Summary and recommendation
Mailchimp does not support native SCIM provisioning on any plan, despite serving enterprise customers who need automated user lifecycle management. While Mailchimp offers SAML 2.0 SSO integration through third-party providers like Okta, OneLogin, and Azure AD, this only handles authentication. The Okta Integration Network does list an Aquera connector that claims SCIM provisioning support, but this requires additional third-party software and introduces another vendor into your security chain—exactly the kind of complexity that defeats the purpose of automated provisioning.
This creates a significant operational gap for IT teams managing Mailchimp access across large organizations. Without native SCIM support, administrators must manually create, update, and deactivate user accounts in Mailchimp even when SSO is configured. This manual process becomes particularly problematic during employee onboarding/offboarding cycles and increases the risk of orphaned accounts remaining active after employees leave the organization. Given that Mailchimp often contains sensitive customer data, subscriber lists, and brand assets, these orphaned accounts represent a real security exposure.
The strategic alternative
Stitchflow provides SCIM-level provisioning through resilient browser automation for Mailchimp without requiring third-party connectors or additional vendor relationships. Works with any Mailchimp plan and integrates with your existing IdP (Okta, Entra, Google Workspace, OneLogin). Flat pricing under $5K/year with SOC 2 Type II certification and 24/7 human-in-the-loop support.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ❌ | SSO only |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Mailchimp accounts manually. Here's what that costs:
The Mailchimp pricing problem
Mailchimp gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Free | $0/month | ||
| Essentials | $13/month | ||
| Standard | $20/month | ||
| Premium | $350/month | ⚠️ Via Okta connector only |
Pricing and provisioning options
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Free | $0/month | ||
| Essentials | $13/month | ||
| Standard | $20/month | ||
| Premium | $350/month | ⚠️ Via Okta connector only |
What this means in practice
Without native SCIM, IT teams face significant operational overhead:
Additional constraints
Summary of challenges
- Mailchimp supports SCIM but only at Enterprise tier (custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Mailchimp actually offers for identity
No Native SCIM Support
Mailchimp provides zero native automated provisioning capabilities. Despite being owned by Intuit (a $140B company) and serving enterprise customers, there's no built-in SCIM endpoint.
SAML SSO (via third-party providers)
Mailchimp supports SAML 2.0 authentication through external identity providers:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, OneLogin, miniOrange, custom SAML |
| JIT Provisioning | ✓ Yes |
| Configuration | Manual setup through IdP connector |
The catch: SSO works, but there's no automated user lifecycle management. New hires get access through JIT, but you're manually removing departing employees.
Okta Integration (OIN listing)
The official Okta connector provides limited functionality:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| Create users | ❌ No* |
| Update users | ❌ No* |
| Deactivate users | ❌ No* |
| Group management | ❌ No |
*Some provisioning available via third-party Aquera connector, but this requires additional setup and may have reliability issues.
Third-party workarounds
IT teams currently solve Mailchimp provisioning through:
None of these approaches provide enterprise-grade reliability or the comprehensive user lifecycle management that proper SCIM delivers.
What IT admins are saying
Mailchimp's absence of native SCIM forces IT teams into workaround territory:
- No automated user provisioning despite being owned by Intuit (a $140B company)
- Must cobble together third-party solutions like Aquera connectors for basic automation
- SSO works, but every user still requires manual account creation
- Enterprise customers paying $350+/month still lack basic identity management features
No native SCIM despite enterprise customers needing it
Must rely on third-party solutions for automated provisioning
The recurring theme
Mailchimp treats user provisioning as an afterthought, forcing enterprise customers to patch together third-party solutions or accept manual processes that don't scale with business growth.
The decision
| Your Situation | Recommendation |
|---|---|
| Small marketing team (<20 users) | Manual management with SSO via third-party provider |
| Growing e-commerce business with seasonal staff | Use Stitchflow: automate onboarding/offboarding for campaigns |
| Enterprise marketing operations (50+ users) | Use Stitchflow: automation essential for compliance and efficiency |
| Multi-brand organization with shared campaigns | Use Stitchflow: centralized provisioning across marketing teams |
| Agencies managing multiple client accounts | Use Stitchflow: streamline access management for project-based work |
The bottom line
Mailchimp offers robust marketing automation but zero native SCIM support, forcing enterprises to rely on third-party connectors or manual user management. For marketing teams that need automated provisioning without the complexity of multiple integration points, Stitchflow delivers turnkey automation that works with your existing IdP.
Automate Mailchimp without the tier upgrade
Stitchflow delivers SCIM-level provisioning through resilient browser automation, backed by 24/7 human in the loop for Mailchimp at <$5K/year, flat, regardless of team size.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
None
Key limitations
- No native SCIM support
- SSO requires third-party identity provider integration
- Enterprise SSO features vary by integration method
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Docs
SSO via SAML 2.0. Provisioning available via Aquera Mailchimp Provisioning Connector supporting create, update, deactivate, delete users. Native integration supports authentication and provisioning.
Native SCIM is available on Enterprise. Use Stitchflow if you need provisioning without the tier upgrade.
Unlock SCIM for
Mailchimp
Mailchimp gates automation behind Premium or Enterprise plan. Stitchflow delivers the same SCIM outcomes for a flat fee.
See how it works
