Summary and recommendation
Mailchimp does not support native SCIM provisioning on any plan, despite serving enterprise customers who need automated user lifecycle management. While Mailchimp offers SAML 2.0 SSO integration through third-party providers like Okta, OneLogin, and Azure AD, this only handles authentication. The Okta Integration Network does list an Aquera connector that claims SCIM provisioning support, but this requires additional third-party software and introduces another vendor into your security chain—exactly the kind of complexity that defeats the purpose of automated provisioning.
This creates a significant operational gap for IT teams managing Mailchimp access across large organizations. Without native SCIM support, administrators must manually create, update, and deactivate user accounts in Mailchimp even when SSO is configured. This manual process becomes particularly problematic during employee onboarding/offboarding cycles and increases the risk of orphaned accounts remaining active after employees leave the organization. Given that Mailchimp often contains sensitive customer data, subscriber lists, and brand assets, these orphaned accounts represent a real security exposure.
The strategic alternative
Mailchimp gates SCIM behind Premium or Enterprise. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across the rest of your stack. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ❌ | SSO only |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Mailchimp accounts manually. Here's what that costs:
The Mailchimp pricing problem
Mailchimp gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Free | $0/month | ||
| Essentials | $13/month | ||
| Standard | $20/month | ||
| Premium | $350/month | ⚠️ Via Okta connector only |
Pricing and provisioning options
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Free | $0/month | ||
| Essentials | $13/month | ||
| Standard | $20/month | ||
| Premium | $350/month | ⚠️ Via Okta connector only |
What this means in practice
Without native SCIM, IT teams face significant operational overhead:
Additional constraints
Summary of challenges
- Mailchimp supports SCIM but only at Enterprise tier (custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Mailchimp actually offers for identity
No Native SCIM Support
Mailchimp provides zero native automated provisioning capabilities. Despite being owned by Intuit (a $140B company) and serving enterprise customers, there's no built-in SCIM endpoint.
SAML SSO (via third-party providers)
Mailchimp supports SAML 2.0 authentication through external identity providers:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, OneLogin, miniOrange, custom SAML |
| JIT Provisioning | ✓ Yes |
| Configuration | Manual setup through IdP connector |
The catch: SSO works, but there's no automated user lifecycle management. New hires get access through JIT, but you're manually removing departing employees.
Okta Integration (OIN listing)
The official Okta connector provides limited functionality:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| Create users | ❌ No* |
| Update users | ❌ No* |
| Deactivate users | ❌ No* |
| Group management | ❌ No |
*Some provisioning available via third-party Aquera connector, but this requires additional setup and may have reliability issues.
Third-party workarounds
IT teams currently solve Mailchimp provisioning through:
None of these approaches provide enterprise-grade reliability or the comprehensive user lifecycle management that proper SCIM delivers.
What IT admins are saying
Mailchimp's absence of native SCIM forces IT teams into workaround territory:
- No automated user provisioning despite being owned by Intuit (a $140B company)
- Must cobble together third-party solutions like Aquera connectors for basic automation
- SSO works, but every user still requires manual account creation
- Enterprise customers paying $350+/month still lack basic identity management features
No native SCIM despite enterprise customers needing it
Must rely on third-party solutions for automated provisioning
The recurring theme
Mailchimp treats user provisioning as an afterthought, forcing enterprise customers to patch together third-party solutions or accept manual processes that don't scale with business growth.
The decision
| Your Situation | Recommendation |
|---|---|
| Small marketing team (<20 users) | Manual management with SSO via third-party provider |
| Growing e-commerce business with seasonal staff | Use Stitchflow: automate onboarding/offboarding for campaigns |
| Enterprise marketing operations (50+ users) | Use Stitchflow: automation essential for compliance and efficiency |
| Multi-brand organization with shared campaigns | Use Stitchflow: centralized provisioning across marketing teams |
| Agencies managing multiple client accounts | Use Stitchflow: streamline access management for project-based work |
The bottom line
Mailchimp gates SCIM behind Premium or Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the Mailchimp workflow gap
Mailchimp gates SCIM behind Premium or Enterprise, but the bigger issue is the workflow around it. Stitchflow builds and maintains the offboarding, access review, or license workflow underneath.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
None
Key limitations
- No native SCIM support
- SSO requires third-party identity provider integration
- Enterprise SSO features vary by integration method
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Docs
SSO via SAML 2.0. Provisioning available via Aquera Mailchimp Provisioning Connector supporting create, update, deactivate, delete users. Native integration supports authentication and provisioning.
Mailchimp gates SCIM behind Premium or Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the workflow gap in
Mailchimp
Mailchimp gates SCIM behind Premium or Enterprise plan. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across your stack.
Start with the free gap diagnostic
