Summary and recommendation
Conductor, the enterprise SEO and content intelligence platform, does not offer SCIM provisioning on any plan. While Conductor provides SAML 2.0 SSO integration with identity providers like Okta and Azure AD, this only handles authentication through auto-provisioning that creates read-only users by default. IT administrators must manually upgrade user permissions after each provisioning event, creating an ongoing administrative burden that defeats the purpose of automated provisioning.
This gap becomes particularly problematic for marketing teams managing multi-site SEO campaigns where different users need varying permission levels across different properties. Without proper SCIM support, IT teams face the choice between manually managing user access for every new hire, transfer, or departure, or accepting the security risk of over-privileged accounts. For enterprise customers already paying $10,000+ monthly for Conductor, the lack of proper user lifecycle automation represents a significant operational overhead.
The strategic alternative
Conductor has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | Via third-party | ❌ | OIN app available for SSO. Auto-provisioning creates read-only users by default. Admin must upgrade permissions manually. No SCIM. |
| Microsoft Entra ID | Via third-party | ❌ | SSO supported via SAML. No SCIM provisioning documented. Contact vendor for details. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Conductor accounts manually. Here's what that costs:
The Conductor pricing problem
Conductor gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Standard | ~$2,000/month | ||
| Enterprise | $10,000+/month |
Pricing structure
| Plan | Pricing | SCIM | SSO |
|---|---|---|---|
| Standard | ~$2,000/month | ❌ Not available | ❌ Not included |
| Enterprise | $10,000+/month | ❌ Not available | ✓ SAML 2.0 |
Market data on Conductor costs
What this means in practice
Without SCIM, Conductor's auto-provisioning creates a permission management nightmare:
Default behavior: New users get read-only access only, regardless of their intended role or department. IT admins or Conductor admins must manually upgrade permissions for every new hire.
Real-world workflow
1. User logs in via SSO → Account created automatically 2. User reports they can't access content creation tools 3. Admin receives ticket, manually upgrades user to appropriate permission level 4. Process repeats for every new marketing team member
For a 50-person marketing organization with 20% annual turnover, this means manually processing 10+ permission upgrades per year.
Additional constraints
Summary of challenges
- Conductor does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Conductor actually offers for identity
SAML SSO with Auto-Provisioning (Enterprise)
Conductor supports SAML 2.0 integration with identity providers, but lacks true SCIM provisioning:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, Azure AD (Entra ID), custom SAML providers |
| Auto-provisioning | ✓ Yes (JIT via SAML) |
| Default permissions | Read-only access only |
| Flow type | SP-initiated |
Critical limitation: Auto-provisioned users are created with read-only permissions by default. Administrators must manually upgrade user permissions after each new user is provisioned through SSO.
Okta Integration (via OIN)
The official Okta Integration Network listing for Conductor shows:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| OIDC SSO | ❌ No |
| Create users | ✓ Yes (JIT only) |
| Update users | ❌ No |
| Deactivate users | ❌ No |
| Group push | ❌ No |
| Permission assignment | ❌ No |
Azure AD (Entra ID) Integration
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| SCIM provisioning | ❌ No |
| Automatic deprovisioning | ❌ No |
Translation: Conductor can create users automatically via SAML JIT provisioning, but every new user requires manual permission configuration. There's no automated way to assign roles, update user attributes, or deprovision users when they leave your organization.
For marketing teams managing multiple permission levels across different campaigns and sites, this creates an ongoing administrative burden that defeats the purpose of automated provisioning.
What IT admins are saying
Conductor's limited provisioning automation creates ongoing administrative burden for IT teams:
- Auto-provisioned users default to read-only permissions, requiring manual intervention
- Admins must upgrade user permissions individually after SSO login
- No true SCIM protocol support despite enterprise-level pricing
- Manual account management doesn't scale with team growth
Auto-provisioned users are read-only by default
User permissions must be managed manually after initial login through SSO
The recurring theme
Even with SAML SSO configured, IT teams face a two-step process where users can log in but can't actually work until an admin manually upgrades their permissions. This defeats the purpose of automated provisioning for a platform that typically serves entire marketing departments.
The decision
| Your Situation | Recommendation |
|---|---|
| Small SEO team (<10 users) with stable membership | Manual management is acceptable |
| Growing marketing team with frequent contractor onboarding | Use Stitchflow: automation essential for scaling |
| Enterprise with multiple brands/sites requiring different access levels | Use Stitchflow: automation strongly recommended |
| Agency managing client accounts with varying permissions | Use Stitchflow: automation essential for client security |
| Large organization with compliance requirements | Use Stitchflow: automation essential for audit trail |
The bottom line
Conductor offers SAML SSO with auto-provisioning, but new users default to read-only access requiring manual permission upgrades by admins. For marketing teams managing complex SEO workflows across multiple sites and permission levels, Stitchflow eliminates the manual overhead while ensuring proper access control from day one.
Make Conductor workflows AI-native
Conductor has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- SCIM not explicitly documented
- Auto-provisioning creates read-only users by default
- Admin must upgrade user permissions manually
- SP-initiated SSO flow
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
OIN app available for SSO. Auto-provisioning creates read-only users by default. Admin must upgrade permissions manually. No SCIM.
Use Stitchflow for automated provisioning.
Unlock SCIM for
Conductor
Conductor has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
