Summary and recommendation
Mailchimp does not support native SCIM provisioning on any plan, despite serving enterprise customers who need automated user lifecycle management. While Mailchimp offers SAML 2.0 SSO integration through third-party providers like Okta, OneLogin, and Azure AD, this only handles authentication. The Okta Integration Network does list an Aquera connector that claims SCIM provisioning support, but this requires additional third-party software and introduces another vendor into your security chain—exactly the kind of complexity that defeats the purpose of automated provisioning.
This creates a significant operational gap for IT teams managing Mailchimp access across large organizations. Without native SCIM support, administrators must manually create, update, and deactivate user accounts in Mailchimp even when SSO is configured. This manual process becomes particularly problematic during employee onboarding/offboarding cycles and increases the risk of orphaned accounts remaining active after employees leave the organization. Given that Mailchimp often contains sensitive customer data, subscriber lists, and brand assets, these orphaned accounts represent a real security exposure.
The strategic alternative
Mailchimp gates SCIM behind Premium or Enterprise. Skip the Premium or Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ❌ | SSO only |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Mailchimp accounts manually. Here's what that costs:
The Mailchimp pricing problem
Mailchimp gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Free | $0/month | ||
| Essentials | $13/month | ||
| Standard | $20/month | ||
| Premium | $350/month | ⚠️ Via Okta connector only |
Pricing and provisioning options
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Free | $0/month | ||
| Essentials | $13/month | ||
| Standard | $20/month | ||
| Premium | $350/month | ⚠️ Via Okta connector only |
What this means in practice
Without native SCIM, IT teams face significant operational overhead:
Additional constraints
Summary of challenges
- Mailchimp supports SCIM but only at Enterprise tier (custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Mailchimp actually offers for identity
No Native SCIM Support
Mailchimp provides zero native automated provisioning capabilities. Despite being owned by Intuit (a $140B company) and serving enterprise customers, there's no built-in SCIM endpoint.
SAML SSO (via third-party providers)
Mailchimp supports SAML 2.0 authentication through external identity providers:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, OneLogin, miniOrange, custom SAML |
| JIT Provisioning | ✓ Yes |
| Configuration | Manual setup through IdP connector |
The catch: SSO works, but there's no automated user lifecycle management. New hires get access through JIT, but you're manually removing departing employees.
Okta Integration (OIN listing)
The official Okta connector provides limited functionality:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| Create users | ❌ No* |
| Update users | ❌ No* |
| Deactivate users | ❌ No* |
| Group management | ❌ No |
*Some provisioning available via third-party Aquera connector, but this requires additional setup and may have reliability issues.
Third-party workarounds
IT teams currently solve Mailchimp provisioning through:
None of these approaches provide enterprise-grade reliability or the comprehensive user lifecycle management that proper SCIM delivers.
What IT admins are saying
Mailchimp's absence of native SCIM forces IT teams into workaround territory:
- No automated user provisioning despite being owned by Intuit (a $140B company)
- Must cobble together third-party solutions like Aquera connectors for basic automation
- SSO works, but every user still requires manual account creation
- Enterprise customers paying $350+/month still lack basic identity management features
No native SCIM despite enterprise customers needing it
Must rely on third-party solutions for automated provisioning
The recurring theme
Mailchimp treats user provisioning as an afterthought, forcing enterprise customers to patch together third-party solutions or accept manual processes that don't scale with business growth.
The decision
| Your Situation | Recommendation |
|---|---|
| Small marketing team (<20 users) | Manual management with SSO via third-party provider |
| Growing e-commerce business with seasonal staff | Use Stitchflow: automate onboarding/offboarding for campaigns |
| Enterprise marketing operations (50+ users) | Use Stitchflow: automation essential for compliance and efficiency |
| Multi-brand organization with shared campaigns | Use Stitchflow: centralized provisioning across marketing teams |
| Agencies managing multiple client accounts | Use Stitchflow: streamline access management for project-based work |
The bottom line
Mailchimp offers robust marketing automation but zero native SCIM support, forcing enterprises to rely on third-party connectors or manual user management. For marketing teams that need automated provisioning without the complexity of multiple integration points, Stitchflow delivers turnkey automation that works with your existing IdP.
Make Mailchimp workflows AI-native
Mailchimp gates SCIM behind Premium or Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
None
Key limitations
- No native SCIM support
- SSO requires third-party identity provider integration
- Enterprise SSO features vary by integration method
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Docs
SSO via SAML 2.0. Provisioning available via Aquera Mailchimp Provisioning Connector supporting create, update, deactivate, delete users. Native integration supports authentication and provisioning.
Mailchimp gates SCIM behind Premium or Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Mailchimp
Mailchimp gates SCIM behind Premium or Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
