically supports Group Import, Schema Discovery, and Attribute Writeback, but explicitly excludes the core SCIM operations: Create, Update, and Deactivate Users. This forces IT teams to manually provision and deprovision users in Avalara's admin console, creating a significant operational burden for organizations managing tax compliance across multiple business units.
The absence of automated user lifecycle management is particularly problematic for finance and tax teams where access control is critical for compliance. Manual provisioning increases the risk of orphaned accounts when employees leave or change roles, potentially creating audit issues and security vulnerabilities. With Avalara's custom volume-based enterprise pricing already representing a significant investment, the additional overhead of manual user management undermines the platform's operational efficiency benefits.
The strategic alternative
Avalara has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | Okta integration supports Group Import, Schema Discovery, and Attribute Writeback but not full user provisioning (Create/Update/Deactivate Users) |
| Microsoft Entra ID | ✓ | ❌ | No dedicated Entra gallery app with provisioning found |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Avalara accounts manually. Here's what that costs:
The Avalara pricing problem
Avalara gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | Custom quote | ||
| Business | Custom quote | ||
| Enterprise | Custom quote (volume-based) |
Pricing and provisioning options
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | Custom quote | ||
| Business | Custom quote | ||
| Enterprise | Custom quote (volume-based) |
All Avalara plans use custom, volume-based pricing with no publicly available rates. Enterprise contracts can reach significant costs depending on transaction volume and user count.
What this means in practice
Manual user management across all tiers: Even Enterprise customers must manually create, update, and deactivate Avalara user accounts. When employees join, leave, or change roles, IT teams need separate workflows outside their standard IdP provisioning.
Limited Okta integration: Avalara's Okta app supports Group Import and Schema Discovery but explicitly excludes user lifecycle provisioning (Create/Update/Deactivate Users). This means you get some metadata sync but no automated user management.
No Entra provisioning: Microsoft Entra ID has no dedicated Avalara gallery app with provisioning capabilities.
Additional constraints
Summary of challenges
- Avalara does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Avalara actually offers for identity
SAML SSO (Enterprise-tier only)
Avalara supports SAML 2.0 single sign-on integration for Enterprise customers:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, Entra ID, other SAML providers |
| Pricing tier | Enterprise (custom volume-based pricing) |
| Configuration | Manual setup through Avalara admin portal |
Okta Integration (via OIN)
The official Okta Integration Network listing for Avalara shows significant limitations:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| Create users | ❌ No |
| Update users | ❌ No |
| Deactivate users | ❌ No |
| Group push | ❌ No |
| Schema discovery | ✓ Yes |
| Group import | ✓ Yes |
| Attribute writeback | ✓ Yes |
Translation: The Okta integration provides SSO and some metadata features, but zero user lifecycle provisioning. You still need to manually create, update, and deactivate users in Avalara.
What's missing
Avalara provides no native SCIM endpoint and no automated user provisioning through any identity provider. The Enterprise tier focuses on:
The reality: You're paying enterprise-level custom pricing primarily for tax compliance features, not identity management capabilities. User provisioning remains a manual process regardless of your plan.
What IT admins are saying
Avalara's lack of automated provisioning forces IT teams into manual account management for tax compliance software:
- Manual user creation required despite SSO availability
- No visibility into who has access without logging into Avalara directly
- Offboarding requires remembering to manually deactivate accounts in yet another system
- Enterprise-only pricing makes small to mid-size companies choose between tax automation and proper access controls
The Okta integration supports Group Import, Schema Discovery, and Attribute Writeback but not full user provisioning (Create/Update/Deactivate Users)
User accounts must be manually provisioned in Avalara before SSO authentication can work
The recurring theme
Organizations get tax compliance automation but lose identity management automation. IT teams must manually sync their IdP changes to Avalara, creating security gaps when employees change roles or leave the company.
The decision
| Your Situation | Recommendation |
|---|---|
| Small tax compliance team (<10 users) | Manual user management is acceptable |
| Stable accounting team with low turnover | Manual management with SSO for authentication |
| Large enterprise with multiple subsidiaries | Use Stitchflow: automation essential for scale |
| Organizations with compliance audit requirements | Use Stitchflow: automated provisioning provides audit trail |
| Multi-entity businesses with frequent role changes | Use Stitchflow: automation strongly recommended |
The bottom line
Avalara is an enterprise tax compliance platform with no SCIM provisioning capabilities and custom volume-based pricing that lacks transparency. For organizations that need automated user lifecycle management without the overhead of manual account administration, Stitchflow delivers SCIM-level provisioning at a predictable cost.
Make Avalara workflows AI-native
Avalara has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No native SCIM endpoint
- Okta integration only supports schema discovery and group import, not user lifecycle provisioning
- Custom volume-based pricing - no public pricing available
- Enterprise-focused platform
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
Okta integration supports Group Import, Schema Discovery, and Attribute Writeback but not full user provisioning (Create/Update/Deactivate Users)
Use Stitchflow for automated provisioning.
Unlock SCIM for
Avalara
Avalara has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
