Medusa SCIM guide

Adobe Commerce (Magento) does not offer native SCIM provisioning on any plan. While the platform supports SSO through third-party marketplace extensions (like miniOrange SAML SP), these only handle authentication for storefront access. User provisioning must be handled manually through the admin panel or via custom API integrations. Even Adobe's Admin Console—used for managing Adobe product access—only supports SCIM with Azure AD and Google Workspace, leaving Okta and OneLogin users without automated provisioning options. This creates a significant operational gap for IT teams managing e-commerce operations. Without automated provisioning, onboarding new store managers, developers, and customer service staff requires manual account creation in both the identity provider and Magento. When employees leave or change roles, IT must remember to manually deprovision access across both systems. For enterprises running multiple Magento instances or managing seasonal staff fluctuations, this manual process becomes a compliance risk and administrative burden.

Oracle Commerce (CX Commerce) does not provide native SCIM provisioning. While the platform supports SAML 2.0 SSO through Oracle Identity Cloud Service (IDCS), SCIM functionality is only available indirectly through Oracle's broader IAM ecosystem, requiring IDCS as an intermediary layer. This architecture creates significant complexity for IT teams managing user provisioning, as you must configure and maintain Oracle's identity infrastructure even if you don't use other Oracle cloud services. The platform's enterprise-grade pricing (starting at $180,000-$300,000 annually) makes this limitation particularly problematic for organizations that need streamlined user lifecycle management. This creates a critical gap for e-commerce teams where Oracle Commerce handles the storefront but user provisioning remains a manual process. Without direct SCIM support, IT admins must manually create, update, and deactivate user accounts for merchants, administrators, and e-commerce team members. The reliance on IDCS as an intermediary adds another layer of complexity and potential failure points, making what should be automated provisioning workflows dependent on Oracle's broader cloud architecture.

Saleor Commerce, the open-source headless e-commerce platform, does not support SCIM provisioning on any plan. While Saleor offers SSO integration via OpenID Connect (OIDC) with identity providers like Okta and Microsoft Entra ID, this only handles authentication—not user lifecycle management. IT teams must manually provision, deprovision, and manage user accounts in Saleor's dashboard, even when paying $1,500+/month for Enterprise plans. This creates a significant operational burden for organizations scaling their e-commerce operations with multiple developers, merchants, and e-commerce managers who need platform access. The absence of automated provisioning creates a dangerous security gap. When employees leave or change roles, their Saleor accounts remain active until manually disabled, potentially exposing sensitive customer data, order information, and payment processing capabilities. For organizations subject to PCI-DSS compliance requirements—critical for e-commerce platforms—manual user management introduces audit risks and potential compliance violations.