Summary and recommendation
Looker (Google Cloud) does not offer native SCIM provisioning support on any plan. While a community-developed SCIM proxy (looker-scim-proxy) exists on GitHub, Google Cloud explicitly does not provide support for this tool, making it unsuitable for production environments where reliability and vendor accountability are critical. Organizations must rely on Google Cloud Identity integration for user management, which creates a dependency on Google's ecosystem and limits flexibility for companies using other identity providers as their primary source of truth.
This creates a significant operational gap for IT teams managing analytics access. Without native SCIM, user provisioning requires manual intervention every time analysts, data engineers, or business users need access to dashboards and data models. Since Looker pricing starts around $84,000-$120,000 annually for 50-100 users, the lack of automated provisioning means expensive per-seat licenses often remain active longer than necessary when employees leave or change roles, driving up already substantial costs.
The strategic alternative
Looker has no native SCIM. That leaves a workflow gap in offboarding, access reviews, and license cleanup unless your team handles the app another way. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0, OIDC |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | Via third-party | ❌ | Native Okta app does not support SCIM. Use looker-scim-proxy (unsupported) or Aquera Provisioning Connector for lifecycle management. |
| Microsoft Entra ID | Via third-party | ❌ | Azure AD SCIM via looker-scim-proxy. Not officially supported by Google Cloud. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Looker accounts manually. Here's what that costs:
The Looker pricing problem
Looker gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Manual provisioning | Free | Google Cloud support | |
| Community SCIM proxy | Free | ||
| Google Cloud Identity | Included | Limited to Google ecosystem |
Provisioning options
| Method | Cost | Reliability | Support |
|---|---|---|---|
| Manual provisioning | Free | Manual errors | Google Cloud support |
| Community SCIM proxy | Free | Community-maintained | No official support |
| Google Cloud Identity | Included | Google-dependent | Limited to Google ecosystem |
Market reality
What this means in practice
Without native SCIM, IT teams face a stark choice:
Option 1: Manual provisioning
Option 2: Community proxy (unsupported)
Option 3: Google Cloud Identity dependency
Additional constraints
Summary of challenges
- Looker does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Looker actually offers for identity
No Native SCIM Support
Looker (Google Cloud) does not provide native SCIM functionality. Instead, you have these options:
| Method | Support Level | Production Ready? |
|---|---|---|
| Google Cloud Identity integration | Official | ✓ Yes |
| Community SCIM proxy (looker-scim-proxy) | Unsupported | ⚠️ Community tool |
| Manual user management | Official | ✓ Yes |
The reality: Google expects you to manage Looker users through Google Cloud Identity, not direct SCIM provisioning to Looker itself.
Community SCIM Proxy
The open-source looker-scim-proxy project provides SCIM endpoints:
Many IT teams report the community proxy works for basic provisioning, but you're on your own when issues arise.
SSO via Google Cloud Identity
Looker's official identity approach:
| Feature | Details |
|---|---|
| Protocol | SAML 2.0, OIDC |
| JIT Provisioning | ✓ Supported |
| User Management | Through Google Cloud console |
| Group Sync | Via Google Cloud Identity groups |
This integration works well if your organization is already committed to the Google Cloud ecosystem, but creates a dependency on Google's identity stack rather than direct IdP integration.
Bottom line: Looker's lack of native SCIM means either accepting Google Cloud Identity as your user management layer or relying on unsupported community tools—neither ideal for organizations wanting direct IdP-to-app provisioning.
What IT admins are saying
Looker's lack of native SCIM support forces IT teams into workarounds that create operational risk:
- No official SCIM support from Google Cloud, only community-built proxy
- Community SCIM proxy is explicitly unsupported in production environments
- Must rely on Google Cloud Identity integration for any automation
- User lifecycle management requires manual processes or third-party tools
No native SCIM support. Open-source SCIM proxy available (looker-scim-proxy) but NOT officially supported by Google Cloud.
Community proxy not production-ready for some
The recurring theme
For a Google Cloud product costing $84K-$120K annually, IT teams are surprised to find themselves managing user provisioning through unsupported community tools or complex Google Cloud Identity workarounds.
The decision
| Your Situation | Recommendation |
|---|---|
| Small analytics team (<10 users) with Google Workspace | Manual management via Google Cloud Identity |
| Growing BI team with frequent analyst onboarding | Use Stitchflow: automation essential for scaling |
| Enterprise with complex data access controls | Use Stitchflow: automation essential for compliance |
| Technical team comfortable with unsupported tools | Consider community SCIM proxy (but expect maintenance overhead) |
| Multi-department analytics deployment | Use Stitchflow: automation strongly recommended |
The bottom line
Looker has no native SCIM. That means one more workflow gap in offboarding, access reviews, and license cleanup unless your team handles it another way.
Close the Looker workflow gap
Looker is one gap in a broader workflow. Stitchflow builds and maintains the offboarding, access review, or license workflow across every app in your environment.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No native SCIM support
- Community SCIM proxy is unsupported
- Must use Google Cloud Identity for user management
- Looker (Google Cloud core) has deeper Google integration
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
Native Okta app does not support SCIM. Use looker-scim-proxy (unsupported) or Aquera Provisioning Connector for lifecycle management.
Use Stitchflow for automated provisioning.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app
Where to enable
Azure AD SCIM via looker-scim-proxy. Not officially supported by Google Cloud.
Use Stitchflow for automated provisioning.
Close the workflow gap in
Looker
Looker has no native SCIM. That leaves one more workflow gap in offboarding, access reviews, and license cleanup unless your team handles it another way.
Start with the free gap diagnostic
