Summary and recommendation
Criteria, the pre-employment assessment platform, does not support SCIM provisioning on any plan. While Criteria offers SSO integration through Okta (using SWA) and basic SSO endpoints for other identity providers, there is no automated user provisioning capability. This creates a significant operational challenge for IT teams managing candidate assessment workflows, as user accounts must be manually created and managed in Criteria's system even when SSO is configured.
The lack of provisioning automation is particularly problematic for organizations conducting high-volume hiring, where hundreds or thousands of candidate assessments may be processed monthly. Without SCIM, IT teams face manual account creation bottlenecks, potential security gaps from orphaned accounts, and compliance challenges when audit trails require complete user lifecycle visibility across all systems - including assessment platforms that handle sensitive candidate data.
The strategic alternative
Criteria has no native SCIM. That leaves a workflow gap in offboarding, access reviews, and license cleanup unless your team handles the app another way. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | Criteria HireSelect integration uses SWA for sign-on. Supports Schema Discovery and Attribute Writeback but no automated user provisioning. |
| Microsoft Entra ID | Via third-party | ❌ | No Criteria Corp provisioning tutorial in Microsoft Entra gallery. SSO endpoint exists at hireselect.criteriacorp.com/SSO. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Criteria accounts manually. Here's what that costs:
The Criteria pricing problem
Criteria gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Professional | From $1,200/year | ||
| Enterprise | Custom (avg ~$32,000/year) |
Pricing structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Professional | From $1,200/year | ||
| Enterprise | Custom (avg ~$32,000/year) |
Market data on Criteria costs
What this means in practice
Without SCIM provisioning, IT teams face manual user management at scale. For organizations conducting high-volume assessments:
Additional constraints
Summary of challenges
- Criteria does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Criteria actually offers for identity
SSO Support (Enterprise pricing)
Criteria provides basic SSO integration for their HireSelect pre-employment assessment platform:
| Feature | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Custom SAML providers |
| Configuration | SSO endpoint: hireselect.criteriacorp.com/SSO |
| User requirement | Manual account creation required |
Critical limitation: Criteria's SSO is designed for candidate assessment workflows, not employee identity management. No automated user provisioning exists.
Okta Integration (via OIN)
The official Okta Integration Network listing for Criteria HireSelect shows:
| Feature | Supported? |
|---|---|
| SAML SSO | ❌ No |
| OIDC SSO | ❌ No |
| SWA (password vaulting) | ✓ Yes |
| Create users | ❌ No |
| Update users | ❌ No |
| Deactivate users | ❌ No |
| Group push | ❌ No |
| Schema Discovery | ✓ Yes |
| Attribute Writeback | ✓ Yes |
Translation: The Okta integration only provides password vaulting (SWA) plus basic attribute handling. No automated provisioning capabilities exist.
Microsoft Entra Integration
| Feature | Supported? |
|---|---|
| Gallery app | ❌ No |
| SAML SSO | ❌ No |
| OIDC SSO | ❌ No |
| SCIM provisioning | ❌ No |
No Microsoft Entra integration tutorial exists in their app gallery.
Bottom line: Criteria offers extremely limited identity features focused on candidate assessment workflows rather than employee provisioning. At $32,000/year average Enterprise pricing, you're paying premium rates for a platform that requires manual user management and lacks any automated provisioning capabilities.
What IT admins are saying
Criteria's lack of automated provisioning forces IT teams into manual account management for their pre-employment assessment platform:
- Manual user creation required even with SSO configured
- No automated deprovisioning when employees leave HR teams
- Enterprise pricing barrier ($32K average) for basic SSO functionality
- Limited integration options beyond Okta's basic SWA connection
Criteria HireSelect integration uses SWA for sign-on... no automated user provisioning.
User accounts must be manually managed in Criteria's platform regardless of your identity provider setup.
The recurring theme
HR teams end up managing Criteria access outside of centralized identity management, creating security gaps and administrative overhead when staff turnover occurs in recruiting departments.
The decision
| Your Situation | Recommendation |
|---|---|
| Small HR team managing <20 candidates at a time | Manual user management is workable |
| Occasional assessment campaigns with stable admin team | Manual management with Enterprise SSO for security |
| High-volume recruiting (100+ assessments/month) | Use Stitchflow: automation essential for candidate lifecycle |
| Multiple hiring managers across departments | Use Stitchflow: automated role-based access critical |
| Enterprise with compliance requirements | Use Stitchflow: automated audit trail for assessment access |
The bottom line
Criteria has no native SCIM. That means one more workflow gap in offboarding, access reviews, and license cleanup unless your team handles it another way.
Close the Criteria workflow gap
Criteria is one gap in a broader workflow. Stitchflow builds and maintains the offboarding, access review, or license workflow across every app in your environment.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No native SCIM provisioning support
- Okta integration is SSO (SWA) only, no automated provisioning
- Pre-employment assessment platform - users typically candidates, not employees
- Enterprise SSO available per security documentation
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
Criteria HireSelect integration uses SWA for sign-on. Supports Schema Discovery and Attribute Writeback but no automated user provisioning.
Use Stitchflow for automated provisioning.
Close the workflow gap in
Criteria
Criteria has no native SCIM. That leaves one more workflow gap in offboarding, access reviews, and license cleanup unless your team handles it another way.
Start with the free gap diagnostic
