Stitchflow
Back to directory
BombBomb logo

BombBomb SCIM guide

Connector Only

How to automate BombBomb user provisioning, and what it actually costs

Summary and recommendation

BombBomb, the video email platform for sales teams, offers SCIM provisioning only on their Enterprise tier with custom pricing. The SCIM implementation supports standard user lifecycle operations (create, update, deactivate) through Okta integration, but comes with significant limitations: email address changes aren't supported via SCIM and require manual support tickets, and deactivated users can potentially regain limited access by resetting their passwords. For organizations not on Enterprise plans (Plus at $49/month, Teams at $468/seat/year), there's no automated provisioning option at all.

The deactivation limitation creates a notable security gap. When sales reps leave your organization, BombBomb's deactivation process doesn't fully prevent access recovery, meaning former employees could potentially access video content and customer communications. This is particularly problematic for sales-focused organizations where video content often contains sensitive customer interactions and competitive intelligence.

The strategic alternative

BombBomb has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.

Quick SCIM facts

SCIM available?No
SCIM tier requiredN/A
SSO required first?Yes
SSO available?Yes
SSO protocolOIDC
DocumentationOfficial docs

Supported identity providers

IdPSSOProvisioningNotes
OktaVia APIAPI connector
Microsoft Entra IDVia third-partyAPI connector
Google WorkspaceSSO only, no provisioning
OneLoginSSO only

The cost of not automating

Without SCIM (or an alternative like Stitchflow), your IT team manages BombBomb accounts manually. Here's what that costs:

Source: Stitchflow aggregate data across apps with 2+ instances, normalized to 500 employees
Orphaned accounts (ex-employees with access)7
Unused licenses12
IT hours spent on manual management/year101 hours
Unused license cost/year$3,925
IT labor cost/year$6,088
Cost of compliance misses/year$1,741
Total annual financial impact$11,754

The BombBomb pricing problem

BombBomb gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.

Tier comparison

PlanPriceSSOSCIM
Essentials$33/month
Plus$49/month
Teams$468/seat/year
EnterpriseCustom pricing

Pricing structure

PlanPriceSSOSCIM
Essentials$33/month
Plus$49/month
Teams$468/seat/year
EnterpriseCustom pricing

What this means in practice

Cost impact for typical deployments

10 users
Jump from $490/month (Plus) to Enterprise pricing
25 users
Jump from $1,225/month (Plus) to Enterprise pricing
50 users
Jump from $2,450/month (Plus) to Enterprise pricing

The Enterprise tier includes additional features like role-based access controls and SOC 2 compliance, but IT teams often just need basic SCIM functionality. BombBomb's sales team will need to justify the premium over standard video email competitors.

Additional constraints

Okta-only SCIM support
No documented integration with Microsoft Entra ID or Google Workspace for provisioning
Email update limitation
Email address changes via SCIM require contacting support rather than automatic sync
Incomplete deactivation
Deactivated users can potentially reset their password to regain limited access
Limited IdP choice
SCIM provisioning only works through Okta's OAuth integration, not standard SCIM endpoints

Summary of challenges

  • BombBomb does not provide native SCIM at any price tier
  • Organizations must rely on third-party tools or manual provisioning
  • Our research shows teams manually provisioning this app spend significant hidden costs annually

What the upgrade actually includes

BombBomb gates SCIM behind their Enterprise tier, which comes with custom pricing and requires a sales conversation. Here's what you're actually paying for:

Enterprise Tier Features

SCIM provisioning: (Okta only via OAuth integration)
OIDC SSO: with JIT provisioning
Role-based access controls
SOC 2 Type II compliance
Advanced analytics and reporting
Custom branding options
Priority support

SCIM Capabilities (Okta Only)

FeatureSupported
Create users✓ Yes
Update user attributes✓ Yes
Deactivate users✓ Yes
Import existing users✓ Yes
Email address changes❌ No (requires support ticket)

Critical Limitations

Okta-only integration: Despite being positioned as "SCIM," BombBomb's provisioning only works with Okta via their OAuth integration. No support for Entra ID, Google Workspace, or standard SCIM endpoints.

Deactivation loophole: Deactivated users can potentially regain limited access by resetting their password, creating a security gap that requires manual monitoring.

Enterprise sales requirement: You can't simply upgrade online—Enterprise pricing requires going through their sales team, adding friction to what should be a straightforward provisioning setup.

For most teams, 80% of the Enterprise features are irrelevant if you just need user provisioning. You're paying Enterprise prices for basic identity management that should be standard across all business plans.

What IT admins are saying

BombBomb's Enterprise-only provisioning creates cost barriers for mid-market IT teams:

  • SCIM and SSO locked behind Enterprise tier with custom pricing
  • Deactivated users can potentially regain access by resetting passwords
  • Email address changes require manual support tickets, not automated through Okta
  • Limited identity provider support - only Okta documented for SCIM provisioning

Email address changes not supported via Okta (contact support)

BombBomb SCIM documentation

Deactivated users can potentially reset password for limited access

BombBomb support documentation

The recurring theme

Even organizations willing to pay for Enterprise face operational gaps where "deactivated" doesn't mean fully deactivated, and routine changes like email updates require manual intervention outside the normal SCIM workflow.

The decision

Your SituationRecommendation
Small sales team (<20 reps) on lower plansManual management acceptable, consider upgrading for SSO
High sales turnover environmentUse Stitchflow: automation prevents access sprawl
Enterprise budget with Okta-only environmentNative SCIM works, but watch for email change limitations
Multi-IdP environment (Entra, Google Workspace)Use Stitchflow: BombBomb only supports Okta natively
Compliance-focused organizationUse Stitchflow: better deactivation controls and audit trail

The bottom line

BombBomb's Enterprise-tier SCIM works for Okta users but has concerning security gaps—deactivated users can potentially regain limited access through password resets. For sales organizations that need bulletproof user lifecycle management across any IdP, Stitchflow provides the automation and security controls that BombBomb's native implementation lacks.

Make BombBomb workflows AI-native

BombBomb has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.

Covers apps without native SCIM, including the ones without APIs
Less than a week, start to finish (~2 hours of your time)
Built with your team; extend to anything else in the company
Book a Demo

Technical specifications

SCIM Version

Not specified

Supported Operations

Not specified

Supported Attributes

Not specified

Plan requirement

Not specified

Prerequisites

Not specified

Key limitations

  • Enterprise tier required for SCIM/SSO
  • Email address changes not supported via Okta (contact support)
  • Deactivated users can potentially reset password for limited access
View Official Documentation

Configuration for Okta

Integration type

Okta Integration Network (OIN) app

Prerequisite

SSO must be configured before enabling SCIM.

Where to enable

Okta Admin Console → Applications → BombBomb → Sign On

Docs

Okta integrationBombBomb SCIM setup

Enterprise required for SCIM

Use Stitchflow for automated provisioning.

Unlock SCIM for
BombBomb

BombBomb has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.

See how it works
Admin Console
Directory
Applications
BombBomb logo
BombBomb
via Stitchflow

Last updated: 2026-01-11

* Pricing and features sourced from public documentation.

Keep exploring

Related apps

6sense logo

6sense

No SCIM

B2B Revenue Intelligence / ABM

ProvisioningNot Supported
Manual Cost$11,754/yr

6sense, the B2B revenue intelligence platform, has paused SCIM provisioning for new customers until Q4 2026. While existing customers with SCIM enabled can continue using it, new implementations are limited to JIT (Just-In-Time) provisioning through SAML SSO. This creates a significant gap for IT teams managing revenue intelligence access, as JIT only creates users on first login and provides minimal attribute mapping (email, first name, last name only). For an enterprise platform with typical pricing of $55,000-$130,000 annually, the absence of automated user lifecycle management is a substantial limitation. The lack of SCIM until Q4 2026 forces IT teams into manual provisioning workflows for a platform handling sensitive revenue data. While SAML SSO handles authentication, it doesn't address user lifecycle events like role changes, department transfers, or offboarding. This creates compliance risks in revenue teams where access to prospect data and sales intelligence must be tightly controlled. The nearly two-year wait for SCIM restoration means organizations implementing 6sense today face manual user management for the foreseeable future.

View full guide
ActiveCampaign logo

ActiveCampaign

No SCIM

Marketing Automation / Email

ProvisioningNot Supported
Manual Cost$11,754/yr

ActiveCampaign, the marketing automation platform, does not offer native SCIM provisioning on any plan. While the Enterprise plan ($145+/month) includes SAML 2.0 SSO with just-in-time (JIT) provisioning, this only creates user accounts on first login—there's no automated deprovisioning when employees leave or change roles. New SSO users are automatically added to a generic "SSO Users" group with configurable permissions, but IT teams have no way to programmatically manage user lifecycles or enforce granular access controls based on department or role changes. This creates a significant gap for marketing teams that need to manage access to customer data and campaign tools. When employees leave the company or change departments, their ActiveCampaign access must be manually revoked, creating compliance risks and potential data exposure. The lack of automated deprovisioning means former employees could theoretically retain access to sensitive marketing data and customer information until someone manually removes them from the platform.

View full guide
Adyen logo

Adyen

No SCIM

Payments / Fintech

ProvisioningNot Supported
Manual Cost$11,754/yr

Adyen offers SCIM 2.0 provisioning, but only through Okta's integration—there's no native SCIM endpoint. This creates a significant vendor lock-in scenario where your provisioning capabilities are entirely dependent on using Okta as your identity provider. Teams using Azure Entra, Google Workspace, or OneLogin are left with manual user management despite Adyen supporting SAML SSO with these platforms. The Okta integration itself requires maintaining a company account (not just a merchant account) and keeping at least one non-SSO admin for troubleshooting, adding operational complexity. For payment platforms handling sensitive financial data, this provisioning gap creates serious compliance risks. Your finance team, payment operations staff, and developers need timely access to process transactions and manage risk controls, but without automated provisioning, you're stuck with manual onboarding that can delay critical payment operations. The requirement to maintain non-SSO admin accounts also creates a security backdoor that compliance auditors will flag.

View full guide