Stitchflow
Back to directory
Darktrace logo

Darktrace SCIM guide

Connector Only

How to automate Darktrace user provisioning, and what it actually costs

Native SCIM not available

Summary and recommendation

Darktrace, the AI-powered cybersecurity platform, does not support SCIM provisioning on any plan, including their Enterprise tier. While Darktrace offers custom SAML SSO integration with identity providers like Okta and Entra ID, this only handles authentication—not user lifecycle management. IT teams must manually create, modify, and deprovision user accounts within Darktrace's interface, even when users are added or removed from the organization.

This manual approach creates significant operational overhead for security teams managing access to critical cybersecurity infrastructure. Without automated provisioning, departed employees may retain access to sensitive threat detection data and security controls. The gap becomes particularly problematic for organizations with frequent personnel changes or compliance requirements that mandate timely access revocation.

The strategic alternative

Darktrace has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.

Quick SCIM facts

SCIM available?No
SCIM tier requiredN/A
SSO required first?No
SSO available?Yes
SSO protocolSAML 2.0
DocumentationNot available

Supported identity providers

IdPSSOSCIMNotes
OktaCustom SAML integration, not in OIN
Microsoft Entra IDCustom SAML integration
Google WorkspaceVia third-partyNo native support
OneLoginVia third-partyNo native support

The cost of not automating

Without SCIM (or an alternative like Stitchflow), your IT team manages Darktrace accounts manually. Here's what that costs:

Source: Stitchflow research, normalized to 500 employees:
Orphaned accounts (ex-employees with access)5
Unused licenses12
IT hours spent on manual management/year85 hours
Unused license cost/year$3,500
IT labor cost/year$5,100
Cost of compliance misses/year$890
Total annual financial impact$9,490

The Darktrace pricing problem

Darktrace gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.

Tier comparison

PlanPriceSSOSCIM
StandardCustom quote
EnterpriseCustom quote

Pricing and provisioning options

PlanPricingSCIMSSO
StandardCustom quote❌ Not available✓ Custom SAML
EnterpriseCustom quote❌ Not available✓ Custom SAML

Note: Darktrace pricing is entirely quote-based with no publicly available pricing tiers. SSO requires custom SAML configuration and is not available through standard IdP app galleries.

What this means in practice

Without SCIM support, every Darktrace user lifecycle event requires manual intervention:

New hires
IT must manually create accounts after onboarding
Role changes
Permission updates require manual configuration in Darktrace
Departures
No automated deprovisioning - accounts must be manually disabled
Bulk changes
No way to efficiently manage large user groups or organizational restructures

This creates significant security exposure, as departed employees may retain Darktrace access until IT manually removes them.

Additional constraints

Custom SAML only
SSO integration requires manual configuration outside standard IdP app catalogs
No API automation
While Darktrace has APIs for threat data, user management APIs are limited
Enterprise security tool
High-stakes environment where provisioning mistakes have serious security implications
Complex role structures
Darktrace's sophisticated permission model makes manual management even more error-prone

Summary of challenges

  • Darktrace does not provide native SCIM at any price tier
  • Organizations must rely on third-party tools or manual provisioning
  • Our research shows teams manually provisioning this app spend significant hidden costs annually

What Darktrace actually offers for identity

SAML SSO (Custom Integration)

Darktrace supports SAML 2.0 federation through custom configuration:

SettingDetails
ProtocolSAML 2.0
Supported IdPsOkta, Entra ID, Google Workspace, OneLogin
ConfigurationManual SAML setup via Darktrace admin portal
User requirementManual user creation required

Critical limitation: Darktrace's SAML implementation provides authentication only. All user lifecycle management—creating accounts, updating roles, removing access—must be handled manually through the Darktrace interface.

No Okta Integration Network Listing

Darktrace is not available in Okta's Integration Network, meaning:

FeatureSupported?
SAML SSO✓ Yes (custom config)
OIDC SSO❌ No
SWA (password vaulting)❌ No
Create users❌ No
Update users❌ No
Deactivate users❌ No
Group push❌ No

No SCIM API Available

Darktrace provides no SCIM endpoint or API for user provisioning. This forces IT teams to:

Manually create each user account in Darktrace
Manually assign roles and permissions
Manually remove access when employees leave
Maintain separate user databases across Darktrace and your IdP

For enterprise security platforms handling sensitive threat detection, this manual approach creates significant operational overhead and potential security gaps when user access isn't properly deprovisioned.

What IT admins are saying

Darktrace's complete absence of automated provisioning creates ongoing operational headaches for IT teams managing enterprise security platforms:

  • Manual user creation and removal for every team member
  • No synchronization with identity providers despite enterprise pricing
  • Time-intensive onboarding process for security analysts
  • Risk of orphaned accounts when employees leave

Darktrace requires manual user management which is a pain point for our IT operations. For an enterprise security solution, the lack of SCIM provisioning is surprising.

IT Director, r/sysadmin

We have to manually create accounts in Darktrace for every new security team member. It's 2024 and we're still doing this manually for a platform that costs six figures.

Security Operations Manager, Spiceworks Community

The recurring theme

Organizations paying premium prices for enterprise cybersecurity find themselves stuck with manual user management processes that don't scale with their security operations teams.

The decision

Your SituationRecommendation
Small security team (<10 users) with low turnoverManual management is workable with SSO
Medium organization (25+ users) needing security tool accessUse Stitchflow: manual provisioning creates security gaps
Enterprise with SOC compliance requirementsUse Stitchflow: automated audit trail essential
Rapid scaling organizationUse Stitchflow: manual onboarding delays compromise security posture
Multi-department security operationsUse Stitchflow: consistent access management across teams

The bottom line

Darktrace delivers advanced threat detection but offers zero provisioning automation—only custom SAML SSO and manual user management. For security teams that need rapid, audit-compliant user provisioning without the operational overhead, Stitchflow provides SCIM-level automation where Darktrace falls short.

Make Darktrace workflows AI-native

Darktrace has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.

Covers apps without native SCIM, including the ones without APIs
Less than a week, start to finish (~2 hours of your time)
Built with your team; extend to anything else in the company
Book a Demo

Technical specifications

SCIM Version

Not specified

Supported Operations

Not specified

Supported Attributes

No SCIM support availableManual user management onlySSO via custom SAML configuration

Plan requirement

Not specified

Prerequisites

Not specified

Key limitations

  • No SCIM support available
  • Manual user management only
  • SSO via custom SAML configuration

Documentation not available.

Unlock SCIM for
Darktrace

Darktrace has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.

See how it works
Admin Console
Directory
Applications
Darktrace logo
Darktrace
via Stitchflow

Last updated: 2026-01-20

* Pricing and features sourced from public documentation.

Keep exploring

Related apps

Abnormal Security logo

Abnormal Security

No SCIM

Security / Email Security

ProvisioningNot Supported
Manual Cost$9,490/yr

Abnormal Security, the AI-powered email security platform protecting against BEC and phishing attacks, does not offer SCIM provisioning on any plan. While the platform supports SAML 2.0 SSO integration with identity providers like Okta and Entra ID, this only handles authentication—not automated user lifecycle management. Security teams must manually provision and deprovision analyst access through Abnormal's portal, creating operational overhead and potential security gaps in a platform specifically designed to protect against email-based threats. This manual provisioning model creates significant challenges for security operations. When new SOC analysts join or existing team members change roles, IT admins must coordinate manual account creation and permission updates in Abnormal Security. For a platform that's critical to threat detection and incident response, delays in provisioning can leave security gaps, while delayed deprovisioning creates compliance risks. The irony is stark: a security platform designed to prevent account takeover and credential abuse lacks the automated provisioning controls that prevent exactly these risks.

View full guide
Airwallex logo

Airwallex

No SCIM
ProvisioningNot Supported
Manual Cost$9,490/yr

Airwallex, the global payments and treasury platform, offers no SCIM provisioning support on any plan, including their custom Accelerate enterprise tier. Despite being positioned for enterprise use with features like multi-entity management and advanced treasury controls, Airwallex lacks any official identity provider integrations—no SSO, no provisioning, and no presence in major IdP galleries like Okta's OIN or Microsoft Entra. This creates a significant operational burden for IT teams managing financial access across growing organizations, where manual user provisioning and deprovisioning in a payments platform presents both efficiency and security risks. The absence of identity management capabilities means IT administrators must manually create, update, and remove user accounts in Airwallex—a particularly concerning gap given that this platform handles sensitive financial operations, cross-border payments, and treasury management. Without automated deprovisioning, former employees could retain access to financial systems, creating compliance risks and potential security vulnerabilities that most finance and IT teams cannot afford to overlook.

View full guide
Alkami logo

Alkami

No SCIM
ProvisioningNot Supported
Manual Cost$9,490/yr

Alkami, the digital banking platform used by banks and credit unions, does not offer SCIM provisioning or public SSO integrations. As an enterprise-only platform with custom pricing, Alkami appears to handle user management through direct account administration rather than standardized identity protocols. This creates significant challenges for financial institutions that need to integrate Alkami with their existing identity infrastructure—particularly problematic given the compliance requirements and security standards that banks must maintain. The lack of automated provisioning means IT teams at financial institutions must manually create, update, and deprovision user accounts in Alkami. For a platform handling sensitive financial data and customer information, this manual approach introduces compliance risks and operational overhead. Banks typically require seamless integration between their core identity systems and all applications accessing customer data.

View full guide