Summary and recommendation
Dynatrace supports SCIM 2.0 for automated user provisioning, but only on its Enterprise plan with consumption-based pricing starting around $69/user/month and typical minimum commitments of $2,000+/month. While the SCIM implementation is robust (supporting user lifecycle management, group sync, and proper deactivation), it requires DNS domain verification before setup and has some quirks like 40-minute sync delays with Azure AD and separate SCIM/SAML group handling.
For platform teams managing observability access across development environments, the Enterprise pricing barrier is significant. A 50-person team faces $41,400/year minimum just for the licensing, often to access SCIM features they need for compliance but may not require the full Enterprise feature set. The domain verification requirement also adds deployment friction that delays rollouts.
The strategic alternative
Dynatrace gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Dynatrace accounts manually. Here's what that costs:
The Dynatrace pricing problem
Dynatrace gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Free Trial | 15 days | ||
| SaaS Standard | DPS consumption-based | ||
| SaaS Enterprise | Custom (typically $2,000+/month minimum) |
Note: Dynatrace uses consumption-based pricing starting at ~$0.08/hour per 8 GiB host for Full-Stack Monitoring, with additional charges for infrastructure monitoring and log management.
What this means in practice
Unlike per-user pricing, Dynatrace's consumption model makes it difficult to predict the true cost of Enterprise access:
Typical scenarios
The pricing model creates a significant barrier since organizations pay for monitoring capacity regardless of how many users need provisioning access.
Additional constraints
Summary of challenges
- Dynatrace supports SCIM but only at Enterprise tier (Custom (DPS consumption-based, ~$69/user/month starting, $2000+/month minimum commitment typical))
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Dynatrace doesn't sell SCIM à la carte. It's bundled with SaaS Enterprise features on their consumption-based DPS (Dynatrace Platform Subscription) model:
The challenge with Dynatrace's Enterprise requirement is the consumption-based pricing model. You're not just paying for identity features—you're committing to their full observability platform at enterprise scale (~$69/user/month with typical $2000+/month minimums). If your primary need is automated provisioning for your existing Dynatrace deployment, you're paying for platform capabilities you may already have sized appropriately.
Stitchflow Insight
We estimate ~80% of Enterprise DPS features are observability-focused rather than identity-focused, making this an expensive path for teams that simply want to automate user management on their current Dynatrace instance.
What IT admins are saying
Community sentiment on Dynatrace's SCIM implementation is mixed, with administrators appreciating the functionality but frustrated by access barriers and complexity. Common complaints:
- Enterprise plan requirement creates a high barrier to entry for SCIM automation
- DNS domain verification requirement adds unnecessary setup complexity
- Azure sync delays (~40 minutes) create provisioning lag that impacts onboarding
- Separate SCIM and SAML group management creates administrative overhead
The domain verification step via DNS TXT records is an extra hurdle that most other platforms don't require - adds time to what should be a straightforward SCIM setup.
We're paying enterprise prices just to get basic user provisioning automated. The consumption model already makes this expensive enough.
The recurring theme
While Dynatrace offers robust SCIM functionality, the enterprise pricing gate and complex setup requirements create friction for teams who just want automated user management.
The decision
| Your Situation | Recommendation |
|---|---|
| Need SCIM but not on Enterprise tier | Use Stitchflow: avoid the $2K+/month minimum commitment |
| On Enterprise, domain verification is blocking you | Use Stitchflow: bypass DNS requirements and 40-minute sync delays |
| Want SCIM + SAML without complexity | Use native: Enterprise includes both with full integration |
| Already paying Enterprise minimum commitment | Use native SCIM: you're already paying for it |
| Small DevOps team, low turnover | Manual may work: but monitor for environment access gaps |
The bottom line
Dynatrace gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Make Dynatrace workflows AI-native
Dynatrace gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- Domain verification via DNS TXT record required
- Azure sync every ~40 minutes
- SCIM groups are separate from SAML groups
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Full SCIM 2.0 support. Can use SCIM 2.0 Test App (Header Auth) or OAuth Bearer Token. Supports create, update, deactivate users and groups.
Dynatrace gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Azure sync every ~40 minutes. Supports user and group provisioning. JIT provisioning enabled by default.
Dynatrace gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Dynatrace
Dynatrace gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
