Summary and recommendation
Lattice supports SCIM 2.0 for automated user provisioning, but only on Enterprise plans with custom pricing that typically starts well above their base $11/user/month talent management pricing. More problematically, Lattice's SCIM implementation has significant gaps: no Groups support, no bulk updates, and missing Azure-specific features like patch and filter operations. For people management platforms where accurate manager hierarchies and team structures are critical for performance reviews, these limitations create ongoing provisioning headaches.
The Groups limitation is particularly painful for HR teams who need to provision employees into the right organizational units and reporting structures. Without Groups, you're stuck with manual assignment of team memberships and manager relationships—exactly the kind of repetitive work SCIM should eliminate. For a platform built around performance management and org charts, this creates a disconnect between your identity provider's understanding of your organization and how it's represented in Lattice.
The strategic alternative
Lattice gates SCIM behind Enterprise (likely). Skip the Enterprise (likely) plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Lattice accounts manually. Here's what that costs:
The Lattice pricing problem
Lattice gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Talent Management | $11/user/mo (annual) | ||
| HRIS | $10/user/mo (annual) | ||
| Enterprise | Custom pricing |
Note: SCIM 2.0 API is only available on Enterprise plans. Standard plans require manual user management or CSV imports for bulk operations.
What this means in practice
With Enterprise pricing hidden behind "contact sales," organizations face:
| Team Size | Annual Minimum* | Likely Enterprise Cost |
|---|---|---|
| 50 users | $4,000 | $15,000-25,000+ |
| 100 users | $4,000 | $30,000-50,000+ |
| 200 users | $4,000 | $60,000-100,000+ |
Lattice enforces a $4,000 annual minimum contract *Estimates based on typical SaaS Enterprise tier premiums (3-5x standard pricing)
Additional constraints
Summary of challenges
- Lattice supports SCIM but only at Enterprise tier (custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Lattice doesn't sell SCIM separately. It's bundled with Enterprise-tier features at custom pricing (likely $15K+ annually for most organizations):
The SCIM implementation itself has notable gaps: no Groups support, no bulk updates, and missing Azure-specific features like patch/filter operations. This means you're paying enterprise prices for incomplete automation.
Stitchflow Insight
If you need comprehensive people management platform features anyway, the upgrade makes sense. If you just want reliable user provisioning for performance reviews and manager hierarchies, you're paying for enterprise HR tools you may not fully utilize. We estimate ~60% of Enterprise features are irrelevant for teams that primarily need automated user lifecycle management.
What IT admins are saying
Community sentiment on Lattice's SCIM implementation is mixed, with specific technical limitations being the primary concern. Common complaints:
- SCIM Groups functionality is completely missing
- Azure-specific SCIM features (patch/filter operations) aren't supported
- Limited attribute mapping for Job Architecture and Compensation fields
- Enterprise pricing requirement creates cost barriers for smaller teams
SCIM Groups not supported - this is a major limitation for managing team-based access in performance management tools.
Azure patch and filter options missing makes automation much more manual than it should be.
The recurring theme
Lattice's SCIM works for basic user provisioning but falls short on advanced features that IT teams expect from enterprise-grade identity automation, particularly for Azure environments.
The decision
| Your Situation | Recommendation |
|---|---|
| Need SCIM but not on Enterprise tier | Use Stitchflow: avoid the Enterprise upgrade and minimum $4K/year commitment |
| On Enterprise but hitting SCIM limitations | Use Stitchflow: get full Groups support and Azure patch/filter capabilities |
| Already on Enterprise with SCIM working | Stick with native: you're paying for it and it covers basic provisioning |
| Need manager hierarchies synced accurately | Use Stitchflow: critical for performance review cycles and reporting structures |
| Small team with infrequent changes | Manual may work: but monitor for missed updates during review periods |
The bottom line
Lattice gates SCIM behind Enterprise (likely). Stitchflow automates complete workflows without that SCIM Tax upgrade.
Make Lattice workflows AI-native
Lattice gates SCIM behind Enterprise (likely). We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- No SCIM Groups support
- No SCIM bulk updates
- Azure patch and filter options not supported
- Cannot map to default Job Architecture or Compensation fields
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
SCIM API enabled via Admin > Settings > Platform > Integrations. Lattice HRIS can also act as profile source for Okta.
Lattice gates SCIM behind Enterprise (likely). Stitchflow automates complete workflows without that SCIM Tax upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
No official Azure gallery app - requires custom non-gallery setup. Does not support SCIM Groups, bulk updates, or Azure patch/filter options.
Lattice gates SCIM behind Enterprise (likely). Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Lattice
Lattice gates SCIM behind Enterprise (likely) plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
