Summary and recommendation
Chameleon supports native SCIM 2.0 provisioning, but it's a paid add-on available on any plan. While this seems accessible, the real cost barrier emerges at scale: with base plans starting at $214-279/month for just 2,500 Monthly Tracked Users and 6 seats, teams often hit usage limits quickly and face significant per-MTU overages. The SSO/SCIM add-on compounds these costs, and role assignment requires careful attribute mapping to ensure proper permissions for tour building versus view-only access.
For growing product teams, this creates a provisioning gap where manual user management becomes necessary to control costs. Without automated role assignment, IT teams face ongoing overhead ensuring product managers get editor access while stakeholders remain view-only. The complexity of managing both MTU limits and role permissions manually increases security risks and administrative burden.
The strategic alternative
Chameleon gates SCIM behind Any plan (add-on). Skip the Any plan (add-on) plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Custom |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0, OIDC |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Chameleon accounts manually. Here's what that costs:
The Chameleon pricing problem
Chameleon gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Startup | $214-279/month | Add-on required | |
| Growth | $349-500/month | Add-on required | |
| Enterprise | $999+/month | Add-on required |
Plan Structure
| Plan | Price | SCIM |
|---|---|---|
| Startup | $214-279/month | Add-on required |
| Growth | $349-500/month | Add-on required |
| Enterprise | $999+/month | Add-on required |
Note: SSO and SCIM are bundled together as a single paid add-on available on any plan tier. Chameleon doesn't publish specific add-on pricing, requiring custom quotes.
What this means in practice
The add-on model creates budget friction across all customer segments:
The lack of transparent add-on pricing means procurement requires custom negotiations for what should be a standard security feature.
Additional constraints
Summary of challenges
- Chameleon supports SCIM but only at Custom tier ($999+/month)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Chameleon doesn't sell SCIM à la carte. It's a paid add-on available on any plan, but comes bundled with broader SSO/security features:
Stitchflow Insight
The add-on pricing isn't publicly disclosed, but given Chameleon's MTU-based model starting at $214/month for basic plans, expect meaningful additional cost. If your team only needs basic user provisioning without complex role mapping, you're paying for enterprise security features that may be overkill. We estimate ~60% of the SSO/SCIM bundle is irrelevant for teams that just want automated user lifecycle management.
What IT admins are saying
Community sentiment on Chameleon's SCIM add-on pricing is mixed. While native support exists, the additional cost creates friction for smaller teams. Common complaints:
- SSO/SCIM being an expensive add-on rather than included feature
- Having to pay extra for basic security automation on top of already high MTU pricing
- Role mapping complexity requiring careful attribute configuration
- SCIM namespace setup being more technical than expected
The add-on pricing for SSO really adds up when you're already paying per monthly tracked user. Wish this was just included.
Setting up the SCIM namespace correctly took more back-and-forth with support than I expected for a 'native' integration.
The recurring theme
Teams appreciate having native SCIM available on any plan tier, but the add-on cost model feels punitive when you're already paying premium MTU rates for a product adoption tool.
The decision
| Your Situation | Recommendation |
|---|---|
| Any plan, need SCIM without add-on costs | Use Stitchflow: avoid the paid SSO/SCIM add-on |
| Small product team with simple access needs | Use Stitchflow: easier than configuring SCIM namespaces |
| Already paying for SSO add-on, technical team available | Use native SCIM: you're paying for it anyway |
| Need Enterprise features (SOC 2, localization) | Evaluate Enterprise tier: SCIM add-on comes with advanced features |
| Minimal user changes, Google OAuth acceptable | Manual may work: but watch for role assignment gaps |
The bottom line
Chameleon charges for SSO/SCIM as an add-on across all plans, turning basic provisioning into an extra line item. For product teams that want automated user management without paying twice for identity features, Stitchflow delivers SCIM automation at flat pricing.
Make Chameleon workflows AI-native
Chameleon gates SCIM behind Any plan (add-on). We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Custom
Prerequisites
SSO must be configured first
Key limitations
- SSO/SCIM is a paid add-on
- Role sync requires proper attribute mapping
- SCIM namespace must be configured correctly
Unlock SCIM for
Chameleon
Chameleon gates SCIM behind Any plan (add-on). We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
