Summary and recommendation
iManage, the leading legal document management platform, does not support native SCIM provisioning on any plan. While iManage offers SAML SSO integration with identity providers like Okta and Microsoft Entra ID, user provisioning relies entirely on Just-In-Time (JIT) provisioning and their Directory Sync Service. This means users must either be manually created in iManage before SSO authentication or rely on JIT creation during first login—neither approach provides the granular lifecycle management that IT teams need for compliance and security.
The gap this creates is particularly problematic for law firms and legal departments managing hundreds or thousands of users across multiple matters and client teams. Without true provisioning capabilities, IT administrators cannot programmatically assign users to specific libraries, set appropriate permissions, or ensure immediate deprovisioning when employees leave or change roles. Given the sensitive nature of legal documents and strict compliance requirements in the legal industry, this manual approach creates significant security and audit risks.
The strategic alternative
iManage has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | iManage supports SAML SSO via Okta but no OIN listing with provisioning. Uses JIT provisioning and Directory Sync Service. |
| Microsoft Entra ID | ✓ | ❌ | Supports SAML and OIDC SSO with Microsoft Entra ID. No SCIM provisioning - uses JIT provisioning instead. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages iManage accounts manually. Here's what that costs:
The iManage pricing problem
iManage gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | $39/user/mo | ||
| Business | $50-75/user/mo | ||
| Enterprise | Custom quote |
Pricing structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | $39/user/mo | ||
| Business | $50-75/user/mo | ||
| Enterprise | Custom quote |
What this means in practice
No automated user lifecycle management: Without SCIM, IT teams must manually create users in iManage before they can access the system, even with SSO enabled. When employees join, change roles, or leave, each change requires manual intervention in both your IdP and iManage.
JIT provisioning creates gaps: While iManage supports JIT provisioning, users still need to be pre-configured with appropriate permissions and workspace access. A new attorney can't simply click a link and automatically get access to the right client files and libraries.
Directory Sync Service limitations: iManage's Directory Sync Service requires additional configuration and doesn't provide real-time synchronization. Changes in your Active Directory may take hours or longer to reflect in iManage, creating security gaps and user frustration.
Additional constraints
Summary of challenges
- iManage does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What iManage actually offers for identity
SAML SSO (Standard on all plans)
iManage supports SAML 2.0 integration with enterprise identity providers:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0, OIDC |
| Supported IdPs | Okta, Microsoft Entra ID, Google Workspace |
| Configuration | Standard SAML metadata exchange |
| User creation | Just-in-Time (JIT) provisioning only |
Critical limitation: iManage has no native SCIM endpoint. User provisioning relies entirely on JIT provisioning, which only creates accounts when users first log in—no bulk provisioning, deprovisioning, or group management.
Microsoft Entra ID Integration
The official Microsoft Entra ID integration provides:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| OIDC SSO | ✓ Yes |
| SCIM provisioning | ❌ No |
| Create users | ❌ No (JIT only) |
| Update users | ❌ No |
| Deactivate users | ❌ No |
| Group sync | ❌ No |
Directory Sync Service (Enterprise add-on)
iManage offers a proprietary Directory Sync Service as an alternative to SCIM:
The reality: Most organizations need cloud-based provisioning that works with modern IdPs like Okta or Google Workspace. iManage's Directory Sync Service is designed for traditional on-premise environments and doesn't deliver the automated lifecycle management that IT teams expect from SCIM.
What IT admins are saying
iManage's lack of native SCIM provisioning forces IT teams into manual workflows and expensive implementation projects:
- Manual user creation required even with SSO - JIT provisioning doesn't eliminate the administrative burden
- Directory Sync Service adds complexity without delivering true automated provisioning
- Implementation costs ranging from $5,000 to $50,000+ put automated user management out of reach for many organizations
- On-premise deployments require significant infrastructure investment on top of licensing costs
Users must be created in iManage before SSO or via JIT provisioning
Implementation costs can range from $5,000 to $50,000+
The recurring theme
Even Enterprise customers paying custom pricing don't get true SCIM provisioning - just expensive workarounds that still require manual intervention for user lifecycle management.
The decision
| Your Situation | Recommendation |
|---|---|
| Small law firm (<25 users) with stable staff | Manual user management is acceptable |
| Mid-size firm with occasional turnover | Consider Stitchflow for consistency and audit requirements |
| Large law firm (100+ users) with frequent staff changes | Use Stitchflow: automation essential for compliance and efficiency |
| Multi-office legal organization | Use Stitchflow: centralized provisioning critical for security |
| Enterprise legal department with strict compliance | Use Stitchflow: automated audit trail and SOC 2 certification required |
The bottom line
iManage offers enterprise-grade document management for legal teams, but it lacks modern identity provisioning capabilities—no SCIM support means relying on JIT provisioning or manual user creation. For legal organizations that need automated user lifecycle management with proper audit trails, Stitchflow delivers SCIM-level provisioning without the complexity of custom integrations.
Make iManage workflows AI-native
iManage has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No native SCIM endpoint - uses JIT provisioning and Directory Sync Service instead
- Users must be created in iManage before SSO or via JIT provisioning
- Implementation costs can range from $5,000 to $50,000+
- On-premise deployment requires significant server infrastructure investment
Documentation not available.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app
Where to enable
Supports SAML and OIDC SSO with Microsoft Entra ID. No SCIM provisioning - uses JIT provisioning instead.
Use Stitchflow for automated provisioning.
Unlock SCIM for
iManage
iManage has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
