Summary and recommendation
Chameleon supports native SCIM 2.0 provisioning, but it's a paid add-on available on any plan. While this seems accessible, the real cost barrier emerges at scale: with base plans starting at $214-279/month for just 2,500 Monthly Tracked Users and 6 seats, teams often hit usage limits quickly and face significant per-MTU overages. The SSO/SCIM add-on compounds these costs, and role assignment requires careful attribute mapping to ensure proper permissions for tour building versus view-only access.
For growing product teams, this creates a provisioning gap where manual user management becomes necessary to control costs. Without automated role assignment, IT teams face ongoing overhead ensuring product managers get editor access while stakeholders remain view-only. The complexity of managing both MTU limits and role permissions manually increases security risks and administrative burden.
The strategic alternative
Chameleon gates SCIM behind Any plan (add-on). That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across the rest of your stack. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Custom |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0, OIDC |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Chameleon accounts manually. Here's what that costs:
The Chameleon pricing problem
Chameleon gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Startup | $214-279/month | Add-on required | |
| Growth | $349-500/month | Add-on required | |
| Enterprise | $999+/month | Add-on required |
Plan Structure
| Plan | Price | SCIM |
|---|---|---|
| Startup | $214-279/month | Add-on required |
| Growth | $349-500/month | Add-on required |
| Enterprise | $999+/month | Add-on required |
Note: SSO and SCIM are bundled together as a single paid add-on available on any plan tier. Chameleon doesn't publish specific add-on pricing, requiring custom quotes.
What this means in practice
The add-on model creates budget friction across all customer segments:
The lack of transparent add-on pricing means procurement requires custom negotiations for what should be a standard security feature.
Additional constraints
Summary of challenges
- Chameleon supports SCIM but only at Custom tier ($999+/month)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Chameleon doesn't sell SCIM à la carte. It's a paid add-on available on any plan, but comes bundled with broader SSO/security features:
Stitchflow Insight
The add-on pricing isn't publicly disclosed, but given Chameleon's MTU-based model starting at $214/month for basic plans, expect meaningful additional cost. If your team only needs basic user provisioning without complex role mapping, you're paying for enterprise security features that may be overkill. We estimate ~60% of the SSO/SCIM bundle is irrelevant for teams that just want automated user lifecycle management.
What IT admins are saying
Community sentiment on Chameleon's SCIM add-on pricing is mixed. While native support exists, the additional cost creates friction for smaller teams. Common complaints:
- SSO/SCIM being an expensive add-on rather than included feature
- Having to pay extra for basic security automation on top of already high MTU pricing
- Role mapping complexity requiring careful attribute configuration
- SCIM namespace setup being more technical than expected
The add-on pricing for SSO really adds up when you're already paying per monthly tracked user. Wish this was just included.
Setting up the SCIM namespace correctly took more back-and-forth with support than I expected for a 'native' integration.
The recurring theme
Teams appreciate having native SCIM available on any plan tier, but the add-on cost model feels punitive when you're already paying premium MTU rates for a product adoption tool.
The decision
| Your Situation | Recommendation |
|---|---|
| Any plan, need SCIM without add-on costs | Use Stitchflow: avoid the paid SSO/SCIM add-on |
| Small product team with simple access needs | Use Stitchflow: easier than configuring SCIM namespaces |
| Already paying for SSO add-on, technical team available | Use native SCIM: you're paying for it anyway |
| Need Enterprise features (SOC 2, localization) | Evaluate Enterprise tier: SCIM add-on comes with advanced features |
| Minimal user changes, Google OAuth acceptable | Manual may work: but watch for role assignment gaps |
The bottom line
Chameleon gates SCIM behind Any plan (add-on). The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the Chameleon workflow gap
Chameleon gates SCIM behind Any plan (add-on), but the bigger issue is the workflow around it. Stitchflow builds and maintains the offboarding, access review, or license workflow underneath.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Custom
Prerequisites
SSO must be configured first
Key limitations
- SSO/SCIM is a paid add-on
- Role sync requires proper attribute mapping
- SCIM namespace must be configured correctly
Close the workflow gap in
Chameleon
Chameleon gates SCIM behind Any plan (add-on). That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across your stack.
Start with the free gap diagnostic
