BambooHR SCIM guide

Personio, the HR information system for 10-5,000 employee companies, does not offer SCIM provisioning capabilities. Instead, Personio functions as an HR source system that syncs employee data one-way to identity providers like Okta and Microsoft Entra ID through custom API integrations. While these integrations automate employee onboarding and offboarding by pushing HR data to your IdP every 30 minutes, they don't provide the bidirectional SCIM provisioning that IT teams need to manage user access within Personio itself. Additionally, Personio only supports native SSO via OIDC (not SAML), requiring third-party bridges like JumpCloud for SAML-based SSO workflows. This creates a fundamental gap for IT teams managing Personio access. While your IdP can receive employee data from Personio, you still need manual processes to provision user accounts, assign roles, and manage permissions within Personio when employees join, change roles, or leave. For multi-entity organizations or companies requiring granular access controls, this manual overhead becomes particularly problematic, especially given Personio's Enterprise-tier pricing that averages ~$47,000 annually.

6sense, the B2B revenue intelligence platform, has paused SCIM provisioning for new customers until Q4 2026. While existing customers with SCIM enabled can continue using it, new implementations are limited to JIT (Just-In-Time) provisioning through SAML SSO. This creates a significant gap for IT teams managing revenue intelligence access, as JIT only creates users on first login and provides minimal attribute mapping (email, first name, last name only). For an enterprise platform with typical pricing of $55,000-$130,000 annually, the absence of automated user lifecycle management is a substantial limitation. The lack of SCIM until Q4 2026 forces IT teams into manual provisioning workflows for a platform handling sensitive revenue data. While SAML SSO handles authentication, it doesn't address user lifecycle events like role changes, department transfers, or offboarding. This creates compliance risks in revenue teams where access to prospect data and sales intelligence must be tightly controlled. The nearly two-year wait for SCIM restoration means organizations implementing 6sense today face manual user management for the foreseeable future.

Aha! Roadmaps, the product roadmapping platform, does not support SCIM provisioning on any plan. While Aha! offers SAML 2.0 SSO integration with identity providers like Okta, Entra ID, and OneLogin, this only handles authentication through JIT (Just-In-Time) provisioning. The critical limitation: JIT provisioning creates user accounts with no default role or access permissions, requiring administrators to manually configure access for each user after they first sign in. For product teams managing strategic roadmaps and stakeholder access, this creates significant operational overhead. Since product roadmaps contain sensitive strategic information and stakeholder access typically varies by product area, IT administrators must manually assign appropriate roles and workspace permissions after each user is provisioned. There's no automatic deprovisioning when users leave the organization, creating potential security gaps. This manual process becomes particularly problematic for larger product organizations where dozens of stakeholders across different business units need carefully managed access to specific roadmaps.