Summary and recommendation
Box offers automated user provisioning through IdP integrations with Okta and Microsoft Entra ID, but this is not SCIM-compliant provisioning. Instead, Box uses a proprietary API that violates core SCIM standards—the userName attribute isn't required, error codes are non-standard, and attribute mapping is Box-specific. This creates a misleading situation where Box appears to support modern provisioning but actually locks you into IdP-specific integrations. Provisioning requires Business plans ($15/user/month) or higher, and only works with major IdP vendors.
This proprietary approach creates significant challenges for IT teams managing multi-vendor environments or planning IdP migrations. Since Box's provisioning relies on custom integrations rather than standardized SCIM, switching identity providers means rebuilding provisioning workflows from scratch. Organizations using less common IdPs, those requiring SCIM compliance for audit purposes, or teams running mixed identity environments are left with manual user management—creating security gaps and administrative overhead that scales poorly as teams grow.
The strategic alternative
Stitchflow provides SCIM-level provisioning through resilient browser automation for Box without requiring IdP-specific integrations. Works with any Box plan and any IdP (Okta, Entra, Google Workspace, OneLogin). Flat pricing under $5K/year, regardless of team size.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Business |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Box accounts manually. Here's what that costs:
The Box pricing problem
Box gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Business Starter | $5/user/month | ||
| Business | $15/user/month | ||
| Business Plus | $25/user/month | ||
| Enterprise | $35/user/month | ||
| Enterprise Plus | $50/user/month |
Pricing structure
| Plan | Price | SSO | Provisioning |
|---|---|---|---|
| Business Starter | $5/user/month | ❌ | ❌ |
| Business | $15/user/month | ✓ SAML | ✓ Via IdP API |
| Business Plus | $25/user/month | ✓ SAML | ✓ Via IdP API |
| Enterprise | $35/user/month | ✓ SAML | ✓ Via IdP API |
| Enterprise Plus | $50/user/month | ✓ SAML | ✓ Via IdP API |
What this means in practice
No SCIM standardization: Box's provisioning API doesn't follow SCIM protocols. For example, the userName attribute isn't required in Box's API despite being mandatory in SCIM specifications. This creates inconsistent behavior compared to other enterprise apps.
IdP-specific integrations required: You can only provision users through pre-built integrations in Okta, Entra ID, or OneLogin. There's no universal SCIM endpoint you can configure with other IdPs or custom solutions.
API complexity: Without SCIM's standardized interface, any custom provisioning work requires understanding Box's proprietary API structure and handling non-standard responses.
Additional constraints
Summary of challenges
- Box supports SCIM but only at Business tier ($35/user/month)
- Lower tiers may include SSO but exclude SCIM provisioning
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Box actually offers for identity
Box doesn't sell SCIM à la carte because it doesn't offer SCIM at all. Instead, it provides automated provisioning through IdP-specific integrations bundled with Business tier features:
API-Based Provisioning (Business tier and above):
The fundamental limitation: Box's provisioning uses a proprietary API that doesn't follow SCIM standards. The userName attribute isn't even required in their implementation, violating basic SCIM compliance. You're locked into using pre-built integrations from major IdP vendors rather than standard SCIM protocols.
If you need Business-tier collaboration features anyway, the provisioning integration adds value. But if you just want standards-compliant automated provisioning, you're paying for file storage enterprise features while getting non-standard identity management. We estimate ~60% of Business tier features are irrelevant for teams that only need proper SCIM provisioning.
What IT admins are saying
Box's non-SCIM approach to provisioning creates significant confusion among IT teams who expect enterprise-grade identity standards. Common complaints:
API is not SCIM-compliant despite auto-provisioning support
Confusing - has provisioning but not via SCIM protocol
Must use IdP-specific integrations instead of standard SCIM
userName attribute not required (SCIM requires it)
Box API is SCIM... Not SCIM-compliant despite being enterprise file storage
Box APIs don't follow SCIM standard (e.g., userName not required). Provisioning via Microsoft Entra ID or Okta but not SCIM-compliant.
The recurring theme
Box offers provisioning functionality but through proprietary APIs rather than industry standards, forcing IT teams into vendor-specific integrations and creating confusion about why a major enterprise platform doesn't support the SCIM protocol.
The decision
| Your Situation | Recommendation |
|---|---|
| Small team (<25 users) on Business plan | Manual management is acceptable, use SSO for authentication |
| Stable team with low turnover | Leverage IdP native integrations (Okta/Entra) for basic provisioning |
| Growing organization (50+ users) | Use Stitchflow: Box's non-SCIM API creates integration headaches |
| Multi-IdP environment | Use Stitchflow: Box's proprietary API limits cross-platform flexibility |
| Enterprise with compliance requirements | Use Stitchflow: proper audit trails require SCIM-compliant provisioning |
The bottom line
Box supports automated provisioning through IdP integrations, but uses a proprietary API that doesn't follow SCIM standards—creating vendor lock-in and integration complexity. For organizations that need reliable, standards-compliant provisioning automation, Stitchflow provides the SCIM layer Box should have built natively.
Automate Box without the tier upgrade
Stitchflow delivers SCIM-level provisioning through resilient browser automation, backed by 24/7 human in the loop for Box at <$5K/year, flat, regardless of team size.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Business
Prerequisites
SSO must be configured first
Key limitations
- API is not SCIM-compliant despite auto-provisioning support
- userName attribute not required (SCIM requires it)
- Provisioning via proprietary API, not SCIM standard
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Docs
Business required for SCIM
Native SCIM is available on Business. Use Stitchflow if you need provisioning without the tier upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Business required for SCIM
Native SCIM is available on Business. Use Stitchflow if you need provisioning without the tier upgrade.
Unlock SCIM for
Box
Box gates automation behind Business or Enterprise plan. Stitchflow delivers the same SCIM outcomes for a flat fee, saving you 200%.
See how it works
