Summary and recommendation
Emma, Marigold's email marketing platform, does not offer SCIM provisioning on any plan. While Emma provides SAML 2.0 SSO integration (IdP-initiated only), this only handles authentication, not user lifecycle management. IT teams face a dual provisioning burden: users must be manually created in both their identity provider and Emma separately. Even worse, Emma's SSO implementation has a critical security gap—existing users who had passwords set before SSO was enabled can bypass SSO entirely and log in with their old credentials.
This manual provisioning requirement creates significant operational overhead for marketing teams and agencies managing Emma access. Without automated provisioning, IT administrators must coordinate user creation across two systems for every onboarding and offboarding event. The bypass vulnerability means organizations cannot enforce consistent authentication policies, creating compliance risks for companies with strict identity governance requirements.
The strategic alternative
Stitchflow provides SCIM-level provisioning through resilient browser automation for Emma without requiring any custom development work. Works with any Emma plan and any identity provider (Okta, Entra ID, Google Workspace, OneLogin). Flat pricing under $5K/year, regardless of team size.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 (IdP-initiated only) |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | Via third-party | ❌ | SSO via SWA only (no SAML/OIDC federation). No SCIM provisioning. Users must be created manually in Emma. |
| Microsoft Entra ID | Via third-party | ❌ | No Azure AD/Entra ID integration documented. OneLogin provides SAML and provisioning support. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Emma accounts manually. Here's what that costs:
The Emma pricing problem
Emma gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Starter | Basic tier (pricing by audience size) | ||
| Pro | Plus tier (more customization/automation) | ||
| Business | Teams tier (multi-department management) | ||
| Enterprise | Custom pricing (contact sales) |
Pricing structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Starter | Basic tier (pricing by audience size) | ||
| Pro | Plus tier (more customization/automation) | ||
| Business | Teams tier (multi-department management) | ||
| Enterprise | Custom pricing (contact sales) |
OneLogin exception: OneLogin provides a custom connector that can provision users to Emma, but this requires OneLogin as your IdP and doesn't work with Okta, Entra ID, or Google Workspace.
What this means in practice
Without SCIM provisioning, your IT team faces a double-provisioning workflow:
1. Create user in IdP (Okta/Entra/Google) with Emma access 2. Manually create matching user in Emma with correct permissions 3. Maintain synchronization between both systems for role changes 4. Manual cleanup when users leave or change departments
For a marketing team of 20 users, this represents 40+ manual account operations annually just for basic onboarding/offboarding.
Additional constraints
Summary of challenges
- Emma does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Emma actually offers for identity
SAML SSO (Enterprise tier)
Emma supports basic SAML 2.0 integration, but only through IdP-initiated flows:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 (IdP-initiated only) |
| Supported IdPs | Generic SAML providers |
| Configuration | Upload IdP metadata to Emma |
| User requirement | Accounts must be manually created in Emma first |
Critical limitation: Emma's SSO is IdP-initiated only, meaning users cannot log in directly from Emma's login page. They must start from their identity provider dashboard.
OneLogin Special Case
OneLogin provides the only automated provisioning option for Emma:
| Feature | OneLogin Integration |
|---|---|
| SAML SSO | ✓ Yes |
| User provisioning | ✓ Yes (via OneLogin connector) |
| User deprovisioning | ✓ Yes |
| Group sync | Limited |
This means if you're not using OneLogin as your primary IdP, you're stuck with manual user management.
Okta Integration (SWA only)
The Okta Integration Network listing shows Emma's limitations:
| Feature | Supported? |
|---|---|
| SAML SSO | ❌ No |
| OIDC SSO | ❌ No |
| SWA (password vaulting) | ✓ Yes |
| Create users | ❌ No |
| Update users | ❌ No |
| Deactivate users | ❌ No |
Translation: Okta can only store and replay passwords for Emma logins—no federated SSO or provisioning.
No Azure AD/Entra Support
Emma has no documented integration with Microsoft's identity platform, making it problematic for organizations standardized on Microsoft 365.
Bottom line: Unless you're using OneLogin specifically, Emma requires manual user creation in both your IdP and Emma's platform—defeating the purpose of centralized identity management.
What IT admins are saying
Emma's lack of automated provisioning forces IT teams into manual workflows:
- Manual user creation required in both IdP and Emma
- No JIT provisioning means double the administrative overhead
- SSO only works after manual account setup is complete
- OneLogin is the only option for any form of user provisioning
NO native SCIM or JIT provisioning... Users must be created in both IdP and Emma
Manual user creation required
The recurring theme
Even with SSO configured, IT admins must manually create every Emma account before users can authenticate. This doubles the onboarding work and creates potential access gaps when the manual steps are forgotten.
The decision
| Your Situation | Recommendation |
|---|---|
| Small marketing team (<10 users) with OneLogin | Use OneLogin's native Emma connector |
| Marketing team using Okta, Entra ID, or Google Workspace | Use Stitchflow: no native provisioning available |
| Growing marketing organization (25+ users) | Use Stitchflow: manual user creation doesn't scale |
| Enterprise with compliance requirements | Use Stitchflow: automation essential for audit trail |
| Agency managing multiple Emma accounts | Use Stitchflow: automation critical for client onboarding |
The bottom line
Emma delivers solid email marketing capabilities but completely lacks automated user provisioning—except through OneLogin's proprietary connector. For organizations using any other identity provider or needing scalable user management, Stitchflow eliminates the manual overhead of creating users in two separate systems.
Automate Emma without third-party complexity
Stitchflow delivers SCIM-level provisioning through resilient browser automation, backed by 24/7 human in the loop for Emma at <$5K/year, flat, regardless of team size.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- NO native SCIM or JIT provisioning
- Users must be created in both IdP and Emma
- IdP-initiated SSO only (not SP-initiated)
- Existing users can bypass SSO if password was set before SSO enabled
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
SSO via SWA only (no SAML/OIDC federation). No SCIM provisioning. Users must be created manually in Emma.
Use Stitchflow for automated provisioning.
Unlock SCIM for
Emma
Emma doesn't offer SCIM. Get an enterprise-grade SCIM endpoint in your IdP, even without native support.
See how it works
