Summary and recommendation
Fivetran supports SCIM (the protocol that lets your identity provider automatically create, update, and remove user accounts). But Fivetran restricts SCIM to its Enterprise or Business Critical plans, which start at $12K/year minimum commitment—a substantial jump from their Standard plan that offers unlimited users with usage-based pricing.
The gap is significant. While SSO/SAML works on all Fivetran plans, new users joining via just-in-time provisioning arrive with zero permissions. Without SCIM automation, IT teams must manually assign roles for every data engineer, analyst, and BI user—a tedious process that scales poorly as data teams grow. Given Fivetran's role as a central data integration hub, this manual overhead creates bottlenecks for data access and increases security risk from over-provisioned accounts.
The strategic alternative
Fivetran gates SCIM behind Enterprise / Business Critical. Skip the Enterprise / Business Critical plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0, OIDC |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Fivetran accounts manually. Here's what that costs:
The Fivetran pricing problem
Fivetran gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure (Usage-Based + Features)
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Standard | Usage-based, unlimited users | ||
| Enterprise | Usage-based + advanced features | ||
| Business Critical | $12K/year minimum commitment |
Note: March 2025 pricing change switches to per-connection MAR calculation, typically increasing costs 40-70% for multi-connector setups. Annual costs range from $10K-$500K+ depending on data volume.
What this means in practice
Without SCIM on lower tiers, new users provisioned via JIT (Just-In-Time) SSO are created with zero permissions. This creates a manual bottleneck where IT admins must:
For data teams where connector access determines what sources users can sync, this manual process significantly delays onboarding and creates ongoing administrative overhead.
Additional constraints
Summary of challenges
- Fivetran supports SCIM but only at Enterprise tier (Business Critical (highest tier) - $12K/year minimum commitment)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Fivetran doesn't sell SCIM separately. It's bundled with Enterprise/Business Critical tier features:
Stitchflow Insight
The $12K minimum annual commitment gets you enterprise-grade data platform features, but if you just need automated user provisioning for your data team, you're paying for extensive platform capabilities you likely won't use. We estimate ~60% of Enterprise/Business Critical features are irrelevant for organizations that primarily need SCIM to automate connector permissions and user lifecycle management.
What IT admins are saying
Community sentiment on Fivetran's SCIM restrictions reveals frustration with enterprise-only gatekeeping. Common complaints:
- SCIM locked behind Enterprise/Business Critical plans ($12K+ minimum)
- Without SCIM, new JIT users get zero permissions by default
- Manual role assignment becomes a bottleneck for data teams
- Major pricing overhaul in March 2025 causing 40-70% cost increases
New users created through JIT provisioning have no permissions if SCIM isn't enabled. So you're stuck doing manual role assignments for every data engineer.
The Enterprise plan requirement for SCIM is rough when you just need basic user automation. We're paying for features we'll never use.
The recurring theme
Fivetran forces teams into expensive enterprise tiers just to avoid manual user management, creating a costly barrier for automated provisioning in data teams.
The decision
| Your Situation | Recommendation |
|---|---|
| On Standard plan, need SCIM | Use Stitchflow: avoid the $12K/year minimum commitment jump |
| Need automated provisioning but not Enterprise features | Use Stitchflow: build complete workflows across every app in less than a week (~2 hours of your time). |
| Already on Business Critical plan | Use native SCIM: you're paying for it |
| Heavy data volume with Enterprise budget | Evaluate Business Critical: SCIM comes bundled with advanced features |
| Small data team, infrequent user changes | Manual may work: but monitor for permission gaps as team grows |
The bottom line
Fivetran's SCIM requires their highest-tier Business Critical plan with a $12K/year minimum commitment. For data teams that need automated provisioning without the enterprise-level investment, Stitchflow delivers the same automation at a fraction of the cost.
Make Fivetran workflows AI-native
Fivetran gates SCIM behind Enterprise / Business Critical. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- New JIT users created with no permissions if SCIM not enabled
- Browser session timeout requires Enterprise/Business Critical plan
- Manual role assignment needed without SCIM
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Create, update, deactivate users via SCIM. Account Administrator role required. SCIM disables direct user management in Fivetran. Team roles not configurable via SCIM.
Fivetran gates SCIM behind Enterprise / Business Critical. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Enterprise/Business Critical required. Create non-gallery app with custom roles matching Fivetran RBAC. Destination/connection-level roles not supported via SCIM.
Fivetran gates SCIM behind Enterprise / Business Critical. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Fivetran
Fivetran gates SCIM behind Enterprise / Business Critical plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
