Summary and recommendation
Commvault supports SCIM 2.0 provisioning, but only through Microsoft Entra ID (Azure AD) as a non-gallery application. The integration is limited to Enterprise-tier plans starting at $25,000/year, while lower tiers (Operational Recovery and Autonomous Recovery) rely on manual user management. This creates a significant gap for organizations using other identity providers like Okta, Google Workspace, or OneLogin, which can only leverage SSO through the Okta Integration Network but get no automated provisioning.
For mid-market companies on lower-tier plans, this limitation forces a choice between expensive Enterprise licensing just for automated provisioning or accepting the operational burden and security risks of manual user lifecycle management across backup and recovery systems. With Commvault protecting critical business data, manual deprovisioning creates compliance risks when former employees retain access to backup repositories and recovery points.
The strategic alternative
Commvault gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | SSO only |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Commvault accounts manually. Here's what that costs:
The Commvault pricing problem
Commvault gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Operational Recovery | Custom pricing | ||
| Autonomous Recovery | Custom pricing | ||
| Enterprise Cyber Recovery | Custom, from $25K/year |
Plan Structure
| Plan | Price | SCIM |
|---|---|---|
| Operational Recovery | Custom pricing | ❌ |
| Autonomous Recovery | Custom pricing | ❌ |
| Enterprise Cyber Recovery | Custom, from $25K/year | ✓ |
Note: SCIM is only available through Microsoft Entra ID (Azure AD) non-gallery application integration. No SCIM support through Okta despite having SSO integration in the OIN.
What this means in practice
The Enterprise tier requirement creates substantial cost barriers:
Small to mid-size teams: Organizations with basic backup and recovery needs face a minimum $25K annual commitment just to access SCIM provisioning. This pricing floor makes automated user management cost-prohibitive for smaller IT operations.
SaaS customers: Even teams using Commvault's SaaS offering at $1.70/user/month must upgrade to Enterprise licensing to enable SCIM, creating a dramatic price jump from operational SaaS pricing to enterprise-grade contracts.
Multi-vendor complexity: Organizations already invested in Okta workflows cannot leverage SCIM provisioning at all, forcing them to either switch identity providers or accept manual user management.
Additional constraints
Summary of challenges
- Commvault supports SCIM but only at Enterprise tier (Cyber Recovery (custom, from $25K/year))
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Commvault doesn't sell SCIM à la carte. It's bundled with Enterprise-tier data protection features:
The reality: You're paying enterprise data protection prices (starting at $25K/year) to get basic user provisioning. If you need comprehensive backup and recovery anyway, the upgrade makes sense. If you just want automated user provisioning, you're paying for a massive bundle you won't fully use.
Stitchflow Insight
We estimate ~80% of Enterprise features are irrelevant for teams that only need SCIM. Plus, the SCIM implementation only works with Entra ID non-gallery applications - no support for Okta, Google Workspace, or other major IdPs.
What IT admins are saying
Community sentiment on Commvault's SCIM implementation reveals mixed experiences with deployment complexity and vendor lock-in concerns. Common complaints:
- SCIM only available through Entra ID non-gallery apps, limiting IdP flexibility
- Complex configuration requiring deep technical expertise to set up properly
- Enterprise-tier pricing barriers starting at $25K/year exclude mid-market organizations
- Limited community documentation compared to other backup solutions
Getting Commvault SCIM working with Azure AD was more complex than it should be - the non-gallery app setup had several gotchas that weren't well documented.
Love the backup capabilities but the pricing jump to get proper user provisioning is steep. We're stuck with manual user management on the lower tiers.
The recurring theme
While Commvault offers native SCIM, the implementation complexity and high pricing thresholds create barriers for organizations seeking straightforward identity automation.
The decision
| Your Situation | Recommendation |
|---|---|
| On Operational/Autonomous Recovery, need SCIM | Use Stitchflow: avoid the Enterprise upgrade starting at $25K/year |
| Using Okta as your IdP | Use Stitchflow: Commvault's OIN integration is SSO-only |
| Need Entra ID SCIM but want simpler setup | Use Stitchflow: skip the non-gallery app configuration complexity |
| Already on Enterprise with Entra ID | Use native SCIM: you're paying for it and it's fully supported |
| Small backup team, infrequent user changes | Manual may work: but monitor for compliance gaps in data recovery access |
The bottom line
Commvault's SCIM requires their Enterprise tier (starting at $25K/year) and is only available through Entra ID non-gallery apps. For organizations on lower tiers or using other IdPs, Stitchflow delivers the same provisioning automation without the costly upgrade.
Make Commvault workflows AI-native
Commvault gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
None
Key limitations
- SCIM available through Entra ID non-gallery application
- SCIM can modify user properties and delete users
- Attribute mappings configurable in Entra
- SaaS pricing starts at $1.70/user/month
- HyperScale Appliance starts under $25K/year for 29TB
- Office 365 backup has Standard and Enterprise subscription levels
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
Commvault InnerVault integration - SSO only, no provisioning in OIN
Use Stitchflow for automated provisioning.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Full SCIM provisioning via non-gallery app in Azure AD with automatic sync
Commvault gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Commvault
Commvault gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
