Summary and recommendation
Iterable, the marketing automation platform, does not support SCIM provisioning on any plan. While Iterable offers SAML 2.0 SSO with just-in-time (JIT) provisioning that can create user accounts on first login, this creates a one-way flow that leaves IT teams without automated deprovisioning capabilities. Users who lose access in your identity provider won't be automatically removed from Iterable, requiring manual intervention to verify account status and revoke access within the platform itself.
This creates a significant security gap for marketing teams using Iterable. When employees leave or change roles, their Iterable accounts remain active even after IdP access is revoked, potentially allowing continued access to customer data, campaign insights, and marketing automation workflows. For compliance-conscious organizations, this manual deprovisioning requirement creates audit trail gaps and increases the risk of data exposure from dormant accounts.
The strategic alternative
Stitchflow provides SCIM-level provisioning through resilient browser automation for Iterable without requiring enterprise-tier pricing or custom development work. Works with any Iterable plan and any identity provider. Flat pricing under $5K/year, regardless of team size.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | Via third-party | ❌ | Iterable supports SAML SSO with Okta but does NOT support SCIM provisioning. JIT provisioning creates users on first login. Roles can be managed via SAML attributes. |
| Microsoft Entra ID | Via third-party | ❌ | Iterable supports SAML SSO with Azure AD but does NOT support SCIM provisioning. JIT provisioning available. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Iterable accounts manually. Here's what that costs:
The Iterable pricing problem
Iterable gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Growth | $800/month (1K users) | ||
| Enterprise | $20,000+/year |
Pricing and provisioning options
| Plan | Pricing | SSO | SCIM |
|---|---|---|---|
| Growth | $800/month (1K users) | ❌ Not available | ❌ Not available |
| Enterprise | $20,000+/year | ✓ SAML with JIT | ❌ Not available |
Implementation costs
What this means in practice
Without SCIM, Iterable forces IT teams into a hybrid provisioning model that creates security and operational gaps:
User onboarding: New users must first be granted IdP access, then manually log in to trigger JIT account creation. There's no way to pre-provision accounts or assign specific roles before first login.
Role management: User roles are determined solely by SAML attributes passed during login. Any role changes require IdP configuration updates and user re-authentication to take effect.
Deprovisioning gaps: Removing users from your IdP prevents future logins but doesn't automatically disable their Iterable accounts. IT teams must manually verify and potentially revoke access within Iterable itself.
Additional constraints
This creates a compliance risk for marketing automation platforms that often handle sensitive customer data and campaign strategies.
Summary of challenges
- Iterable does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Iterable actually offers for identity
SAML SSO with JIT provisioning (Enterprise tier)
Iterable provides SAML 2.0 single sign-on with just-in-time account creation:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, Azure AD, Google Workspace, generic SAML |
| JIT provisioning | ✓ Creates accounts on first login |
| Role management | Via SAML attributes |
| Strict mode | Optional - blocks non-SSO logins |
Key limitation: There's no automated deprovisioning. When you remove someone from your IdP, their Iterable account remains active. You must manually verify and disable accounts in Iterable after removing IdP access.
What's missing: SCIM provisioning
| SCIM Feature | Iterable Support |
|---|---|
| Automated user creation | ❌ No (JIT only) |
| Automated user updates | ❌ No |
| Automated deprovisioning | ❌ No |
| Group/role sync | ❌ No |
| Real-time provisioning | ❌ No |
Translation: Iterable gives you federated login but no lifecycle management. For marketing automation platforms handling sensitive customer data and campaign access, this creates security gaps when team members leave or change roles.
The deprovisioning problem
When someone leaves your team: 1. Remove them from your IdP (blocks future logins) 2. Manually check Iterable for active sessions 3. Manually disable their Iterable account if needed
This manual verification step is exactly what SCIM eliminates - and why IT teams often require it for SaaS applications with access to customer data.
What IT admins are saying
Iterable's lack of SCIM provisioning creates ongoing administrative overhead for IT teams:
- No automated user provisioning - all accounts must be manually created or rely on JIT
- Deprovisioning requires dual action: removing IdP access AND manually checking Iterable
- Role management limited to SAML attributes with no granular control
- No systematic way to audit or sync user access across systems
SAML SSO with strict mode option. JIT creates accounts on first login. Roles via SAML attribute. Deprovisioning via IdP.
User accounts must exist in Iterable to use single sign-on... Deprovisioning requires IdP + manual Iterable check
The recurring theme
Even with SAML SSO configured, IT teams must maintain a separate workflow for Iterable user lifecycle management. Every joiner, mover, or leaver requires manual intervention beyond the identity provider.
The decision
| Your Situation | Recommendation |
|---|---|
| Small marketing team (<10 users) | Manual management with SAML SSO is workable |
| Growing marketing organization (25+ users) | Use Stitchflow: JIT-only provisioning creates security gaps |
| Enterprise with compliance requirements | Use Stitchflow: manual deprovisioning creates audit risks |
| High marketing team turnover | Use Stitchflow: automation essential for timely access revocation |
| Multi-brand or agency environments | Use Stitchflow: complex user management needs automation |
The bottom line
Iterable offers robust marketing automation but relies entirely on SAML JIT provisioning—there's no SCIM support at all. This means deprovisioning requires both IdP removal and manual verification in Iterable, creating security gaps and compliance headaches. For marketing teams that need reliable provisioning automation, Stitchflow eliminates the manual overhead.
Automate Iterable without third-party complexity
Stitchflow delivers SCIM-level provisioning through resilient browser automation, backed by 24/7 human in the loop for Iterable at <$5K/year, flat, regardless of team size.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No SCIM provisioning
- JIT provisioning via SAML only
- Deprovisioning requires IdP + manual Iterable check
- Roles determined by SAML attribute
Documentation not available.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Iterable supports SAML SSO with Azure AD but does NOT support SCIM provisioning. JIT provisioning available.
Use Stitchflow for automated provisioning.
Unlock SCIM for
Iterable
Iterable doesn't offer SCIM. Get an enterprise-grade SCIM endpoint in your IdP, even without native support.
See how it works
