Summary and recommendation
LearnUpon, the enterprise learning management system, does not offer native SCIM provisioning on any plan. While LearnUpon provides SAML 2.0 SSO with just-in-time (JIT) provisioning that can create users automatically on first login, this approach creates significant gaps for IT teams managing learner access at scale. The platform requires IdP-initiated SSO only and limits organizations to a single SAML configuration per portal, making multi-tenant or complex organizational structures challenging to manage.
The JIT-only approach means IT teams have no systematic way to provision users in advance, assign them to specific courses or learning paths, or bulk-manage user lifecycle events like role changes or terminations. For L&D teams running compliance training or onboarding programs, this creates operational overhead and potential security risks when users can only be created reactively rather than proactively managed through your identity provider.
The strategic alternative
LearnUpon has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | Via third-party | ❌ | OIN app supports provisioning with schema discovery and attribute writeback. Create/update/deactivate users. Integration verified by Okta. |
| Microsoft Entra ID | Via third-party | ❌ | SSO only with JIT provisioning - users created on first login. Group sync works only with SAML SSO, not native Azure. Azure sends group GUID only, not names. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages LearnUpon accounts manually. Here's what that costs:
The LearnUpon pricing problem
LearnUpon gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Essential | ~$900-1,350/month (150 users) | ||
| Premium | Custom, starts ~$15,000/year |
Pricing and provisioning options
| Plan | Pricing | SCIM | SSO |
|---|---|---|---|
| Essential | ~$900-1,350/month (150 users) | ❌ Not available | ✓ SAML SSO with JIT |
| Premium | Custom, starts ~$15,000/year | ❌ Not available* | ✓ SAML SSO with JIT |
*Okta users may have SCIM access through the OIN app, but this isn't documented in LearnUpon's official materials.
What this means in practice
For most IdPs: You're stuck with JIT provisioning, which means:
For Okta users: There's conflicting information. Okta's integration directory shows SCIM support, but LearnUpon's own documentation only mentions SAML JIT. This creates uncertainty about what actually works.
Additional constraints
Summary of challenges
- LearnUpon does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What LearnUpon actually offers for identity
SAML SSO with JIT Provisioning (All Plans)
LearnUpon provides SAML 2.0 integration with just-in-time user provisioning:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, Azure AD, Google Workspace, Salesforce, ADFS |
| User creation | Automatic on first login (JIT) |
| Group assignment | Via SAML attributes |
| Initiation | IdP-initiated only (no SP-initiated) |
| Portal limitation | Single SAML config per portal |
Critical limitation: LearnUpon requires IdP-initiated SSO only. Users cannot start from LearnUpon and authenticate via their IdP—they must click through from their identity provider dashboard.
Okta Integration (via OIN)
The official Okta Integration Network app provides more than SAML alone:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| Create users | ✓ Yes (via SCIM) |
| Update users | ✓ Yes |
| Deactivate users | ✓ Yes |
| Group push | ✓ Yes |
| Schema discovery | ✓ Yes |
| Attribute writeback | ✓ Yes |
The disconnect: LearnUpon's own documentation shows no SCIM support, but their verified Okta integration clearly supports full SCIM provisioning with schema discovery and writeback capabilities.
Azure AD Integration
Microsoft's official integration guide confirms more limited functionality:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| Create users | ❌ No (JIT only) |
| Update users | ❌ No |
| Deactivate users | ❌ No |
| Group sync | ⚠️ Partial (GUIDs only, not names) |
Translation: With Azure AD, you get basic SSO with JIT provisioning, but group synchronization only passes GUIDs rather than readable group names, limiting its practical value.
What IT admins are saying
LearnUpon's limited provisioning options create ongoing headaches for IT teams managing learning platforms:
- No true SCIM support - Despite Okta's integration app showing "SCIM provisioning," LearnUpon's own documentation only mentions SAML SSO with JIT provisioning
- IdP-initiated SSO only - Users can't log in directly from LearnUpon; they must always start from the identity provider
- Separate SAML configs per portal - Multi-tenant organizations need individual SSO setups for each LearnUpon portal
- Manual group management - While SAML attributes can assign groups, any changes require coordinating between IdP settings and LearnUpon configuration
Set up SAML SSO for your portal... Users auto-created on first login.
Azure sends group GUID only, not names... Group sync works only with SAML SSO, not native Azure.
The recurring theme
LearnUpon forces IT teams into a patchwork of JIT provisioning and manual processes, with conflicting information about actual SCIM capabilities that leaves admins unsure what automation is actually possible.
The decision
| Your Situation | Recommendation |
|---|---|
| Small training team (<25 users) with Okta | Use Okta's native SCIM integration |
| Stable L&D team with infrequent changes | Manual management with SAML SSO |
| Enterprise learning programs (100+ learners) | Use Stitchflow: automation essential for scale |
| Multi-portal deployments across business units | Use Stitchflow: manages complex SAML configurations |
| Non-Okta IdP (Entra, Google Workspace) | Use Stitchflow: fills the provisioning gap |
The bottom line
LearnUpon offers solid learning management capabilities but creates an identity management split: Okta users get SCIM provisioning while everyone else relies on JIT and manual processes. For organizations that need consistent provisioning automation across any IdP—or want to avoid the complexity of managing multiple SAML configurations—Stitchflow delivers unified automation at enterprise scale.
Make LearnUpon workflows AI-native
LearnUpon has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No explicit SCIM documented
- IdP-initiated SSO only
- Single SAML config per portal
- JIT provisioning for user creation
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
OIN app supports provisioning with schema discovery and attribute writeback. Create/update/deactivate users. Integration verified by Okta.
Use Stitchflow for automated provisioning.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app
Where to enable
SSO only with JIT provisioning - users created on first login. Group sync works only with SAML SSO, not native Azure. Azure sends group GUID only, not names.
Use Stitchflow for automated provisioning.
Unlock SCIM for
LearnUpon
LearnUpon has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
