Summary and recommendation
commercetools, the composable commerce platform used by enterprise retailers, does not offer SCIM provisioning capabilities on any plan. While commercetools provides SSO integration through OpenID Connect (OIDC) with identity providers like Okta and Microsoft Entra ID, this only handles authentication for existing users. User accounts must be manually created and managed within commercetools' Merchant Center, creating a significant provisioning gap for IT teams managing commerce platforms with multiple projects, environments, and team-based permissions.
This limitation becomes particularly problematic for enterprise commerce operations where developers, merchandisers, and digital teams need frequent access changes across different commercetools projects. Without automated provisioning, IT teams must manually coordinate user creation, role assignments, and deprovisioning across potentially dozens of commerce projects and environments. For organizations investing $40,000+ annually in commercetools licensing, manual user management represents both a security risk and operational inefficiency that scales poorly with team growth.
The strategic alternative
commercetools has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | OpenID Connect (OIDC) |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | Via third-party | ❌ | SSO via custom OIDC app configuration. Identity Enterprise SSO documentation available. No SCIM provisioning - OIDC doesn't support SCIM. |
| Microsoft Entra ID | Via third-party | ❌ | OIDC-based SSO integration documented. Identity accounts required from Oct 2025. No SCIM provisioning. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages commercetools accounts manually. Here's what that costs:
The commercetools pricing problem
commercetools gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Core Commerce | ~$40,000/year | ||
| Foundry | Custom pricing | ||
| Premium | ~$150,000+/year |
Pricing and provisioning options
| Plan | Pricing | SSO | SCIM |
|---|---|---|---|
| Core Commerce | ~$40,000/year | ✓ OIDC/SAML | ❌ Not available |
| Foundry | Custom pricing | ✓ OIDC/SAML | ❌ Not available |
| Premium | ~$150,000+/year | ✓ OIDC/SAML | ❌ Not available |
Note: All pricing is order-based (not GMV-based) with 60-day free trials available
What this means in practice
Without SCIM provisioning, IT teams must:
For commerce platforms handling multiple brands or markets, this creates significant overhead as teams frequently need access to different projects and environments.
Additional constraints
Summary of challenges
- commercetools does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What commercetools actually offers for identity
Identity Enterprise SSO (Required from Oct 2025)
commercetools is transitioning all customers to their new Identity Enterprise system, making SSO mandatory:
| Setting | Details |
|---|---|
| Protocol | OpenID Connect (OIDC) + SAML 2.0 |
| Supported IdPs | Okta, Microsoft Entra ID, Google Workspace, generic OIDC/SAML |
| Configuration | Custom OIDC app setup or SAML metadata exchange |
| User requirement | Just-in-time provisioning supported |
Key transition: Legacy Merchant Center SSO is being deprecated. All customers must migrate to Identity Enterprise by October 2025, regardless of plan tier.
What's Missing: SCIM Provisioning
commercetools documentation makes no mention of SCIM support for automated user provisioning:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| OIDC SSO | ✓ Yes |
| Create users via SCIM | ❌ No documentation |
| Update users via SCIM | ❌ No documentation |
| Deactivate users via SCIM | ❌ No documentation |
| Group management via SCIM | ❌ No documentation |
The reality: While commercetools provides robust SSO authentication, there's no documented SCIM endpoint for automated provisioning. For teams managing multiple projects and complex permission structures across their composable commerce platform, this means manual user management through the Merchant Center.
Why this matters for commerce teams: With multi-project architectures and team-based permissions being critical for commerce operations, the lack of automated provisioning creates operational overhead that scales poorly as your commerce organization grows.
What IT admins are saying
commercetools's transition to Identity Enterprise and lack of documented SCIM provisioning creates uncertainty for IT teams managing commerce platforms:
- Manual user provisioning across multiple commercetools projects and environments
- Confusion about the Identity Enterprise migration timeline and requirements
- No clear path for automated user lifecycle management
- Complex access control setup for teams spanning development, merchandising, and operations
Identity accounts required from Oct 2025
Legacy Merchant Center SSO being replaced
The recurring theme
IT teams face a black box when it comes to user provisioning automation. With no documented SCIM support and a mandatory migration to Identity Enterprise, administrators must rely on manual processes or custom solutions to manage user access across their composable commerce infrastructure.
The decision
| Your Situation | Recommendation |
|---|---|
| Small commerce team (<10 users) | Manual management acceptable for now |
| Simple single-project deployment | JIT provisioning with OIDC SSO may suffice |
| Multi-project commerce platform (15+ users) | Use Stitchflow: project access control gets complex fast |
| Enterprise with team-based permissions | Use Stitchflow: automation essential for merchandising workflows |
| Rapid scaling or seasonal hiring | Use Stitchflow: manual provisioning becomes a bottleneck |
The bottom line
commercetools offers robust OIDC-based SSO but provides no SCIM provisioning capabilities for their composable commerce platform. For commerce teams managing multiple projects and complex permission structures, Stitchflow delivers the automated user lifecycle management that commercetools doesn't offer natively.
Make commercetools workflows AI-native
commercetools has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- SCIM not explicitly documented
- OIDC-based SSO (not SAML)
- Identity accounts required from Oct 2025
- Legacy Merchant Center SSO being replaced
Documentation not available.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app
Where to enable
OIDC-based SSO integration documented. Identity accounts required from Oct 2025. No SCIM provisioning.
Use Stitchflow for automated provisioning.
Unlock SCIM for
commercetools
commercetools has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
