Summary and recommendation
Kyriba supports native SCIM 2.0 provisioning through its Okta integration, but only on Enterprise plans that start around $15,000/month—a 3x jump from Pro plans at $5,000/month. For mid-market finance teams, this creates an impossible choice: pay $120,000+ annually extra just to unlock automated user provisioning, or manually manage accounts in your treasury management system. The pricing gap is particularly painful since Kyriba's implementation costs can add another $5K-$50K upfront, making the total cost of automated provisioning potentially $175,000+ in year one.
This pricing structure forces IT teams into manual user lifecycle management for one of their most sensitive financial systems. Finance teams constantly onboard new analysts, rotate through seasonal staff, and adjust access as responsibilities change. Without automated provisioning, every hire, role change, or departure requires manual intervention in a system handling millions in treasury operations—creating both operational overhead and compliance risk.
The strategic alternative
Kyriba gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ❌ | SSO only |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Kyriba accounts manually. Here's what that costs:
The Kyriba pricing problem
Kyriba gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | ~$5,000/month | ||
| Enterprise | ~$15,000/month |
Plan Structure
| Plan | Price | SCIM |
|---|---|---|
| Pro | ~$5,000/month | ❌ |
| Enterprise | ~$15,000/month | ✓ |
Note: Pricing is estimated based on market reports. Kyriba does not publish standard rates and requires custom enterprise sales engagement for all pricing.
What this means in practice
The jump to Enterprise-level SCIM access represents a substantial cost increase:
Pro to Enterprise upgrade: +$120,000/year minimum
This calculation assumes the lower end of enterprise pricing. Actual costs vary significantly based on:
Additional constraints
Summary of challenges
- Kyriba supports SCIM but only at Enterprise tier (~$15,000/month)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Kyriba doesn't sell SCIM à la carte. It's bundled with Enterprise features that require custom pricing:
Note that Entra ID users have no native provisioning option - only Okta gets first-party SCIM support through their standard connector or enhanced capabilities via the third-party Aquera connector.
Stitchflow Insight
The Enterprise tier starts around $15,000/month with implementation costs ranging from $5K-$50K+ depending on complexity. If you need comprehensive treasury management, the upgrade may justify itself. If you just want automated user provisioning for a finance team, you're paying for enterprise treasury features you won't use. We estimate ~80% of Enterprise features are irrelevant for teams that only need SCIM provisioning.
What IT admins are saying
Community sentiment on Kyriba's SCIM implementation reveals frustration with cost barriers and complexity. Common complaints:
- Enterprise tier requirement adds ~$10,000/month just for SCIM access
- Implementation costs ranging from $5K-$50K+ on top of licensing fees
- Limited Entra ID support forces organizations into Okta ecosystem
- Reliance on third-party Aquera connector for enhanced SCIM functionality
We're already paying $5K/month for Pro features we actually use, but they want us to triple our spend just to get automated user provisioning. The math doesn't work for mid-size finance teams.
The implementation quote came back at $35K plus the Enterprise upgrade. For a treasury management system, that's a massive ask just to sync users from our IdP.
The recurring theme
Kyriba treats SCIM as an enterprise-only luxury, forcing significant budget increases for what should be standard identity automation functionality.
The decision
| Your Situation | Recommendation |
|---|---|
| On Pro plan (~$5K/month), need SCIM | Use Stitchflow: avoid the 3x price jump to Enterprise |
| Enterprise pricing exceeds your budget | Use Stitchflow: build complete workflows across every app in less than a week (~2 hours of your time). |
| Already on Enterprise with native SCIM | Use native SCIM: you're paying premium pricing for it |
| Using Entra ID as your IdP | Use Stitchflow: no native Entra provisioning connector available |
| Implementation budget under $10K | Use Stitchflow: avoid $5K-50K+ implementation costs |
The bottom line
Kyriba's Enterprise-only SCIM pricing creates a significant barrier—jumping from $5K/month Pro to $15K/month Enterprise just for provisioning. For treasury teams that need automated user management without the enterprise price tag, Stitchflow delivers the same provisioning capabilities at a fraction of the cost.
Make Kyriba workflows AI-native
Kyriba gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
None
Key limitations
- Enterprise pricing with no public pricing - custom quotes required
- Implementation costs can range from $5K-$50K+ depending on complexity
- Okta Aquera connector provides enhanced SCIM but is third-party
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Docs
Official Okta integration with Group Linking and Schema Discovery. Also available via Aquera connector with enhanced SCIM/entitlements
Kyriba gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Kyriba
Kyriba gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade, avoiding a 200% markup.
See how it works
