Summary and recommendation
Looker (Google Cloud) does not offer native SCIM provisioning support on any plan. While a community-developed SCIM proxy (looker-scim-proxy) exists on GitHub, Google Cloud explicitly does not provide support for this tool, making it unsuitable for production environments where reliability and vendor accountability are critical. Organizations must rely on Google Cloud Identity integration for user management, which creates a dependency on Google's ecosystem and limits flexibility for companies using other identity providers as their primary source of truth.
This creates a significant operational gap for IT teams managing analytics access. Without native SCIM, user provisioning requires manual intervention every time analysts, data engineers, or business users need access to dashboards and data models. Since Looker pricing starts around $84,000-$120,000 annually for 50-100 users, the lack of automated provisioning means expensive per-seat licenses often remain active longer than necessary when employees leave or change roles, driving up already substantial costs.
The strategic alternative
Looker has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0, OIDC |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | Via third-party | ❌ | Native Okta app does not support SCIM. Use looker-scim-proxy (unsupported) or Aquera Provisioning Connector for lifecycle management. |
| Microsoft Entra ID | Via third-party | ❌ | Azure AD SCIM via looker-scim-proxy. Not officially supported by Google Cloud. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Looker accounts manually. Here's what that costs:
The Looker pricing problem
Looker gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Manual provisioning | Free | Google Cloud support | |
| Community SCIM proxy | Free | ||
| Google Cloud Identity | Included | Limited to Google ecosystem |
Provisioning options
| Method | Cost | Reliability | Support |
|---|---|---|---|
| Manual provisioning | Free | Manual errors | Google Cloud support |
| Community SCIM proxy | Free | Community-maintained | No official support |
| Google Cloud Identity | Included | Google-dependent | Limited to Google ecosystem |
Market reality
What this means in practice
Without native SCIM, IT teams face a stark choice:
Option 1: Manual provisioning
Option 2: Community proxy (unsupported)
Option 3: Google Cloud Identity dependency
Additional constraints
Summary of challenges
- Looker does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Looker actually offers for identity
No Native SCIM Support
Looker (Google Cloud) does not provide native SCIM functionality. Instead, you have these options:
| Method | Support Level | Production Ready? |
|---|---|---|
| Google Cloud Identity integration | Official | ✓ Yes |
| Community SCIM proxy (looker-scim-proxy) | Unsupported | ⚠️ Community tool |
| Manual user management | Official | ✓ Yes |
The reality: Google expects you to manage Looker users through Google Cloud Identity, not direct SCIM provisioning to Looker itself.
Community SCIM Proxy
The open-source looker-scim-proxy project provides SCIM endpoints:
Many IT teams report the community proxy works for basic provisioning, but you're on your own when issues arise.
SSO via Google Cloud Identity
Looker's official identity approach:
| Feature | Details |
|---|---|
| Protocol | SAML 2.0, OIDC |
| JIT Provisioning | ✓ Supported |
| User Management | Through Google Cloud console |
| Group Sync | Via Google Cloud Identity groups |
This integration works well if your organization is already committed to the Google Cloud ecosystem, but creates a dependency on Google's identity stack rather than direct IdP integration.
Bottom line: Looker's lack of native SCIM means either accepting Google Cloud Identity as your user management layer or relying on unsupported community tools—neither ideal for organizations wanting direct IdP-to-app provisioning.
What IT admins are saying
Looker's lack of native SCIM support forces IT teams into workarounds that create operational risk:
- No official SCIM support from Google Cloud, only community-built proxy
- Community SCIM proxy is explicitly unsupported in production environments
- Must rely on Google Cloud Identity integration for any automation
- User lifecycle management requires manual processes or third-party tools
No native SCIM support. Open-source SCIM proxy available (looker-scim-proxy) but NOT officially supported by Google Cloud.
Community proxy not production-ready for some
The recurring theme
For a Google Cloud product costing $84K-$120K annually, IT teams are surprised to find themselves managing user provisioning through unsupported community tools or complex Google Cloud Identity workarounds.
The decision
| Your Situation | Recommendation |
|---|---|
| Small analytics team (<10 users) with Google Workspace | Manual management via Google Cloud Identity |
| Growing BI team with frequent analyst onboarding | Use Stitchflow: automation essential for scaling |
| Enterprise with complex data access controls | Use Stitchflow: automation essential for compliance |
| Technical team comfortable with unsupported tools | Consider community SCIM proxy (but expect maintenance overhead) |
| Multi-department analytics deployment | Use Stitchflow: automation strongly recommended |
The bottom line
Looker's lack of native SCIM support forces teams to choose between manual provisioning through Google Cloud Identity or relying on an unsupported community proxy. For analytics teams that need reliable user lifecycle management without the risk of maintaining unofficial tools, Stitchflow provides production-ready automation at a fraction of Looker's enterprise licensing costs.
Make Looker workflows AI-native
Looker has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No native SCIM support
- Community SCIM proxy is unsupported
- Must use Google Cloud Identity for user management
- Looker (Google Cloud core) has deeper Google integration
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
Native Okta app does not support SCIM. Use looker-scim-proxy (unsupported) or Aquera Provisioning Connector for lifecycle management.
Use Stitchflow for automated provisioning.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app
Where to enable
Azure AD SCIM via looker-scim-proxy. Not officially supported by Google Cloud.
Use Stitchflow for automated provisioning.
Unlock SCIM for
Looker
Looker has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
