Summary and recommendation
Epic, the dominant EHR platform used by over 300 million patients, does not offer native SCIM provisioning. While Epic supports SSO integration, user provisioning requires expensive third-party middleware solutions from vendors like BeyondID, IDMWORKS, or Aquera. These middleware connectors add significant complexity and cost to what should be a standard provisioning workflow. The third-party solutions also have notable limitations - they don't support Groups via SCIM and lack several SCIM 2.0 attributes including phoneNumbers, addresses, and x509Certificates.
The lack of native provisioning creates a costly gap for healthcare organizations. Implementation costs for these middleware solutions range from $150K for small clinics to $10M+ for large hospitals, with ongoing maintenance and support fees. This forces IT teams to choose between manual user management (a compliance risk in HIPAA environments) or investing in complex, expensive middleware just to achieve basic user lifecycle automation. Given Epic's custom pricing that can reach $500M+ for large health systems, the additional middleware costs compound an already expensive platform.
The strategic alternative
Stitchflow provides SCIM-level provisioning through resilient browser automation for Epic without requiring expensive third-party middleware. Works with any Epic implementation and any IdP. Flat pricing under $5K/year, a fraction of traditional middleware costs.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | No native Epic OIN app. Provisioning available via third-party connectors: BeyondID, IDMWORKS, and Aquera. These are middleware solutions, not native Epic SCIM. |
| Microsoft Entra ID | ✓ | ❌ | Epic to AD/Entra ID sync available via Aquera Sync Bridge. Not a native Epic integration. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Epic accounts manually. Here's what that costs:
The Epic pricing problem
Epic gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Enterprise | Custom ($1.2K-$500M+) |
Pricing structure
| Plan | Price | SCIM |
|---|---|---|
| Enterprise | Custom ($1.2K-$500M+) | ❌ Third-party only |
Epic's implementation costs alone range from $150K for small clinics to $10M+ for large hospital systems, before adding provisioning middleware costs.
What this means in practice
Epic's lack of native SCIM creates a dependency chain that IT teams must manage:
Your integration stack becomes
Real-world complications
Additional constraints
Summary of challenges
- Epic does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Epic actually offers for identity
Third-Party SCIM Connectors Only
Epic has no native SCIM endpoint. All provisioning happens through expensive third-party middleware solutions:
| Provider | Integration Type | Key Limitations |
|---|---|---|
| BeyondID | SCIM connector via Okta OIN | Middleware dependency, additional licensing costs |
| IDMWORKS | Custom SCIM bridge | Requires separate infrastructure and maintenance |
| Aquera | AD/Entra ID sync bridge | Limited to Microsoft environments |
What These Connectors Actually Support
Even with third-party middleware, Epic's SCIM implementation is severely limited:
Supported SCIM Operations:
Not Supported:
SAML SSO (Enterprise Only)
Epic supports SAML 2.0 federation on Enterprise plans:
| Feature | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Most enterprise providers |
| User requirement | Accounts must exist in Epic before SSO |
| HIPAA compliance | Additional security configurations required |
Critical gap: Epic's SSO requires pre-existing user accounts, making the lack of robust provisioning even more problematic for healthcare organizations managing thousands of clinical users.
The Real Cost Problem
Epic implementations typically cost $150K-$10M+ depending on organization size. Adding third-party SCIM middleware means:
For healthcare organizations already spending hundreds of thousands on Epic licensing, the broken provisioning story creates an expensive operational headache.
What IT admins are saying
Epic's absence of native SCIM forces healthcare IT teams into expensive third-party solutions:
Epic doesn't have native SCIM - you need middleware like BeyondID or IDMWORKS, which adds $50K+ annually
Groups aren't supported through any SCIM connector, so we're still doing manual role assignments
Implementation took 8 months and cost us $200K just for the connector setup
HIPAA compliance makes everything harder - can't use standard provisioning workflows
Epic does not support Groups via SCIM
Several SCIM 2.0 attributes not supported including phoneNumbers, photos, addresses, groups, x509Certificates
The recurring theme
Healthcare organizations pay millions for Epic but get zero native provisioning capabilities. Third-party connectors cost $50K-200K annually and still don't support basic features like group management, forcing IT teams to maintain hybrid manual processes for a system that handles patient data.
The decision
| Your Situation | Recommendation |
|---|---|
| Small clinic (<25 users) with stable staff | Manual management may suffice given low turnover |
| Mid-size hospital (25-200 users) | Use Stitchflow: middleware costs alone justify automation |
| Large health system (200+ users) | Use Stitchflow: essential for scale and compliance |
| Multi-facility organization | Use Stitchflow: automation required across sites |
| HIPAA-compliant environment needing audit trails | Use Stitchflow: comprehensive logging and SOC 2 certification |
The bottom line
Epic has no native SCIM support, forcing organizations into expensive third-party middleware solutions that can cost $150K-$10M+ just to implement. For healthcare organizations that need reliable provisioning without the middleware complexity and enterprise implementation costs, Stitchflow delivers SCIM-level automation at a fraction of the price.
Automate Epic without third-party complexity
Stitchflow delivers SCIM-level provisioning through resilient browser automation, backed by 24/7 human in the loop for Epic at <$5K/year, flat, regardless of team size.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No native SCIM endpoint - requires third-party middleware (BeyondID, IDMWORKS, Aquera)
- Epic does not support Groups via SCIM
- Several SCIM 2.0 attributes not supported (phoneNumbers, photos, addresses, groups, x509Certificates)
- Implementation costs range from $150K for small clinics to $10M+ for large hospitals
- HIPAA compliance requirements add complexity to provisioning
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
No native Epic OIN app. Provisioning available via third-party connectors: BeyondID, IDMWORKS, and Aquera. These are middleware solutions, not native Epic SCIM.
Use Stitchflow for automated provisioning.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app
Where to enable
Epic to AD/Entra ID sync available via Aquera Sync Bridge. Not a native Epic integration.
Use Stitchflow for automated provisioning.
Unlock SCIM for
Epic
Epic doesn't offer SCIM. Get an enterprise-grade SCIM endpoint in your IdP, even without native support.
See how it works
