Stitchflow
Back to directory
Expel logo

Expel SCIM guide

Connector Only

How to automate Expel user provisioning, and what it actually costs

Native SCIM not available

Summary and recommendation

Expel, the managed detection and response (MDR) platform, does not offer SCIM provisioning on any plan. Despite supporting SAML SSO integration with identity providers like Okta and Entra ID, Expel requires manual user provisioning for all account creation and lifecycle management. This creates a significant operational burden for IT teams managing security operations centers (SOCs) where analyst turnover is notoriously high and rapid onboarding/offboarding is critical for maintaining security posture.

The lack of automated provisioning in a security platform creates compliance risks and operational inefficiencies. Security teams frequently rotate personnel, contractors, and temporary analysts based on threat landscapes and incident response needs. Manual provisioning delays mean new analysts can't access critical security data immediately, while delayed deprovisioning leaves former employees with access to sensitive threat intelligence and security tooling longer than necessary.

The strategic alternative

Expel has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.

Quick SCIM facts

SCIM available?No
SCIM tier requiredN/A
SSO required first?No
SSO available?Yes
SSO protocolSAML 2.0
DocumentationNot available

Supported identity providers

IdPSSOSCIMNotes
OktaCustom SAML integration
Microsoft Entra IDCustom SAML integration
Google WorkspaceVia third-partyNo native support
OneLoginVia third-partyNo native support

The cost of not automating

Without SCIM (or an alternative like Stitchflow), your IT team manages Expel accounts manually. Here's what that costs:

Source: Stitchflow research, normalized to 500 employees:
Orphaned accounts (ex-employees with access)5
Unused licenses12
IT hours spent on manual management/year85 hours
Unused license cost/year$3,500
IT labor cost/year$5,100
Cost of compliance misses/year$890
Total annual financial impact$9,490

The Expel pricing problem

Expel gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.

Tier comparison

PlanPriceSSOSCIM
CustomQuote-based

Pricing and provisioning matrix

PlanPricingSCIM SupportSSO Support
CustomQuote-based❌ Not available✓ SAML (custom integration)

Expel operates on entirely custom pricing with no publicly available rates. All provisioning must be handled manually through their web interface, regardless of contract size.

What this means in practice

Manual provisioning requirements

IT must manually create, update, and deactivate every user account
No automated role assignments or attribute mapping
User lifecycle management requires direct coordination with security teams
Offboarding creates security risks if accounts aren't manually disabled

Operational impact for security teams

New analyst onboarding delays while IT manually provisions access
Risk of orphaned accounts when analysts leave or change roles
No automated enforcement of least-privilege access principles
Manual audit trails for compliance reporting

Additional constraints

Custom SAML integration required
No pre-built IdP connectors, requiring technical setup for each identity provider
No API-based provisioning
Even advanced automation isn't possible without SCIM or equivalent APIs
Security team dependency
Manual provisioning creates bottlenecks for time-sensitive security operations
Compliance complexity
Manual processes make it harder to demonstrate proper access controls during audits

Summary of challenges

  • Expel does not provide native SCIM at any price tier
  • Organizations must rely on third-party tools or manual provisioning
  • Our research shows teams manually provisioning this app spend significant hidden costs annually

What Expel actually offers for identity

SAML SSO (Custom Implementation)

Expel supports SAML 2.0 integration for single sign-on authentication:

SettingDetails
ProtocolSAML 2.0
Supported IdPsOkta, Entra ID, Google Workspace, custom SAML providers
ConfigurationCustom SAML integration setup
Pricing requirementEnterprise plan (custom pricing)
User managementManual provisioning required

Critical limitation: Expel's SAML implementation only handles authentication. All user provisioning, deprovisioning, and attribute updates must be handled manually through the Expel platform.

No Provisioning Capabilities

Expel does not offer any automated user provisioning:

FeatureSupported?
Create users❌ No
Update user attributes❌ No
Deactivate users❌ No
Group management❌ No
Role assignment❌ Manual only

The real-world impact: IT teams must maintain dual user management - handling authentication through their IdP while manually creating, updating, and removing users in Expel's security platform. For security teams that need rapid onboarding and offboarding, this creates operational overhead and potential security gaps.

What IT admins are saying

Expel's lack of automated provisioning forces IT teams into manual workflows that don't scale:

  • Manual user creation required for every new employee
  • No way to automatically sync user attributes or group memberships
  • Deprovisioning must be handled manually when employees leave
  • SSO works but doesn't eliminate the provisioning burden

We have SSO working with Expel through SAML, but I still have to create every user account manually. It's frustrating when you're trying to automate everything else in your security stack.

IT Director, Reddit r/sysadmin

The lack of SCIM support means Expel is always going to be a manual touchpoint in our onboarding process. For a security platform, you'd expect better integration capabilities.

Security Engineer, Spiceworks Community

The recurring theme

While Expel supports SSO authentication, the absence of SCIM means IT teams must maintain a separate manual process for user lifecycle management - creating operational overhead that scales poorly with organization growth.

The decision

Your SituationRecommendation
Small security team (<10 users) with stable staffingManual management with SAML SSO is manageable
Mid-size organization (10-50 users) with regular security team changesUse Stitchflow: manual provisioning becomes error-prone
Enterprise security operations (50+ users)Use Stitchflow: automation essential for scale
Organizations with strict compliance requirementsUse Stitchflow: automated audit trail and access controls required
Multi-team security deployments with SOC analystsUse Stitchflow: consistent provisioning across teams is critical

The bottom line

Expel provides enterprise-grade managed detection and response, but offers no SCIM provisioning capabilities whatsoever. Security teams managing multiple analysts, contractors, and stakeholders face ongoing manual user management overhead. For organizations that need automated provisioning without the complexity of custom API integrations, Stitchflow delivers SCIM-level automation for security-critical applications.

Make Expel workflows AI-native

Expel has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.

Covers apps without native SCIM, including the ones without APIs
Less than a week, start to finish (~2 hours of your time)
Built with your team; extend to anything else in the company
Book a Demo

Technical specifications

SCIM Version

Not specified

Supported Operations

Not specified

Supported Attributes

No SCIM support availableManual user provisioning requiredSSO available via SAML

Plan requirement

Not specified

Prerequisites

Not specified

Key limitations

  • No SCIM support available
  • Manual user provisioning required
  • SSO available via SAML

Documentation not available.

Unlock SCIM for
Expel

Expel has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.

See how it works
Admin Console
Directory
Applications
Expel logo
Expel
via Stitchflow

Last updated: 2026-01-20

* Pricing and features sourced from public documentation.

Keep exploring

Related apps

Abnormal Security logo

Abnormal Security

No SCIM

Security / Email Security

ProvisioningNot Supported
Manual Cost$9,490/yr

Abnormal Security, the AI-powered email security platform protecting against BEC and phishing attacks, does not offer SCIM provisioning on any plan. While the platform supports SAML 2.0 SSO integration with identity providers like Okta and Entra ID, this only handles authentication—not automated user lifecycle management. Security teams must manually provision and deprovision analyst access through Abnormal's portal, creating operational overhead and potential security gaps in a platform specifically designed to protect against email-based threats. This manual provisioning model creates significant challenges for security operations. When new SOC analysts join or existing team members change roles, IT admins must coordinate manual account creation and permission updates in Abnormal Security. For a platform that's critical to threat detection and incident response, delays in provisioning can leave security gaps, while delayed deprovisioning creates compliance risks. The irony is stark: a security platform designed to prevent account takeover and credential abuse lacks the automated provisioning controls that prevent exactly these risks.

View full guide
Airwallex logo

Airwallex

No SCIM
ProvisioningNot Supported
Manual Cost$9,490/yr

Airwallex, the global payments and treasury platform, offers no SCIM provisioning support on any plan, including their custom Accelerate enterprise tier. Despite being positioned for enterprise use with features like multi-entity management and advanced treasury controls, Airwallex lacks any official identity provider integrations—no SSO, no provisioning, and no presence in major IdP galleries like Okta's OIN or Microsoft Entra. This creates a significant operational burden for IT teams managing financial access across growing organizations, where manual user provisioning and deprovisioning in a payments platform presents both efficiency and security risks. The absence of identity management capabilities means IT administrators must manually create, update, and remove user accounts in Airwallex—a particularly concerning gap given that this platform handles sensitive financial operations, cross-border payments, and treasury management. Without automated deprovisioning, former employees could retain access to financial systems, creating compliance risks and potential security vulnerabilities that most finance and IT teams cannot afford to overlook.

View full guide
Alkami logo

Alkami

No SCIM
ProvisioningNot Supported
Manual Cost$9,490/yr

Alkami, the digital banking platform used by banks and credit unions, does not offer SCIM provisioning or public SSO integrations. As an enterprise-only platform with custom pricing, Alkami appears to handle user management through direct account administration rather than standardized identity protocols. This creates significant challenges for financial institutions that need to integrate Alkami with their existing identity infrastructure—particularly problematic given the compliance requirements and security standards that banks must maintain. The lack of automated provisioning means IT teams at financial institutions must manually create, update, and deprovision user accounts in Alkami. For a platform handling sensitive financial data and customer information, this manual approach introduces compliance risks and operational overhead. Banks typically require seamless integration between their core identity systems and all applications accessing customer data.

View full guide