Summary and recommendation
Domino Data Lab supports SCIM provisioning, but only on Enterprise plans with custom pricing that includes per-user licensing plus consumption-based cloud units. This creates a significant barrier for data science teams that need automated user management but don't require enterprise-grade features like advanced governance controls or multi-cloud deployment options. The custom pricing model makes it difficult to predict costs, especially with variable consumption charges.
For teams on Pro or Business plans, the leap to Enterprise represents a substantial investment increase that often includes features unnecessary for core data science workflows. This forces organizations to choose between manual user management (creating security gaps and administrative overhead) or paying for enterprise capabilities they don't need. SSO alone doesn't solve the provisioning problem - IT teams still face manual account creation, role assignment, and deactivation processes.
The strategic alternative
Domino Data Lab gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Domino Data Lab accounts manually. Here's what that costs:
The Domino Data Lab pricing problem
Domino Data Lab gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | Custom (Data Analyst License) | ||
| Business | Custom (Data Science Professional License) | ||
| Enterprise | Custom + Domino Cloud Consumption Units |
Plan Structure
| Plan | Price | SCIM |
|---|---|---|
| Pro | Custom (Data Analyst License) | ❌ |
| Business | Custom (Data Science Professional License) | ❌ |
| Enterprise | Custom + Domino Cloud Consumption Units | ✓ |
What this means in practice
Domino's pricing opacity creates significant budget uncertainty. The Enterprise tier includes:
Without transparent pricing, organizations cannot predict total cost of ownership. Mid-market teams often find the Enterprise tier financially prohibitive, especially when factoring in both seat licenses and compute consumption charges.
Additional constraints
Summary of challenges
- Domino Data Lab supports SCIM but only at Enterprise tier (Custom + Domino Cloud Consumption Units)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Domino Data Lab doesn't sell SCIM à la carte. It's bundled with Enterprise features:
Stitchflow Insight
The Enterprise tier requires custom pricing with per-user licensing plus Domino Cloud Consumption Units—a complex cost model that scales with both users and compute usage. If you need the advanced MLOps governance and security controls, the upgrade delivers value. If you just want automated user provisioning for your data science team, you're paying for extensive platform capabilities you likely won't use. We estimate ~75% of Enterprise features are irrelevant for teams that only need SCIM provisioning.
What IT admins are saying
Community sentiment on Domino Data Lab's SCIM implementation is mixed, with frustrations centered on enterprise-only access and deployment complexity. Common complaints:
- Enterprise pricing requirement locks out smaller data science teams
- Complex deployment model with VPC vs. managed cloud decisions
- Azure AD integration requires precise SAML attribute mapping
- Role mapping breaks with any group name changes in IdP
The role mapping is brittle - if you rename a group in Azure AD, provisioning just stops working until you manually fix the configuration.
We're a 20-person data team and they want us to pay enterprise pricing just to get automated user provisioning. The ROI doesn't work for our size.
The recurring theme
Enterprise-only SCIM pricing excludes smaller teams, while the technical implementation requires ongoing manual maintenance that defeats the automation purpose.
The decision
| Your Situation | Recommendation |
|---|---|
| On Pro or Business, need SCIM | Use Stitchflow: avoid the Enterprise upgrade costs |
| Already on Enterprise | Use native SCIM: you're paying for it |
| Need advanced ML governance beyond SCIM | Evaluate Enterprise: SCIM comes bundled with compliance features |
| Self-managed deployment with complex SSO | Use Stitchflow: avoid SAML attribute mapping complexities |
| Small data science team, low user churn | Manual may be tolerable: but monitor for security gaps |
The bottom line
Domino Data Lab gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Make Domino Data Lab workflows AI-native
Domino Data Lab gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
None
Key limitations
- Enterprise pricing with per-user licensing
- Deployment options: Domino Cloud (managed SaaS) or self-managed VPC
- Azure AD requires Enterprise application with SAML SSO
- Role mapping requires exact group name matches
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Docs
Okta integration supports Create, Update, and Deactivate provisioning. SSO via SAML 2.0 or OIDC. Supports role assignment via Okta groups.
Domino Data Lab gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
SSO via SAML 2.0 with Azure AD. User provisioning supported through SSO integration. Must configure SAML attribute claims.
Domino Data Lab gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Domino Data Lab
Domino Data Lab gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
