Summary and recommendation
JetBrains supports SCIM 2.0 through its Hub identity management platform, which handles user provisioning across the entire JetBrains ecosystem (IntelliJ IDEA, PyCharm, WebStorm, YouTrack, etc.). However, the implementation has several problematic quirks that create headaches for IT teams: Okta integration requires a workaround due to URL loop issues, SCIM doesn't work with OIDC authentication (forcing you to set up separate SAML apps just for provisioning), and there's risk of unwanted license allocation when users are automatically provisioned.
These technical complications mean what should be straightforward automated provisioning becomes a multi-step configuration challenge. You're dealing with separate authentication and provisioning workflows, managing multiple JetBrains products with different configurations, and navigating integration-specific workarounds that increase your risk of misconfiguration. Add in JetBrains' upcoming price increases (up to 30% starting October 2025) and discontinued continuity discounts, and you're looking at both higher complexity and higher costs.
The strategic alternative
Stitchflow provides SCIM-level provisioning through resilient browser automation for JetBrains that eliminates these configuration headaches. We handle the complex Hub setup, IdP-specific workarounds, and multi-product coordination. Flat pricing under $5K/year, regardless of your JetBrains product mix or team size.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0, OIDC |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Jet Brains accounts manually. Here's what that costs:
The Jet Brains pricing problem
Jet Brains gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| JetBrains Hub | ✓ Full SCIM 2.0 | ||
| Individual IDEs | ❌ | ||
| YouTrack | ✓ Full SCIM 2.0 | ||
| TeamCity/Space | Via Hub | Via Hub |
SCIM Access Structure
| Component | SCIM Support | Notes |
|---|---|---|
| JetBrains Hub | ✓ Full SCIM 2.0 | Central identity management |
| Individual IDEs | ❌ | Managed through Hub |
| YouTrack | ✓ Full SCIM 2.0 | Separate configuration |
| TeamCity/Space | Via Hub | Depends on Hub setup |
Hub acts as the central identity provider for the JetBrains ecosystem, but this creates a dependency chain that complicates provisioning workflows.
What this means in practice
Multi-product complexity: IT teams must configure and maintain SCIM connections for each JetBrains product separately, even though they're part of the same ecosystem. Hub manages IDE access, but YouTrack requires its own SCIM setup.
License allocation risks: SCIM provisioning can automatically allocate expensive IDE licenses when users are created, potentially burning through license budgets without approval workflows.
IdP-specific workarounds: Different identity providers require different approaches—Okta users must work around URL loop issues, while OIDC setups require creating separate SAML applications just for provisioning.
Additional constraints
Summary of challenges
- Jet Brains supports SCIM but only at Enterprise tier (custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
JetBrains doesn't sell SCIM as a standalone feature. It comes bundled with JetBrains Hub, which serves as the identity management layer for their entire product suite:
The challenge: JetBrains Hub pricing isn't transparently published, and it often gets bundled with team tool packages. You're essentially paying for a comprehensive identity platform when you might just need basic user provisioning. Additionally, the October 2025 price increases (up to 30%) across JetBrains subscriptions will make this bundle even more expensive.
For organizations that only need automated user lifecycle management for their development tools, roughly 60% of Hub's identity and collaboration features will go unused.
What IT admins are saying
Community sentiment on JetBrains's SCIM implementation is mixed, with praise for functionality but frustration over complexity. Common complaints:
- Okta integration requires non-intuitive workarounds due to URL loop issues
- Risk of accidentally allocating expensive licenses during user provisioning
- SCIM doesn't work with OIDC - requires separate SAML app configuration
- Managing multiple JetBrains products (Hub, YouTrack, IDEs) with different configs
The Okta setup is more complex than it should be - you have to work around the URL loop which isn't documented well.
Be careful with SCIM provisioning - it can automatically assign licenses and you'll get hit with unexpected costs if you're not monitoring it closely.
The recurring theme
JetBrains offers solid SCIM functionality, but the implementation complexity and license allocation risks make it challenging for IT teams to deploy confidently.
The decision
| Your Situation | Recommendation |
|---|---|
| Need SCIM but concerned about license costs | Use Stitchflow: avoid JetBrains' complex licensing per IDE |
| Using Okta and want simple setup | Use Stitchflow: skip the URL loop workarounds and SAML complications |
| Already have JetBrains Hub deployed | Use native SCIM: you have the infrastructure in place |
| Multiple JetBrains products to manage | Evaluate Stitchflow: centralized provisioning across all tools |
| Small dev team with low turnover | Manual may work: but prepare for 30% price increases in Oct 2025 |
The bottom line
JetBrains' native SCIM works through Hub but comes with license allocation risks, Okta integration complexity, and the looming 30% price increase in October 2025. For teams wanting straightforward provisioning without navigating JetBrains' multi-product licensing maze, Stitchflow delivers simple automation at predictable flat-rate pricing.
Automate Jet Brains without the tier upgrade
Stitchflow delivers SCIM-level provisioning through resilient browser automation, backed by 24/7 human in the loop for Jet Brains at <$5K/year, flat, regardless of team size.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- Okta setup requires workaround due to URL loop
- License allocation concerns when provisioning
- SCIM endpoint URL must be stored in IdP settings
- SCIM provisioning not supported with OIDC - requires SAML workaround
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
SCIM 2.0 supported but requires SAML app for provisioning (OIDC doesn't support SCIM in Okta). Permanent token authentication. Watch for license allocation when provisioning users.
Native SCIM is available on Enterprise. Use Stitchflow if you need provisioning without the tier upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Microsoft Entra ID supported as OAuth2/OIDC provider. SCIM provisioning available - recommend mapping userName to mailNickname instead of userPrincipalName. Use Provision on demand to test before full sync.
Native SCIM is available on Enterprise. Use Stitchflow if you need provisioning without the tier upgrade.
Unlock SCIM for
Jet Brains
Jet Brains gates automation behind Enterprise plan. Stitchflow delivers the same SCIM outcomes for a flat fee.
See how it works
