Summary and recommendation
Drata, the GRC compliance automation platform, does not offer native SCIM provisioning capabilities. While Drata integrates with Okta for SSO authentication via SAML 2.0, user provisioning must be handled manually or through custom API development. This creates a significant operational burden for IT teams managing compliance environments, where employee lifecycle tracking is critical for SOC 2, ISO 27001, and other audit frameworks. The lack of automated provisioning means security and compliance teams must manually onboard and offboard users, creating audit trail gaps and potential compliance risks.
For compliance-focused organizations, this limitation is particularly problematic because Drata serves as the central hub for evidence collection and employee access tracking. Manual user management undermines the very automation that Drata promises for compliance workflows. When employees join or leave, IT teams must remember to provision Drata access separately from their standard SCIM workflows, creating opportunities for oversight that auditors will flag. The irony is stark: a platform designed to automate compliance can't automate its own user provisioning.
The strategic alternative
Drata has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 via Okta |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | Via third-party | ❌ | SSO login with Okta as IDP. SCIM provisioning with group linking, schema discovery, and attribute writeback. Integration verified by Okta. |
| Microsoft Entra ID | Via third-party | ❌ | No dedicated Entra ID integration documentation found. May support generic SAML/SCIM configuration. Contact Drata for Azure AD provisioning options. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Drata accounts manually. Here's what that costs:
The Drata pricing problem
Drata gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Okta SCIM | Enterprise plan ($25K-80K+/year) + Okta | ||
| Manual provisioning | Any plan | ||
| JIT provisioning | SSO setup |
Provisioning options
| Method | Requirements | Limitations |
|---|---|---|
| Okta SCIM | Enterprise plan ($25K-80K+/year) + Okta | Okta-only, no other IdP support |
| Manual provisioning | Any plan | No automation, manual user lifecycle |
| JIT provisioning | SSO setup | Creates accounts but no deprovisioning |
Key limitation: Drata's SCIM integration exists only through Okta's Integration Network. If you use Entra ID, Google Workspace, or OneLogin, you're limited to manual provisioning or basic JIT.
What this means in practice
For non-Okta environments: Your compliance team manually creates and removes Drata accounts for every employee lifecycle event. This defeats the purpose of using GRC software for audit trail automation.
For compliance workflows: Manual provisioning creates gaps in your SOC 2/ISO 27001 evidence collection. Auditors expect to see automated access controls, not spreadsheet-based user management.
For growing teams: Drata's bucket pricing jumps significantly at enterprise scale. Combined with the Okta requirement, you're looking at $25K+ just for basic automated provisioning.
Additional constraints
Summary of challenges
- Drata does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Drata's Enterprise plan (starting at $25,000/year) includes SCIM provisioning through their Okta integration, but it's bundled with a comprehensive GRC platform you may not need.
SCIM Features (Enterprise only)
| Feature | Supported |
|---|---|
| Create users | ✓ Yes |
| Update user attributes | ✓ Yes |
| Deactivate users | ✓ Yes |
| Group assignments | ✓ Yes |
| Automated compliance tracking | ✓ Yes |
What else you're paying for: The Enterprise tier includes advanced compliance frameworks, custom API access, Risk Pro modules, vendor risk management, and Trust Center capabilities. For teams that simply need user provisioning, roughly 80% of these enterprise features are irrelevant.
Identity Provider Support
| IdP | Support Level |
|---|---|
| Okta | Full SCIM integration via OIN |
| Entra ID (Azure AD) | Generic SAML/SCIM (contact Drata) |
| Google Workspace | Generic SAML/SCIM (contact Drata) |
| OneLogin | Generic SAML/SCIM (contact Drata) |
The pricing reality: At $25K-80K annually, you're essentially paying enterprise GRC platform pricing to get basic user provisioning. Most organizations need Drata for compliance automation, not just identity management—but if SCIM is your primary requirement, the cost-to-value ratio is poor.
What IT admins are saying
Community sentiment on Drata's SCIM support reveals frustration with vendor lock-in and pricing barriers:
- SCIM provisioning is only available through Okta integration, leaving teams using other IdPs without automated options
- Enterprise pricing requirements create significant budget hurdles for smaller compliance teams
- Manual user management becomes tedious when scaling compliance programs across growing organizations
- Hidden costs beyond base pricing (professional services, premium support) can inflate total spend by 20-35%
Custom pricing can be high for larger orgs
SCIM for automated provisioning... Enterprise/Scale: $25K-80K+/year
The recurring theme
IT teams want automated provisioning for their compliance platform, but Drata's enterprise-only SCIM and Okta dependency forces many organizations into manual user management or expensive upgrades they may not be ready for.
The decision
| Your Situation | Recommendation |
|---|---|
| Small compliance team (<20 users) | Manual management with SSO is workable |
| Growing security org with quarterly audits | Use Stitchflow: automation prevents compliance gaps |
| Enterprise with SOC 2/ISO 27001 requirements | Use Stitchflow: automated employee tracking essential |
| Multi-framework compliance (HIPAA, PCI, etc.) | Use Stitchflow: complex access reviews need automation |
| Budget-conscious startups on Foundation plan | Evaluate if $25K+ Enterprise upgrade justifies SCIM costs |
The bottom line
Drata forces a difficult choice: pay $25K+ annually for Enterprise plans to get basic SCIM provisioning, or manually manage compliance team access. For organizations serious about automated compliance workflows without the enterprise price tag, Stitchflow delivers full provisioning automation at a fraction of the cost.
Make Drata workflows AI-native
Drata has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Not specifiedPlan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- SCIM primarily via Okta integration
- Pricing varies significantly by company size
- Up to 50 FTE included in base plans
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
SSO login with Okta as IDP. SCIM provisioning with group linking, schema discovery, and attribute writeback. Integration verified by Okta.
Use Stitchflow for automated provisioning.
Unlock SCIM for
Drata
Drata has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
