Stitchflow
Back to directory
Carbon Black logo

Carbon Black SCIM guide

Connector Only

How to automate Carbon Black user provisioning, and what it actually costs

Summary and recommendation

VMware Carbon Black Cloud (now part of Broadcom's portfolio) does not provide native SCIM provisioning capabilities. While SCIM functionality is available through Okta's connector with features like Group Linking and Schema Discovery, this creates a significant gap for organizations using other identity providers like Entra ID, Google Workspace, or OneLogin. For a critical endpoint security platform protecting against advanced threats, manual user provisioning creates both operational overhead and security risks—especially problematic when security analysts and SOC teams need immediate access during incident response scenarios.

The lack of universal SCIM support means IT teams face a choice between limiting themselves to Okta's ecosystem or maintaining manual provisioning workflows for their security platform. Given Carbon Black's role in threat detection and response, delayed user provisioning or deprovisioning can directly impact security posture and compliance requirements. With Broadcom's acquisition of VMware, pricing transparency has also decreased, making it difficult to assess the total cost of ownership for enterprise deployments.

The strategic alternative

Carbon Black has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.

Quick SCIM facts

SCIM available?No
SCIM tier requiredN/A
SSO required first?Yes
SSO available?Yes
SSO protocolSAML 2.0
DocumentationNot available

Supported identity providers

IdPSSOSCIMNotes
OktaNo SCIM available
Microsoft Entra IDNo SCIM available
Google WorkspaceVia third-partyNo native support
OneLoginVia third-partyNo native support

The cost of not automating

Without SCIM (or an alternative like Stitchflow), your IT team manages Carbon Black accounts manually. Here's what that costs:

Source: Stitchflow aggregate data across apps with 2+ instances, normalized to 500 employees
Orphaned accounts (ex-employees with access)7
Unused licenses12
IT hours spent on manual management/year101 hours
Unused license cost/year$3,925
IT labor cost/year$6,088
Cost of compliance misses/year$1,741
Total annual financial impact$11,754

The Carbon Black pricing problem

Carbon Black gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.

Tier comparison

PlanPriceSSOSCIM
Manual provisioningEnterprise pricing (~$53/endpoint MSRP)
Okta SCIM connectorEnterprise pricing + Okta license
Okta-only, third-party dependency
Other IdPsEnterprise pricing
Manual provisioning only

Provisioning options

MethodCostLimitations
Manual provisioningEnterprise pricing (~$53/endpoint MSRP)No automation, manual user creation/deletion
Okta SCIM connectorEnterprise pricing + Okta licenseOkta-only, third-party dependency
Other IdPsEnterprise pricingManual provisioning only

Carbon Black Cloud pricing

Custom enterprise pricing starting ~$53/endpoint MSRP
Carbon Black Cloud Workload Advanced
~$896/year per license
Exact pricing requires Broadcom sales contact (no public pricing)

What this means in practice

For a 500-endpoint deployment, you're looking at ~$26,500/year minimum just for Carbon Black licenses, with no native way to automate user provisioning. If you're using Entra ID, Google Workspace, or OneLogin, you're stuck with manual user management despite paying enterprise prices.

The Okta connector provides SCIM 2.0 support with group linking and schema discovery, but creates a single point of failure. If Okta's connector breaks or has issues, your entire user provisioning workflow stops.

Additional constraints

IdP lock-in
Automated provisioning only works with Okta's connector
Third-party reliability
Your provisioning depends on Okta maintaining their integration
Broadcom acquisition uncertainty
VMware's acquisition by Broadcom may change pricing models
Complex SAML setup
Documentation warns about potential user lockouts during SSO configuration
No JIT alternative
Without SCIM, you can't rely on just-in-time provisioning for new users

Summary of challenges

  • Carbon Black does not provide native SCIM at any price tier
  • Organizations must rely on third-party tools or manual provisioning
  • Our research shows teams manually provisioning this app spend significant hidden costs annually

What Carbon Black actually offers for identity

SAML SSO (Enterprise pricing)

VMware Carbon Black Cloud supports SAML 2.0 integration with identity providers:

SettingDetails
ProtocolSAML 2.0
Supported IdPsOkta, Entra ID, OneLogin, generic SAML
JIT provisioning✓ Yes
SP-initiated✓ Yes
IdP-initiated✓ Yes

Setup complexity: Documentation warns about SAML misconfiguration risks and recommends multiple browser sessions during setup to avoid lockouts.

SCIM provisioning (Okta only)

Carbon Black provides limited SCIM capabilities exclusively through Okta:

FeatureSupported?
Native SCIM API❌ No
Okta SCIM connector✓ Yes
Entra ID provisioning❌ No
Google Workspace❌ No
OneLogin provisioning❌ No
Group linking✓ Yes (Okta only)
Schema discovery✓ Yes (Okta only)
Attribute writeback✓ Yes (Okta only)

Critical limitation: If you're not using Okta as your primary IdP, there's no automated provisioning option. Entra ID, Google Workspace, and OneLogin users must manually manage Carbon Black accounts despite having SSO access.

What you're actually paying for

Carbon Black's Enterprise pricing (~$53/endpoint MSRP) includes the entire endpoint security platform - threat detection, behavioral analysis, incident response tools, and compliance reporting. The SCIM provisioning capability represents a fraction of what you're paying for.

For security teams that just need automated user provisioning, you're essentially buying a full EDR platform to get basic identity management features that only work with one IdP.

What IT admins are saying

Community sentiment on Carbon Black's provisioning limitations centers around manual overhead and SSO complexity:

  • Native SCIM provisioning is not documented or available for most identity providers
  • SAML SSO configuration is complex and prone to misconfigurations that lock out users
  • Only Okta users get automated provisioning through a connector - everyone else is stuck with manual account management
  • Concerns about pricing changes under Broadcom ownership affecting existing deployments

Multiple browser sessions recommended during SSO setup

VMware Carbon Black documentation

SAML misconfiguration can lock out users

Configuration warnings in admin guides

The recurring theme

Carbon Black forces most organizations into a manual provisioning workflow where security team access - arguably the most critical for incident response - requires IT to manually create and update user accounts separate from their identity provider.

The decision

Your SituationRecommendation
Small security team (<20 users) with OktaUse native Okta integration for SCIM provisioning
Enterprise with mixed IdP environmentUse Stitchflow: works with any IdP at flat pricing
SOC teams requiring rapid incident response accessUse Stitchflow: automated provisioning prevents access delays
Organizations concerned about Broadcom pricing changesUse Stitchflow: build complete workflows across every app in less than a week (~2 hours of your time).
Multi-tenant MSP managing multiple Carbon Black instancesUse Stitchflow: centralized automation across all tenants

The bottom line

VMware Carbon Black Cloud offers SCIM provisioning only through Okta's connector, leaving Entra ID, Google Workspace, and OneLogin users without automation options. For security teams that can't afford manual provisioning delays during critical incidents, Stitchflow delivers consistent automation across any identity provider.

Make Carbon Black workflows AI-native

Carbon Black has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.

Covers apps without native SCIM, including the ones without APIs
Less than a week, start to finish (~2 hours of your time)
Built with your team; extend to anything else in the company
Book a Demo

Technical specifications

SCIM Version

Not specified

Supported Operations

Not specified

Supported Attributes

Native SCIM not documented for Carbon Black CloudSCIM via Okta integration with group linking/schema discoveryMultiple browser sessions recommended during SSO setupSAML misconfiguration can lock out usersPart of Broadcom portfolio - pricing model may change

Plan requirement

Not specified

Prerequisites

Not specified

Key limitations

  • Native SCIM not documented for Carbon Black Cloud
  • SCIM via Okta integration with group linking/schema discovery
  • Multiple browser sessions recommended during SSO setup
  • SAML misconfiguration can lock out users
  • Part of Broadcom portfolio - pricing model may change

Documentation not available.

Configuration for Okta

Integration type

Okta Integration Network (OIN) app

Prerequisite

SSO must be configured before enabling SCIM.

Where to enable

Okta Admin Console → Applications → Carbon Black → Sign On

Docs

Okta integration

Enterprise required for SCIM

Use Stitchflow for automated provisioning.

Configuration for Entra ID

Integration type

Microsoft Entra Gallery app

Prerequisite

SSO must be configured before enabling SCIM.

Where to enable

Entra admin center → Enterprise applications → Carbon Black → Single sign-on

Docs

Microsoft Entra integration

Enterprise required for SCIM

Use Stitchflow for automated provisioning.

Unlock SCIM for
Carbon Black

Carbon Black has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.

See how it works
Admin Console
Directory
Applications
Carbon Black logo
Carbon Black
via Stitchflow

Last updated: 2026-01-11

* Pricing and features sourced from public documentation.

Keep exploring

Related apps

CrowdStrike logo

CrowdStrike

SCIM Tax

Endpoint Security / EDR

SCIM Tax+208%
Manual Cost$11,754/yr

CrowdStrike Falcon supports SCIM provisioning, but it's effectively locked behind an Okta partnership. While CrowdStrike integrates with multiple identity providers for SSO, full SCIM automation only works reliably through Okta's pre-built connector. This creates a problematic dependency: you need both CrowdStrike Enterprise ($184.99/device/year) AND Okta to get automated user provisioning for your security platform. For organizations using Entra ID, Google Workspace, or other identity providers, you're stuck with manual user management in CrowdStrike. Security teams can't afford delays when provisioning analyst access during incidents, and manual processes create gaps in your zero-trust architecture. SSO alone doesn't solve this—you still need someone to manually create accounts, assign threat hunting roles, and configure analyst permissions.

View full guide
6sense logo

6sense

No SCIM

B2B Revenue Intelligence / ABM

ProvisioningNot Supported
Manual Cost$11,754/yr

6sense, the B2B revenue intelligence platform, has paused SCIM provisioning for new customers until Q4 2026. While existing customers with SCIM enabled can continue using it, new implementations are limited to JIT (Just-In-Time) provisioning through SAML SSO. This creates a significant gap for IT teams managing revenue intelligence access, as JIT only creates users on first login and provides minimal attribute mapping (email, first name, last name only). For an enterprise platform with typical pricing of $55,000-$130,000 annually, the absence of automated user lifecycle management is a substantial limitation. The lack of SCIM until Q4 2026 forces IT teams into manual provisioning workflows for a platform handling sensitive revenue data. While SAML SSO handles authentication, it doesn't address user lifecycle events like role changes, department transfers, or offboarding. This creates compliance risks in revenue teams where access to prospect data and sales intelligence must be tightly controlled. The nearly two-year wait for SCIM restoration means organizations implementing 6sense today face manual user management for the foreseeable future.

View full guide
Aha! logo

Aha!

No SCIM

Product Management / Roadmapping

ProvisioningNot Supported
Manual Cost$11,754/yr

Aha! Roadmaps, the product roadmapping platform, does not support SCIM provisioning on any plan. While Aha! offers SAML 2.0 SSO integration with identity providers like Okta, Entra ID, and OneLogin, this only handles authentication through JIT (Just-In-Time) provisioning. The critical limitation: JIT provisioning creates user accounts with no default role or access permissions, requiring administrators to manually configure access for each user after they first sign in. For product teams managing strategic roadmaps and stakeholder access, this creates significant operational overhead. Since product roadmaps contain sensitive strategic information and stakeholder access typically varies by product area, IT administrators must manually assign appropriate roles and workspace permissions after each user is provisioned. There's no automatic deprovisioning when users leave the organization, creating potential security gaps. This manual process becomes particularly problematic for larger product organizations where dozens of stakeholders across different business units need carefully managed access to specific roadmaps.

View full guide