Summary and recommendation
Jack Henry supports SCIM 2.0 provisioning, but only for Enterprise customers through a complex setup requiring SAML SSO, SSL certificates from a Certificate Authority, and administrative access to both your IdP and Jack Henry's partner portal. The integration is primarily optimized for Okta, with limited support for other identity providers like Microsoft Entra. Jack Henry's Enterprise pricing is custom-only, meaning you'll need to negotiate directly with their sales team to access SCIM functionality.
The real-world challenge is that Jack Henry serves community banks and credit unions where IT teams often manage multiple banking platforms (SilverLake, CIF 20/20, Core Director) with limited resources. The Enterprise tier requirement creates a significant barrier for smaller institutions that need automated provisioning for compliance and security but can't justify the enterprise licensing costs. Manual user management across banking systems creates audit risks and operational overhead that smaller IT teams can't sustain.
The strategic alternative
Jack Henry gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ❌ | SSO only |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Jack Henry accounts manually. Here's what that costs:
The Jack Henry pricing problem
Jack Henry gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Standard | Contact for pricing | ||
| Professional | Contact for pricing | ||
| Enterprise | Custom pricing only |
Note: Jack Henry operates on custom enterprise pricing models rather than published per-user rates, making cost planning difficult for IT teams.
What this means in practice
No transparent pricing: Unlike SaaS applications with published rates, Jack Henry requires custom quotes for Enterprise access. This creates several practical challenges:
Banking compliance overhead: Even with SCIM access, Jack Henry integrations require extensive setup including SSL certificates from Certificate Authorities and administrative access to both IdP and Jack Henry partner portals.
Additional constraints
Summary of challenges
- Jack Henry supports SCIM but only at Enterprise tier (Custom (enterprise only))
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Jack Henry doesn't sell SCIM standalone. It's exclusively available with their Enterprise tier at custom pricing:
The challenge? Jack Henry's Enterprise tier is designed for large financial institutions with complex needs. If you're a smaller organization that just needs automated user provisioning, you're paying enterprise prices for a feature set that includes extensive banking-specific tools, compliance frameworks, and support structures you likely won't use.
Stitchflow Insight
We estimate ~80% of Jack Henry's Enterprise features are irrelevant for teams that only need SCIM provisioning for basic user lifecycle management.
What IT admins are saying
Community sentiment on Jack Henry's SCIM implementation reveals significant deployment challenges. Common complaints:
- Complex setup requiring administrative access to both IdP and Jack Henry systems
- SAML prerequisite creates additional configuration overhead
- SSL certificate requirements from Certificate Authority add cost and complexity
- Limited to specific Jack Henry platforms (SilverLake, CIF 20/20, Core Director)
Getting Jack Henry SCIM working isn't just about the integration - you need SSL certs, SAML configured on both sides, and access to their partners portal. It's a multi-week project.
The documentation assumes you have enterprise-level access to everything. For smaller credit unions, the administrative overhead is significant.
The recurring theme
Jack Henry's SCIM works but requires extensive technical prerequisites and administrative coordination across multiple systems, making deployment complex even for experienced IT teams.
The decision
| Your Situation | Recommendation |
|---|---|
| Not on Enterprise tier, need SCIM | Use Stitchflow: avoid custom Enterprise pricing and complex setup |
| Using non-Okta IdP (Entra, Google Workspace) | Use Stitchflow: Jack Henry's SCIM primarily works through Okta |
| Don't have SAML infrastructure in place | Use Stitchflow: bypass SSL certificate and SAML requirements |
| Already on Enterprise with Okta | Use native SCIM: you're paying for the tier and have the infrastructure |
| Small bank with minimal IT changes | Manual may work: but consider automation as you grow |
The bottom line
Jack Henry's SCIM requires Enterprise-tier pricing, SAML infrastructure, and primarily works through Okta integrations. For banks on lower tiers or using other IdPs, Stitchflow delivers the same provisioning outcomes without the infrastructure complexity or tier upgrades.
Make Jack Henry workflows AI-native
Jack Henry gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- SAML required for SSO - IdP and Jack Henry systems must have SAML enabled
- Requires administrative access to both IdP and Jack Henry systems
- SSL certificate from Certificate Authority required
- Setup requires access to Jack Henry partners portal
- Supports SilverLake, CIF 20/20, and Core Director platforms
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Docs
Okta OIN has Jack Henry & Associates (IPAY) and Client Portal integrations with SSO and provisioning capabilities
Jack Henry gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Jack Henry
Jack Henry gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
