Summary and recommendation
Netlify supports SCIM (the protocol that lets your identity provider automatically create, update, and remove user accounts), but only on Enterprise plans with custom pricing. Teams on Pro ($20/month with credits) get SAML SSO but no automated provisioning, meaning IT admins must manually manage user lifecycles even after implementing single sign-on.
This creates a significant operational gap. While developers can authenticate through your corporate identity provider, onboarding new team members, updating roles, or deprovisioning departing employees still requires manual intervention in Netlify's interface. For development teams that scale rapidly or have frequent contractor rotations, this manual overhead undermines the security and efficiency benefits of centralized identity management.
The strategic alternative
Netlify gates SCIM behind Enterprise. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across the rest of your stack. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0, OpenID Connect |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Netlify accounts manually. Here's what that costs:
The Netlify pricing problem
Netlify gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | $20/mo + credits | ||
| Enterprise | Custom pricing |
Note: Pro tier includes team-level SAML SSO but no SCIM. Enterprise is required for organization-level SSO with SCIM Directory Sync capabilities.
What this means in practice
Enterprise pricing is custom, but industry benchmarks for developer tooling suggest significant premiums over Pro plans. Teams face a binary choice:
Stay on Pro: Manual user management, team-level SSO only, no automated provisioning/deprovisioning when developers join or leave projects.
Upgrade to Enterprise: Full SCIM automation but at enterprise pricing that typically represents 3-5x cost increases over Pro plans.
Additional constraints
Summary of challenges
- Netlify supports SCIM but only at Enterprise tier (Custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Netlify doesn't sell SCIM à la carte. It's bundled with Enterprise features:
Stitchflow Insight
If you need enterprise-grade security controls anyway, the upgrade may make sense. If you just want automated user provisioning for your development team, you're paying for a bundle you won't fully use. We estimate ~75% of Enterprise features are irrelevant for teams that only need SCIM to manage developer access to their deployment platform.
What IT admins are saying
Community sentiment on Netlify's SCIM gating is frustration with the Enterprise paywall. Common complaints:
While specific community quotes are limited due to Netlify's developer-focused audience, the pattern mirrors other dev tools: essential IT features restricted to enterprise tiers.
- Being forced into custom Enterprise pricing just for user provisioning
- SCIM locked behind the highest tier when competitors offer it on mid-tier plans
- WorkOS dependency adding another vendor relationship to manage
- Team-level SSO tease on Pro plans without actual directory sync capabilities
The recurring theme
Netlify treats SCIM as an enterprise-only feature despite Pro teams having legitimate provisioning needs, forcing unnecessary vendor negotiations for basic identity automation.
The decision
| Your Situation | Recommendation |
|---|---|
| On Pro plan, need SCIM | Use Stitchflow: avoid the Enterprise tier jump and custom pricing |
| Small dev team, limited budget | Use Stitchflow: start with a free gap diagnostic, then build the workflow across every app without asking your team to own the plumbing. |
| Already on Enterprise with SCIM | Use native SCIM: you're paying for WorkOS integration already |
| Need Enterprise features beyond SCIM | Evaluate Enterprise: SCIM comes bundled with WorkOS |
| Minimal team changes, tight IT budget | Manual may work: but monitor for security gaps in dev tool access |
The bottom line
Netlify gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the Netlify workflow gap
Netlify gates SCIM behind Enterprise, but the bigger issue is the workflow around it. Stitchflow builds and maintains the offboarding, access review, or license workflow underneath.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- Enterprise plan required
- Uses WorkOS for SSO setup
- SCIM for organizations only
- Team-level SSO on lower tiers
Close the workflow gap in
Netlify
Netlify gates SCIM behind Enterprise plan. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across your stack.
Start with the free gap diagnostic
