Summary and recommendation
Heap supports SCIM provisioning, but only on Enterprise plans through their Okta integration. The product analytics platform offers comprehensive user lifecycle management—creating, updating, and deactivating accounts, plus group linking and schema discovery for custom attributes. However, Enterprise pricing represents a significant jump from their Pro tier, and SCIM is exclusively tied to Okta, leaving Microsoft Entra ID and Google Workspace customers without automated provisioning options.
This creates a familiar bind for IT teams: pay Enterprise premiums for analytics features your product teams don't need, or manually manage user access to critical product data. With Heap containing sensitive customer behavior analytics and conversion funnels, manual provisioning creates compliance gaps and increases the risk of former employees retaining access to competitive intelligence.
The strategic alternative
Heap gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ❌ | SSO only |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Heap accounts manually. Here's what that costs:
The Heap pricing problem
Heap gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Free | $0 (up to 10K sessions/mo) | ||
| Growth | Contact for pricing | ||
| Pro | Contact for pricing | ||
| Enterprise | Custom pricing |
Plan Structure
| Plan | Price | SCIM |
|---|---|---|
| Free | $0 (up to 10K sessions/mo) | ❌ |
| Growth | Contact for pricing | ❌ |
| Pro | Contact for pricing | ❌ |
| Enterprise | Custom pricing | ✓ |
What this means in practice
Heap's opaque Enterprise pricing model makes it difficult to estimate costs, but industry benchmarks suggest Enterprise analytics platforms typically start at $50K+ annually. For product teams evaluating Heap:
Additional constraints
Summary of challenges
- Heap supports SCIM but only at Enterprise tier (Custom pricing (data warehouse integration, region storage))
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Heap doesn't sell SCIM à la carte. It's bundled with Enterprise features:
The Okta-only SCIM limitation means you're also locked into a specific IdP ecosystem, even at the Enterprise tier.
Stitchflow Insight
The Enterprise upgrade forces you into custom pricing negotiations for features like advanced analytics infrastructure and data residency that most teams don't need. If you just want automated user provisioning for your product analytics team, you're paying enterprise rates for capabilities you won't use. We estimate ~80% of Enterprise features are irrelevant for teams that only need SCIM to manage analyst and PM access.
What IT admins are saying
Community sentiment on Heap's SCIM implementation is mixed, with appreciation for the feature but frustration about access barriers. Common complaints:
While specific community quotes weren't available in our research, the pattern is clear from integration documentation and pricing structures.
- Enterprise plan requirement locks out smaller product teams who need SCIM
- Okta-only SCIM support excludes teams using Microsoft Entra ID or Google Workspace
- Custom pricing makes it difficult to budget for identity automation
- Session-based pricing model creates uncertainty about long-term costs
The recurring theme
Heap's SCIM is technically solid but commercially restrictive - teams need Enterprise pricing just to automate user provisioning, and non-Okta shops are left without native options.
The decision
| Your Situation | Recommendation |
|---|---|
| On Growth or Pro, need SCIM | Use Stitchflow: avoid the Enterprise tier jump |
| Already on Enterprise | Use native SCIM: you're paying for it |
| Only using Okta for SSO | Evaluate Stitchflow: simpler than multi-product integration |
| Need Enterprise features beyond SCIM | Evaluate Enterprise: SCIM comes bundled |
| Small product team, low user churn | Manual may be tolerable: but watch for project access gaps |
The bottom line
Heap's Enterprise-only SCIM requirement forces teams to upgrade from Growth/Pro plans just for provisioning automation. For product teams that need SCIM without the Enterprise commitment, Stitchflow delivers the same user lifecycle management at predictable flat pricing.
Make Heap workflows AI-native
Heap gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- Enterprise plan required for SCIM
- Okta integration primary SCIM method
- Schema discovery for custom attributes
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Docs
Full SCIM provisioning. Supports create, update, deactivate users. Group linking and schema discovery supported.
Heap gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Heap
Heap gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
