Summary and recommendation
InVision supports SCIM 2.0 for automated user provisioning, but only on Enterprise plans starting at $14,000-$72,000/year depending on team size. While the SCIM implementation covers basic user lifecycle management (create, update, deactivate), it has notable restrictions: SAML SSO must be configured first, email and name changes in your IdP won't sync back to InVision, and IdP-initiated SSO isn't supported in their current V7 platform.
For design teams on lower-tier plans, upgrading to Enterprise solely for automated provisioning represents a significant cost jump—potentially tens of thousands annually for features beyond what most teams need. The email/name sync limitation is particularly problematic for IT teams managing user attributes centrally, as changes require manual intervention in InVision despite having SCIM enabled.
The strategic alternative
InVision gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages InVision accounts manually. Here's what that costs:
The InVision pricing problem
InVision gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Free | $0 | ||
| Pro | $7.95/user/mo | ||
| Enterprise | $14K-$72K/year |
Note: Enterprise pricing varies dramatically based on user count, ranging from 200 users ($14K-$30K annually) to 1000+ users ($29K-$72K annually).
What this means in practice
For teams currently on Pro plans looking to add SCIM:
| Current Pro Users | Annual Pro Cost | Enterprise Cost | Premium |
|---|---|---|---|
| 50 users | $4,770 | $14,000+ | +$9,230+ |
| 100 users | $9,540 | $20,500+ | +$10,960+ |
| 200 users | $19,080 | $30,000+ | +$10,920+ |
The pricing structure forces even small teams into enterprise-level commitments for basic provisioning functionality.
Additional constraints
Summary of challenges
- InVision supports SCIM but only at Enterprise tier (custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
InVision doesn't sell SCIM separately. It's bundled with Enterprise features at $14K-$72K annually:
Important context: InVision is transitioning/integrating with Miro, which adds uncertainty to long-term Enterprise investments.
The SCIM implementation has notable limitations - email and name updates from your IdP won't sync back to InVision, and you must configure SAML before enabling SCIM. For teams that just need basic user provisioning, roughly 80% of Enterprise features are irrelevant administrative overhead.
If you're already planning an Enterprise upgrade for the collaboration features, SCIM is a solid addition. If you only need automated provisioning, you're paying premium prices for a transitioning product with sync limitations.
What IT admins are saying
Community sentiment on InVision's SCIM implementation reveals mixed experiences, with specific technical limitations creating ongoing frustrations:
- Email and name changes in the IdP don't sync back to InVision profiles
- SAML configuration is mandatory before SCIM setup can begin
- IdP-initiated SSO isn't supported in V7, forcing SP-initiated workflows
- Confusion around the company's transition timeline with Miro integration
We set up SCIM but then realized user profile updates from Azure AD just don't flow through to InVision. Names and email changes stay stuck in the IdP.
The SAML-first requirement caught us off guard during implementation. You literally cannot configure SCIM until SAML is working, which adds deployment complexity.
The recurring theme
InVision's SCIM works for basic provisioning but attribute synchronization gaps and rigid configuration dependencies create operational friction for identity teams.
The decision
| Your Situation | Recommendation |
|---|---|
| On Free/Standard plans, need SCIM | Use Stitchflow: avoid the $14K-72K/year Enterprise jump |
| Already on Enterprise with SCIM | Use native SCIM: you're paying for it |
| Need Enterprise features beyond SCIM | Evaluate Enterprise: SCIM comes bundled |
| Using InVision V7, need IdP-initiated SSO | Consider alternatives: V7 only supports SP-initiated |
| Small design team, low user changes | Manual may work: but plan for transition to Miro |
The bottom line
InVision's Enterprise-only SCIM means most design teams face a massive tier upgrade ($14K-72K/year) just for provisioning automation. With InVision transitioning to Miro, Stitchflow provides managed automation without the Enterprise cost commitment.
Make InVision workflows AI-native
InVision gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- SAML must be configured before SCIM
- IdP-Initiated SSO not supported in V7
- Email/name updates in IdP don't sync to InVision
- SP-initiated SSO required
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Full SCIM provisioning for V6 and V7. Set up SAML first, then enable SCIM. Import members from InVision to Okta supported. Email/name changes don't sync back to InVision.
InVision gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Microsoft tutorial for automatic user provisioning. Configure SCIM API URL and authentication token. Provision on demand feature available for testing.
InVision gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
InVision
InVision gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
