Summary and recommendation
LaunchDarkly supports native SCIM provisioning, but only on Enterprise plans with custom pricing. This creates a significant barrier for smaller development teams who need automated user management but can't justify Enterprise costs. Additionally, LaunchDarkly's SCIM implementation has a critical limitation: team sync (automated group membership management) only works with Okta. Teams using Entra ID, Google Workspace, or OneLogin get basic user provisioning but must manually manage team assignments and permissions.
For development teams managing feature flags across multiple environments, this limitation creates serious operational overhead. Feature flag access often needs to align with development teams, project assignments, and environment permissions. Without automated team sync, IT admins must manually maintain these mappings as developers join, leave, or change projects. This manual process increases security risk and slows developer onboarding.
The strategic alternative
Launch Darkly gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Launch Darkly accounts manually. Here's what that costs:
The Launch Darkly pricing problem
Launch Darkly gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Developer | Free | ||
| Foundation | $10-12/service connection/month | ||
| Enterprise | Custom pricing |
Note: Foundation pricing is $10/month annually or $12/month billed monthly per service connection. Enterprise pricing is quote-based and typically represents a significant jump from Foundation tier costs.
What this means in practice
The leap from Foundation to Enterprise creates unpredictable budget impact:
Foundation tier costs (per service connection):
Enterprise upgrade: Custom pricing means teams can't accurately budget for SCIM access until they engage in a sales process. Industry estimates suggest Enterprise pricing often runs 3-5x Foundation costs, potentially reaching thousands of dollars annually even for small teams.
Real-world scenario: A development team with 3 service connections on Foundation ($360/year annual) faces an unknown but likely substantial cost increase to access basic SCIM provisioning.
Additional constraints
Summary of challenges
- Launch Darkly supports SCIM but only at Enterprise tier (custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
LaunchDarkly doesn't sell SCIM separately. It's locked to Enterprise pricing with feature management controls:
The catch: you need SSO configured first, and team sync only works with Okta. If you use Entra, Google Workspace, or OneLogin, you get basic SCIM provisioning but lose the streamlined team management capabilities.
Stitchflow Insight
If you need enterprise-grade feature flag governance anyway, the upgrade makes sense. If you just want automated user provisioning across multiple IdPs, you're paying enterprise rates for a partially functional solution. We estimate ~60% of Enterprise features are overkill for teams that simply need reliable SCIM provisioning with any identity provider.
What IT admins are saying
Community sentiment on LaunchDarkly's SCIM limitations centers around IdP restrictions and Enterprise pricing requirements. Common complaints:
- Team sync functionality locked exclusively to Okta, leaving other IdPs with basic provisioning only
- SCIM requiring Enterprise plan upgrade with custom pricing
- Cannot mix SAML team assignment with SCIM (SCIM overrides all SAML-based team mappings)
- Single IdP limitation preventing multi-vendor identity strategies
Team sync only works with Okta - if you're using Azure AD or Google Workspace, you're stuck with manual team management despite having SCIM.
The Enterprise pricing gate for SCIM is frustrating when you just need basic automated provisioning for your development teams.
The recurring theme
LaunchDarkly's SCIM implementation creates a two-tier experience where Okta customers get full functionality while other IdP users face significant limitations, all behind an Enterprise paywall.
The decision
| Your Situation | Recommendation |
|---|---|
| On Foundation/Professional, need SCIM | Use Stitchflow: avoid the Enterprise upgrade cost |
| On Enterprise but only using Okta for team sync | Use Stitchflow: get proper multi-IdP support |
| Already on Enterprise with full SCIM needs | Use native SCIM: you're paying Enterprise pricing anyway |
| Need Enterprise features beyond SCIM | Evaluate Enterprise: SCIM comes bundled with other advanced features |
| Small dev team, infrequent access changes | Manual may work: but watch for security gaps in feature flag access |
The bottom line
Launch Darkly gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Make Launch Darkly workflows AI-native
Launch Darkly gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- SCIM only on Enterprise plan
- Team sync only available with Okta (not other IdPs)
- Only one IdP can be linked at a time
- Cannot mix SAML and SCIM team assignment (SCIM overrides SAML)
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Full SCIM provisioning with Okta. Team sync only available with Okta. Can manage LaunchDarkly Custom Roles from within Okta. Email addresses must be lowercase.
Launch Darkly gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
SCIM provisioning requires separate custom enterprise app (not the gallery SAML app). Contact LaunchDarkly Support for OAuth2 client ID and secret. SCIM endpoint: https://app.launchdarkly.com/trust/scim/v2
Launch Darkly gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Launch Darkly
Launch Darkly gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
