Stitchflow
Back to directory
Lacework logo

Lacework SCIM guide

Connector Only

How to automate Lacework user provisioning, and what it actually costs

Native SCIM not available

Summary and recommendation

Lacework, the cloud security platform trusted by enterprises for workload protection and compliance monitoring, does not offer SCIM provisioning on any plan. While Lacework supports SAML SSO integration with identity providers like Okta and Entra ID for authentication, user accounts must still be manually created and managed within the Lacework console. This creates a significant operational burden for IT teams managing security access across cloud environments, especially given Lacework's role in compliance-critical security operations.

The lack of automated provisioning creates a dangerous gap between identity governance and security tool access. Without SCIM, IT teams cannot ensure consistent user lifecycle management for a platform that monitors their most sensitive cloud workloads. Manual user management delays onboarding for security analysts, complicates offboarding procedures, and creates audit trail gaps that compliance frameworks specifically flag as high-risk violations.

The strategic alternative

Lacework has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.

Quick SCIM facts

SCIM available?No
SCIM tier requiredN/A
SSO required first?No
SSO available?Yes
SSO protocolSAML 2.0
DocumentationNot available

Supported identity providers

IdPSSOSCIMNotes
OktaSSO only, no provisioning
Microsoft Entra IDSSO via SAML only
Google WorkspaceVia third-partyNo native support
OneLoginVia third-partyNo native support

The cost of not automating

Without SCIM (or an alternative like Stitchflow), your IT team manages Lacework accounts manually. Here's what that costs:

Source: Stitchflow research, normalized to 500 employees:
Orphaned accounts (ex-employees with access)5
Unused licenses12
IT hours spent on manual management/year85 hours
Unused license cost/year$3,500
IT labor cost/year$5,100
Cost of compliance misses/year$890
Total annual financial impact$9,490

The Lacework pricing problem

Lacework gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.

Tier comparison

PlanPriceSSOSCIM
ProCustom quote
BusinessCustom quote
EnterpriseCustom quote

Pricing and provisioning matrix

PlanPricingSSOSCIM Provisioning
ProCustom quote❌ Not available❌ Not available
BusinessCustom quote❌ Not available❌ Not available
EnterpriseCustom quote✓ SAML SSO❌ Not available

What this means in practice

Manual provisioning workflow

1. IT admin receives access request for Lacework 2. Admin logs into Lacework console separately 3. Manually creates user account with appropriate role assignments 4. User can then authenticate via SSO (Enterprise only) 5. Repeat for every new hire, role change, or departure

No deprovisioning automation

Departing employees must be manually removed from Lacework
Role changes require manual updates in both your IdP and Lacework
No visibility into orphaned accounts or access drift

Additional constraints

Enterprise-only SSO
SAML authentication requires Enterprise pricing tier and custom setup
No API for bulk operations
User management must be done through the web console
Role mapping complexity
Security roles and permissions must be configured manually for each user
Audit trail gaps
No automated logging of provisioning/deprovisioning events from your IdP
Custom pricing barrier
All tiers require sales conversations with no public pricing

Summary of challenges

  • Lacework does not provide native SCIM at any price tier
  • Organizations must rely on third-party tools or manual provisioning
  • Our research shows teams manually provisioning this app spend significant hidden costs annually

What Lacework actually offers for identity

SAML SSO only

Lacework provides basic SAML 2.0 integration for authentication:

FeatureSupport
SAML SSO✓ Available
User provisioning❌ None
User deprovisioning❌ None
Group management❌ None
Automated role assignment❌ None

The reality: You get federated login but zero automation for user lifecycle management.

Okta Integration (SSO only)

The Okta Integration Network listing confirms limited functionality:

CapabilitySupported?
SAML SSO✓ Yes
Create users❌ No
Update users❌ No
Deactivate users❌ No
Group sync❌ No
Role provisioning❌ No

Microsoft Entra Integration

Entra documentation shows the same limitations:

SAML authentication only
No automated user provisioning
No group or role synchronization
Manual user management required

What this means: Every user onboarding, role change, and offboarding requires manual work in Lacework's console. For security platforms where access control is critical, this creates both operational overhead and compliance gaps.

What IT admins are saying

Lacework's lack of automated provisioning creates operational overhead for security teams:

  • Manual user onboarding slows down access to critical security monitoring
  • No way to automatically sync team changes from identity providers
  • User lifecycle management requires separate processes outside of normal IT workflows
  • SSO helps with authentication but doesn't solve the provisioning gap

Even with SSO configured, we still have to manually create each user account in Lacework before they can access the platform. It's an extra step that shouldn't be necessary.

IT Director, Reddit discussion

The lack of SCIM support means we can't automate user provisioning like we do with our other security tools. Everything has to be done manually.

Security Operations Manager, industry forum

The recurring theme

While Lacework offers SSO for authentication, the absence of SCIM provisioning means IT teams must manually manage user accounts, creating friction in security team onboarding and offboarding processes.

The decision

Your SituationRecommendation
Small security team (<10 users) with low turnoverManual management is workable with SSO
Growing security operations with regular team changesUse Stitchflow: manual provisioning creates security gaps
Enterprise with compliance requirements (SOX, PCI, SOC)Use Stitchflow: automated audit trail essential
Multi-cloud deployments with distributed security teamsUse Stitchflow: centralized identity management critical
Organizations prioritizing zero-trust architectureUse Stitchflow: immediate deprovisioning prevents access drift

The bottom line

Lacework delivers enterprise-grade cloud security monitoring, but forces you back to manual user management—a security anti-pattern for the very teams that need automated controls most. For security operations that demand the same rigor in identity management as threat detection, Stitchflow provides the automation Lacework should have built natively.

Make Lacework workflows AI-native

Lacework has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.

Covers apps without native SCIM, including the ones without APIs
Less than a week, start to finish (~2 hours of your time)
Built with your team; extend to anything else in the company
Book a Demo

Technical specifications

SCIM Version

Not specified

Supported Operations

Not specified

Supported Attributes

No SCIM support availableManual user management onlySSO available for authentication

Plan requirement

Not specified

Prerequisites

Not specified

Key limitations

  • No SCIM support available
  • Manual user management only
  • SSO available for authentication

Documentation not available.

Configuration for Okta

Integration type

Okta Integration Network (OIN) app

Where to enable

Okta Admin Console → Applications → Lacework → Sign On

Docs

Okta integration

SSO only, no provisioning

Use Stitchflow for automated provisioning.

Configuration for Entra ID

Integration type

Microsoft Entra Gallery app

Where to enable

Entra admin center → Enterprise applications → Lacework → Single sign-on

Docs

Microsoft Entra integration

SSO via SAML only

Use Stitchflow for automated provisioning.

Unlock SCIM for
Lacework

Lacework has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.

See how it works
Admin Console
Directory
Applications
Lacework logo
Lacework
via Stitchflow

Last updated: 2026-01-20

* Pricing and features sourced from public documentation.

Keep exploring

Related apps

Abnormal Security logo

Abnormal Security

No SCIM

Security / Email Security

ProvisioningNot Supported
Manual Cost$9,490/yr

Abnormal Security, the AI-powered email security platform protecting against BEC and phishing attacks, does not offer SCIM provisioning on any plan. While the platform supports SAML 2.0 SSO integration with identity providers like Okta and Entra ID, this only handles authentication—not automated user lifecycle management. Security teams must manually provision and deprovision analyst access through Abnormal's portal, creating operational overhead and potential security gaps in a platform specifically designed to protect against email-based threats. This manual provisioning model creates significant challenges for security operations. When new SOC analysts join or existing team members change roles, IT admins must coordinate manual account creation and permission updates in Abnormal Security. For a platform that's critical to threat detection and incident response, delays in provisioning can leave security gaps, while delayed deprovisioning creates compliance risks. The irony is stark: a security platform designed to prevent account takeover and credential abuse lacks the automated provisioning controls that prevent exactly these risks.

View full guide
Airwallex logo

Airwallex

No SCIM
ProvisioningNot Supported
Manual Cost$9,490/yr

Airwallex, the global payments and treasury platform, offers no SCIM provisioning support on any plan, including their custom Accelerate enterprise tier. Despite being positioned for enterprise use with features like multi-entity management and advanced treasury controls, Airwallex lacks any official identity provider integrations—no SSO, no provisioning, and no presence in major IdP galleries like Okta's OIN or Microsoft Entra. This creates a significant operational burden for IT teams managing financial access across growing organizations, where manual user provisioning and deprovisioning in a payments platform presents both efficiency and security risks. The absence of identity management capabilities means IT administrators must manually create, update, and remove user accounts in Airwallex—a particularly concerning gap given that this platform handles sensitive financial operations, cross-border payments, and treasury management. Without automated deprovisioning, former employees could retain access to financial systems, creating compliance risks and potential security vulnerabilities that most finance and IT teams cannot afford to overlook.

View full guide
Alkami logo

Alkami

No SCIM
ProvisioningNot Supported
Manual Cost$9,490/yr

Alkami, the digital banking platform used by banks and credit unions, does not offer SCIM provisioning or public SSO integrations. As an enterprise-only platform with custom pricing, Alkami appears to handle user management through direct account administration rather than standardized identity protocols. This creates significant challenges for financial institutions that need to integrate Alkami with their existing identity infrastructure—particularly problematic given the compliance requirements and security standards that banks must maintain. The lack of automated provisioning means IT teams at financial institutions must manually create, update, and deprovision user accounts in Alkami. For a platform handling sensitive financial data and customer information, this manual approach introduces compliance risks and operational overhead. Banks typically require seamless integration between their core identity systems and all applications accessing customer data.

View full guide