Summary and recommendation
Microsoft Dynamics 365 takes a different approach to provisioning than most SaaS applications—it doesn't support SCIM at all. Instead, Microsoft integrates D365 directly into the broader Microsoft 365 ecosystem, meaning user provisioning happens through Azure AD/Entra ID's native identity management. This works seamlessly if you're running a full Microsoft stack, but creates significant friction for organizations using third-party identity providers like Okta, OneLogin, or Google Workspace. These non-Microsoft IdPs require complex federation setups and custom domain configurations, often losing the automated provisioning capabilities that IT teams expect from modern SaaS applications.
The gap becomes particularly problematic for mixed-IdP environments or organizations trying to consolidate identity management outside the Microsoft ecosystem. While D365 supports SAML SSO from third-party providers, this only handles authentication—not the automated user lifecycle management that prevents security gaps and reduces manual IT overhead. Given D365's complex licensing model (ranging from $8/month for Team Members to $180/month for premium modules), manual user management becomes both expensive and error-prone at scale.
The strategic alternative
Microsoft Dynamics 365 gates SCIM behind Included. Skip the Included plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0, WS-Federation, OIDC |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Microsoft Dynamics 365 accounts manually. Here's what that costs:
The Microsoft Dynamics 365 pricing problem
Microsoft Dynamics 365 gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Team Member | $8/user/month | ||
| Business Central Essentials | $80/user/month | ||
| Business Central Premium | $110/user/month | ||
| Sales Professional | $65/user/month | ||
| Sales Enterprise | $95/user/month | ||
| Project Operations | $135/user/month |
Pricing and provisioning options
| Plan | Price | SCIM | Notes |
|---|---|---|---|
| Team Member | $8/user/month | ❌ Microsoft ecosystem only | Limited access |
| Business Central Essentials | $80/user/month | ❌ Microsoft ecosystem only | ERP functionality |
| Business Central Premium | $110/user/month | ❌ Microsoft ecosystem only | Full ERP + analytics |
| Sales Professional | $65/user/month | ❌ Microsoft ecosystem only | Basic CRM |
| Sales Enterprise | $95/user/month | ❌ Microsoft ecosystem only | Advanced CRM |
| Project Operations | $135/user/month | ❌ Microsoft ecosystem only | Project management |
Pricing increases to $80/$110 for Business Central plans in November 2025
What this means in practice
For Microsoft shops: User provisioning works natively through Azure AD/Entra ID with full attribute mapping, group sync, and automated lifecycle management. This is the ideal scenario.
For non-Microsoft IdPs: You're forced into a federation setup where:
Additional constraints
Summary of challenges
- Microsoft Dynamics 365 supports SCIM but only at Enterprise tier (custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Microsoft Dynamics 365 actually offers for identity
Native Azure AD/Entra Integration
For organizations in the Microsoft ecosystem, Dynamics 365 provides seamless identity management:
| Feature | Details |
|---|---|
| Protocol | SAML 2.0, WS-Federation, OIDC |
| User provisioning | Full SCIM via Azure AD/Entra |
| Group sync | ✓ Yes |
| JIT provisioning | ✓ Yes |
| Deprovisioning | ✓ Yes |
| Cost | Included with Microsoft 365 licensing |
The Microsoft advantage: If you're already using Azure AD/Entra as your primary IdP, Dynamics 365 provisioning works natively with full SCIM capabilities at no additional cost.
Third-Party IdP Support
For non-Microsoft identity providers, the experience is more limited:
| IdP | SSO Support | Provisioning Method | Limitations |
|---|---|---|---|
| Okta | ✓ SAML via OIN | API/SCIM through federation | Requires federated identity setup |
| Google Workspace | ✓ SAML | Custom federation | Complex configuration |
| OneLogin | ✓ SAML | Custom federation | Additional setup overhead |
Translation: While Dynamics 365 technically supports third-party IdPs, you'll need to configure federation between your IdP and Azure AD to get full provisioning capabilities. This adds complexity and potential points of failure.
Pricing Reality
Microsoft's complex licensing structure means identity features come "free" with expensive user licenses:
While SCIM provisioning is "included," you're paying $65-180/user/month for the underlying Dynamics 365 licenses—making this one of the most expensive SCIM implementations available.
What IT admins are saying
Microsoft Dynamics 365's provisioning experience varies dramatically depending on your identity stack:
- Microsoft shops love the native integration - Azure AD/Entra users get seamless SCIM provisioning as part of the ecosystem
- Non-Microsoft environments face complexity - Third-party IdPs like Okta require federation setup and custom domain configuration
- Licensing confusion creates headaches - With pricing ranging from $8-$180/user/month across different modules, determining proper licenses is complex
- Multiple app confusion - The Dynamics 365 family includes various apps (Sales, Service, Business Central) each with different provisioning considerations
Best experience with Azure AD/Entra ID... Third-party IdP requires federation setup
Works with Microsoft 365 identity. Third-party SAML IdPs supported with custom domain setup
The recurring theme
If you're already in the Microsoft ecosystem, Dynamics 365 provisioning works beautifully. But organizations using Okta, Google Workspace, or other IdPs face additional configuration complexity to achieve the same seamless experience.
The decision
| Your Situation | Recommendation |
|---|---|
| Microsoft-first org with Azure AD/Entra | Native Azure AD provisioning works well |
| Mixed IdP environment (Okta + Azure) | Use Stitchflow: simplifies cross-platform management |
| Large enterprise with multiple D365 modules | Use Stitchflow: automation essential for complex licensing |
| Non-Microsoft IdP (Google Workspace, OneLogin) | Use Stitchflow: avoids federation complexity |
| Compliance-heavy industry requiring audit trails | Use Stitchflow: comprehensive logging and monitoring |
The bottom line
Microsoft Dynamics 365 works seamlessly with Azure AD but becomes complex with third-party IdPs requiring federation setup. For organizations using non-Microsoft identity providers or managing multiple D365 modules, Stitchflow eliminates the federation overhead and provides consistent provisioning regardless of your IdP choice.
Make Microsoft Dynamics 365 workflows AI-native
Microsoft Dynamics 365 gates SCIM behind Included. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- Best experience with Azure AD/Entra ID
- Part of Microsoft 365 ecosystem
- Third-party IdP requires federation setup
- Multiple apps in Dynamics family
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
OIN integration with group linking, schema discovery, attribute writeback. Provisions via Microsoft ecosystem.
Microsoft Dynamics 365 gates SCIM behind Included. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Native integration with Microsoft Entra ID. Best experience with full Microsoft stack. Federated identity management.
Microsoft Dynamics 365 gates SCIM behind Included. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Microsoft Dynamics 365
Microsoft Dynamics 365 gates SCIM behind Included plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
