Summary and recommendation
Datarails offers native SCIM provisioning, but only on Enterprise plans that start at $27,000/year with implementation costs reaching $50,000+. More problematic: Datarails doesn't support Microsoft Azure/Entra ID for SAML SSO at all, which blocks SCIM entirely for the majority of enterprise organizations using Microsoft's identity stack. Even for Okta users, SCIM operations run under the token owner's account, creating a single point of failure.
For finance teams managing FP&A models and reports, this Azure limitation creates a significant gap. Without automated provisioning, IT teams must manually manage analyst access to financial models and role-based report visibility—exactly the kind of repetitive, error-prone work that defeats the purpose of having an enterprise FP&A platform. The high Enterprise pricing barrier compounds this problem for mid-market finance teams.
The strategic alternative
Datarails gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ❌ | SSO only |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Datarails accounts manually. Here's what that costs:
The Datarails pricing problem
Datarails gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Standard | Custom pricing | ||
| Enterprise | $27,000-$88,500/year |
Note: All pricing is custom and requires sales consultation. Implementation services cost an additional $10,000-$50,000+.
What this means in practice
Based on reported Enterprise pricing ranges:
| Finance Team Size | Minimum Enterprise Cost | Average Enterprise Cost | Maximum Enterprise Cost |
|---|---|---|---|
| Small team (10-20) | $27,000/year | $57,750/year | $88,500/year |
| Mid-size (20-50) | $27,000/year | $57,750/year | $88,500/year |
| Large enterprise | $27,000/year | $57,750/year | $88,500/year |
Plus implementation: $10,000-$50,000+ one-time cost for setup and configuration.
Additional constraints
Summary of challenges
- Datarails supports SCIM but only at Enterprise tier (custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Datarails doesn't sell SCIM à la carte. It's bundled with Enterprise features at $27,000/year average pricing:
The catch: Microsoft Azure/Entra ID isn't supported for SAML authentication, making this a non-starter for Azure shops. SCIM operations also run under the admin token owner's account, creating potential security and audit concerns.
Stitchflow Insight
If you need enterprise FP&A controls anyway, the upgrade makes sense for Okta environments. If you just want automated user provisioning or use Azure, you're paying enterprise prices for a solution with significant IdP limitations. We estimate ~60% of Enterprise features are irrelevant for finance teams that only need basic provisioning automation.
What IT admins are saying
Community sentiment on Datarails's SCIM implementation reveals significant frustration with Microsoft ecosystem compatibility. Common complaints:
- Azure/Microsoft Entra ID completely unsupported for SAML authentication
- SCIM tokens tied to individual admin accounts create operational risk
- Enterprise-only pricing forces expensive upgrades for basic provisioning
- Limited IdP choices exclude many Microsoft-centric organizations
Azure SAML not supported
The recurring theme
Microsoft shops are locked out entirely, while other organizations face high enterprise pricing barriers and risky token-based provisioning that breaks when admin users leave.
The decision
| Your Situation | Recommendation |
|---|---|
| Need SCIM but don't want enterprise pricing | Use Stitchflow: avoid the $27K-88K/year enterprise upgrade |
| Using Microsoft Entra ID/Azure AD | Use Stitchflow: Azure SAML isn't supported by Datarails |
| Want SCIM without $10K-50K implementation costs | Use Stitchflow: build complete workflows across every app in less than a week (~2 hours of your time). |
| Already on Enterprise with dedicated IT resources | Use native SCIM: you're paying enterprise pricing anyway |
| Small finance team with low turnover | Manual may work: but watch for security gaps in financial data access |
The bottom line
Datarails forces you into enterprise pricing ($27K-88K/year) plus implementation costs ($10K-50K+) just to get SCIM, and doesn't even support Microsoft Azure. For finance teams that need automated provisioning without the enterprise premium, Stitchflow delivers managed SCIM automation at a fraction of the cost.
Make Datarails workflows AI-native
Datarails gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- Microsoft Azure doesn't support SAML protocol for Datarails
- SCIM requires token generation from admin user
- SCIM operations run under token owner's account
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
DataRails available in OIN with authentication and provisioning. SCIM token generated from admin user account. SCIM operations execute under token owner's account.
Datarails gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Datarails
Datarails gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
