Summary and recommendation
Commission Junction (CJ Affiliate), the performance marketing platform owned by Publicis Groupe, does not support SCIM provisioning on any plan. While CJ offers SAML and SWA-based SSO integration through Okta, this only handles authentication for existing users—not automated provisioning or deprovisioning. As an affiliate marketing platform connecting advertisers with publishers, CJ operates on a different user model than typical SaaS applications, but enterprise customers still need centralized user lifecycle management for their marketing teams accessing campaign data and analytics.
This creates a significant operational gap for IT teams managing CJ access. Without automated provisioning, onboarding new marketing team members requires manual account creation in CJ's platform, while offboarding relies on manual deactivation—creating compliance risks when employees leave or change roles. The SSO integration only authenticates users who already have accounts, leaving the entire user lifecycle management process as a manual workflow.
The strategic alternative
Commission Junction has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | Supports SAML and SWA for SSO. No provisioning or SCIM support - only authentication. |
| Microsoft Entra ID | Via third-party | ❌ | No dedicated Entra gallery integration. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Commission Junction accounts manually. Here's what that costs:
The Commission Junction pricing problem
Commission Junction gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Standard | Performance-based 20-30% commission | ||
| Enterprise | Custom quote |
Pricing structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Standard | Performance-based 20-30% commission | ||
| Enterprise | Custom quote |
Note: Commission Junction uses performance-based pricing rather than traditional SaaS subscription models, charging commissions on affiliate transactions instead of fixed fees.
What this means in practice
Without SCIM support, IT teams must handle all user provisioning manually:
The affiliate marketing model adds complexity since users may need different access levels for multiple advertiser accounts or publisher programs within the same organization.
Additional constraints
Summary of challenges
- Commission Junction does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Commission Junction actually offers for identity
SAML SSO (Okta only)
Commission Junction provides limited single sign-on through Okta's Integration Network:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes (via Okta) |
| SWA (password vaulting) | ✓ Yes (via Okta) |
| Create users | ❌ No |
| Update users | ❌ No |
| Deactivate users | ❌ No |
| Group management | ❌ No |
Key limitations:
No SCIM or provisioning support
Commission Junction has no native SCIM capabilities across any pricing tier:
This creates significant operational overhead for marketing teams managing affiliate programs, especially when onboarding new partners or managing seasonal campaigns with multiple stakeholders.
What IT admins are saying
Commission Junction's complete absence of provisioning automation creates significant overhead for IT teams managing affiliate marketing operations:
- Manual user creation required for all advertisers and publishers
- No synchronization with identity providers beyond basic SSO
- Account management scattered across multiple systems when scaling affiliate programs
- Performance-based commission model doesn't address operational complexity
User accounts must exist in Commission Junction to use single sign-on... SSO does not substitute account creation.
We're managing hundreds of affiliate relationships but every new team member needs manual setup in CJ. It's a nightmare when people leave and we forget to revoke access.
The recurring theme
Commission Junction treats identity management as an afterthought. Even with SSO configured through Okta, every user requires manual provisioning, and there's no automated deprovisioning when employees leave or change roles.
The decision
| Your Situation | Recommendation |
|---|---|
| Small affiliate program (<10 partners) | Manual management is acceptable |
| Mature affiliate network with stable partnerships | Manual management with SSO for authentication |
| Large enterprise with 50+ affiliate managers | Use Stitchflow: automation essential for scale |
| Multi-brand organization managing multiple CJ accounts | Use Stitchflow: automation strongly recommended |
| Companies with strict compliance requirements | Use Stitchflow: automation essential for audit trail |
The bottom line
Commission Junction is a leading affiliate marketing platform, but it offers no SCIM support and limited SSO options (Okta SAML/SWA only). For enterprises managing large affiliate programs where user provisioning matters for compliance and operational efficiency, Stitchflow delivers the automation CJ lacks.
Make Commission Junction workflows AI-native
Commission Junction has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No native SCIM support
- Okta integration is SSO-only (SAML/SWA)
- No automatic user provisioning
- Affiliate marketing platform with different user model (advertisers/publishers)
- Part of Publicis Groupe
- Also known as CJ Affiliate
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
Supports SAML and SWA for SSO. No provisioning or SCIM support - only authentication.
Use Stitchflow for automated provisioning.
Unlock SCIM for
Commission Junction
Commission Junction has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
