Summary and recommendation
Laika (now rebranded as Thoropass) is a compliance automation platform that helps organizations achieve SOC 2, ISO 27001, and HIPAA compliance. Despite being a compliance-focused tool that should prioritize security best practices, Laika offers no SCIM provisioning capabilities on any plan. The platform supports SAML SSO integration with major identity providers, but this only handles authentication—user accounts must still be manually created and managed within the platform.
This creates a significant operational burden for IT teams managing compliance workflows, where security teams, compliance officers, IT staff, and legal personnel need coordinated access to sensitive compliance data and audit trails. Manual provisioning means delayed access for new hires, forgotten deprovisioning for departing employees, and inconsistent permission management—all critical security gaps for a platform that's supposed to help organizations demonstrate their security posture to auditors.
The irony is stark: a compliance platform that lacks the automated user lifecycle management capabilities that would be expected in any modern security audit. For organizations using Laika to prove their security maturity, having manual user provisioning represents exactly the kind of operational risk that auditors flag.
The strategic alternative
Laika has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | Unknown |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | Via third-party | ❌ | Thoropass (formerly Laika) has OIN integration for SSO sign-in. No SCIM provisioning documented. |
| Microsoft Entra ID | Via third-party | ❌ | SSO supported. No specific Azure AD/Entra provisioning documentation. Contact vendor. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Laika accounts manually. Here's what that costs:
The Laika pricing problem
Laika gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Standard | ~$8,700/year | ||
| With Audit | ~$14,500/year | ||
| Enterprise | Custom pricing |
Pricing structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Standard | ~$8,700/year | ||
| With Audit | ~$14,500/year | ||
| Enterprise | Custom pricing |
Market data on Thoropass costs
What this means in practice
Without SCIM provisioning, you're stuck with completely manual user management:
For a platform designed to streamline compliance processes, the lack of automated user provisioning creates significant operational overhead.
Additional constraints
Summary of challenges
- Laika does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Laika actually offers for identity
SAML SSO (Available)
Laika (now rebranded as Thoropass) supports basic SAML integration:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| OIDC SSO | ❌ No |
| JIT provisioning | ❌ No |
| SCIM provisioning | ❌ No |
| User lifecycle management | ❌ No |
Okta Integration (SSO Only)
The Thoropass integration in Okta's catalog shows limited capabilities:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| Create users | ❌ No |
| Update users | ❌ No |
| Deactivate users | ❌ No |
| Group sync | ❌ No |
The reality: Laika/Thoropass offers SSO sign-in but no automated user provisioning. For a compliance platform that helps organizations achieve SOC 2 and other security certifications, the lack of SCIM support creates an operational gap—your security team will need to manually manage user accounts in yet another system.
Documentation Gap
Despite being a compliance automation platform, Thoropass keeps SSO/identity integration documentation behind contact walls. This means:
For teams evaluating compliance tools, this opacity around identity features is particularly concerning given that access management is fundamental to most compliance frameworks.
What IT admins are saying
Laika's (now Thoropass) lack of public documentation around SSO and SCIM creates uncertainty for IT teams evaluating compliance platforms:
- No public SCIM documentation despite being a compliance-focused platform
- Enterprise-only pricing makes it difficult to evaluate basic provisioning capabilities
- Limited transparency on identity management features for a security-focused tool
- Must contact sales to understand basic SSO/SCIM functionality
It's ironic that a compliance automation platform doesn't have clear public documentation on their own security integrations. We're trying to evaluate their SSO capabilities and there's almost nothing available without going through their sales process.
For a tool that's supposed to help us with SOC 2 compliance, the lack of clear identity management documentation is concerning. We need to understand provisioning before we can recommend it to leadership.
The recurring theme
IT teams expect transparency from compliance vendors about their own security implementations. Having to contact sales just to understand basic SSO capabilities creates friction in the evaluation process.
The decision
| Your Situation | Recommendation |
|---|---|
| Small compliance team (<10 users) | Manual management is acceptable |
| Stable security/compliance team with infrequent changes | Manual management with SSO for authentication |
| Growing organization with regular compliance audits | Use Stitchflow: automation essential for audit trail |
| Enterprise with multiple compliance frameworks | Use Stitchflow: automation essential for governance |
| Companies undergoing SOC 2 or ISO 27001 certification | Use Stitchflow: proper access controls required for certification |
The bottom line
Laika (now Thoropass) is a compliance automation platform that ironically lacks public documentation for its own identity management features. With no SCIM support and limited SSO transparency, Stitchflow provides the automated provisioning that compliance teams need to demonstrate proper access controls during audits.
Make Laika workflows AI-native
Laika has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- Limited public SSO/SCIM documentation
- Contact vendor for enterprise features
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
Thoropass (formerly Laika) has OIN integration for SSO sign-in. No SCIM provisioning documented.
Use Stitchflow for automated provisioning.
Unlock SCIM for
Laika
Laika has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
