Summary and recommendation
Mandrill (now Mailchimp Transactional Email) does not support SCIM provisioning as it's primarily an API service rather than a traditional SaaS application. User access is managed through the parent Mailchimp account, which requires a Standard or Premium plan (starting at $10-20/month plus pay-as-you-go email blocks at $20 per 25,000 emails). While SAML 2.0 SSO is available through Mailchimp's identity management, there's no automated provisioning - IT admins must manually create and manage developer API keys and user accounts through the Mailchimp interface.
This creates a significant operational burden for IT teams managing transactional email access. Unlike typical SaaS applications, Mandrill's API-centric nature means developers need specific API keys and permissions that can't be automatically provisioned based on group membership or role changes. When developers join, leave, or change teams, IT must manually coordinate with Mailchimp account administrators to provision or deprovision access, creating security gaps and compliance risks around API key management.
The strategic alternative
Mandrill has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 (via Mailchimp) |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | Via third-party | ❌ | Mandrill is an add-on to Mailchimp. SSO and user management handled via parent Mailchimp account. Mandrill-specific Okta app exists but provisioning managed through Mailchimp. |
| Microsoft Entra ID | Via third-party | ❌ | No direct Entra integration. Access managed via Mailchimp parent account. SSO configuration through Mailchimp's SAML settings. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Mandrill accounts manually. Here's what that costs:
The Mandrill pricing problem
Mandrill gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Demo | Free (500 emails to verified domain) | ||
| Block pricing | $20/block (25,000 emails) | ||
| Dedicated IP | +$29.95/month |
Pricing structure
| Plan | Pricing | SCIM | SSO |
|---|---|---|---|
| Demo | Free (500 emails to verified domain) | ❌ Not available | Via Mailchimp |
| Block pricing | $20/block (25,000 emails) | ❌ Not available | Via Mailchimp |
| Dedicated IP | +$29.95/month | ❌ Not available | Via Mailchimp |
Required dependency: Mandrill requires a Mailchimp Standard or Premium plan ($20-$350/month) - it's not available with Mailchimp Essentials.
What this means in practice
Since Mandrill has no direct user management, IT teams must:
Additional constraints
Summary of challenges
- Mandrill does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Mandrill actually offers for identity
No Direct Identity Management
Mandrill (now Mailchimp Transactional) is an API-only service for sending transactional emails. It doesn't have its own user management system or identity features:
| Feature | Supported? |
|---|---|
| Native SCIM | ❌ No |
| Direct SSO | ❌ No |
| User provisioning | ❌ No |
| Team management | ❌ No |
The reality: Mandrill access is controlled entirely through your Mailchimp parent account. There's no separate user interface or team management for Mandrill itself.
Access via Mailchimp Account
Since Mandrill is a Mailchimp add-on, any identity management happens at the Mailchimp level:
| Requirement | Details |
|---|---|
| Mailchimp plan | Standard ($20/month) or Premium ($350/month) minimum |
| SSO method | SAML 2.0 through Mailchimp's settings |
| User management | Via Mailchimp's team features |
| API access | Controlled by Mailchimp account permissions |
The problem: You're paying for a full Mailchimp marketing platform ($240-$4,200/year) just to get basic identity management for an email API. Most development teams using Mandrill don't need Mailchimp's marketing automation features.
What's Missing
What IT admins are saying
Mandrill's integration into the Mailchimp ecosystem creates confusion for IT teams managing transactional email access:
- Indirect access management - Users must be provisioned through Mailchimp accounts rather than directly in Mandrill
- API-first complexity - Primary interface is developer-focused, making user management less intuitive for IT admins
- Documentation gaps - Limited direct SSO/provisioning guidance for Mandrill specifically vs. parent Mailchimp product
- Dependency on parent account - Cannot manage Mandrill users independently from broader Mailchimp organization settings
Mandrill is an add-on to Mailchimp. SSO and user management handled via parent Mailchimp account.
Requires Mailchimp Standard or Premium plan (not available with Essentials)
The recurring theme
IT teams must navigate Mailchimp's broader user management system to control access to what is essentially a developer API tool, creating an extra layer of complexity for transactional email operations.
The decision
| Your Situation | Recommendation |
|---|---|
| Small development team (<10 users) using API keys | Manual management is acceptable |
| Stable team with existing Mailchimp account setup | Continue manual management via Mailchimp |
| Large organization with frequent developer onboarding/offboarding | Use Stitchflow: automation essential for API access control |
| Enterprise with compliance requirements for email infrastructure | Use Stitchflow: automation essential for audit trail |
| Multi-team environment with separate transactional email needs | Use Stitchflow: automation strongly recommended |
The bottom line
Mandrill operates as part of the Mailchimp ecosystem without direct SCIM support, requiring all user management through your parent Mailchimp account. For organizations that need automated provisioning for their transactional email infrastructure without the complexity of managing nested account hierarchies, Stitchflow provides the streamlined automation you need.
Make Mandrill workflows AI-native
Mandrill has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- Primarily an API service
- Access via Mailchimp account
- SSO managed through Mailchimp parent account
- No direct SCIM documentation for Mandrill itself
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Docs
Mandrill is an add-on to Mailchimp. SSO and user management handled via parent Mailchimp account. Mandrill-specific Okta app exists but provisioning managed through Mailchimp.
Use Stitchflow for automated provisioning.
Unlock SCIM for
Mandrill
Mandrill has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
