Summary and recommendation
Oracle NetSuite supports user provisioning through Okta's official integration, though it uses NetSuite's proprietary API rather than native SCIM. Enterprise-tier pricing starts at $999/month base license plus $99-$199 per user. Microsoft Entra ID provisioning is not yet available—Microsoft is "working on a modernized integration" with no timeline. For organizations using Okta, automated provisioning is available; for Entra-only shops, manual user management remains the only option.
For finance teams managing NetSuite access, this creates significant compliance risk. ERP systems require meticulous role-based access controls for SOX compliance, and manual provisioning makes it nearly impossible to maintain proper audit trails. The lack of automated deprovisioning means terminated employees may retain access to sensitive financial data longer than policy allows. With NetSuite holding your organization's most sensitive financial information, manual provisioning processes create both security vulnerabilities and audit documentation overhead that finance teams can't afford.
The strategic alternative
Netsuite gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ❌ | SSO only |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Netsuite accounts manually. Here's what that costs:
The Netsuite pricing problem
Netsuite gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Okta | ✓ Limited | Enterprise plan + token auth | |
| Microsoft Entra | ❌ Not supported | ||
| Google Workspace | ❌ Not supported | SAML SSO + JIT only | |
| OneLogin | ❌ Not supported | SAML SSO + JIT only |
Provisioning limitations
| IdP | Provisioning Support | Method | Requirements |
|---|---|---|---|
| Okta | ✓ Limited | Proprietary API | Enterprise plan + token auth |
| Microsoft Entra | ❌ Not supported | None | Microsoft working on integration (no ETA) |
| Google Workspace | ❌ Not supported | Manual only | SAML SSO + JIT only |
| OneLogin | ❌ Not supported | Manual only | SAML SSO + JIT only |
Base pricing: $999+/month base license, $99-$199/user/month for full users, $10-$25/user/month for employee self-service.
What this means in practice
Without SCIM, NetSuite provisioning becomes a compliance nightmare for finance teams:
Additional constraints
Summary of challenges
- Netsuite supports SCIM but only at Enterprise tier (custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Netsuite actually offers for identity
NetSuite doesn't offer SCIM at all. Instead, Oracle provides basic identity features that fall far short of modern provisioning standards:
SAML SSO (Available on all plans)
Okta Proprietary Integration (Enterprise tier required)
Microsoft Entra Integration
The fundamental problem
For an ERP system handling sensitive financial data, NetSuite's identity offerings create compliance nightmares. The lack of standardized SCIM means:
NetSuite forces finance teams into manual workflows that are incompatible with modern security and compliance requirements. Even Oracle's own cloud HCM platform supports full SCIM - but NetSuite remains stuck with proprietary APIs from the pre-cloud era.
What IT admins are saying
NetSuite's complete lack of SCIM support creates significant provisioning challenges for enterprise IT teams:
- No SCIM or OAuth2 support despite being a major ERP platform used by thousands of enterprises
- Manual user creation required even with SSO - JIT only works on first login attempt
- SuiteCloud Plus License required just to enable batch user operations via API
- Microsoft Entra provisioning integration doesn't exist, forcing workarounds for Azure shops
NetSuite uses proprietary API for provisioning (not SCIM protocol). Okta integration available; Microsoft Entra provisioning not yet supported.
Microsoft working on new provisioning integration but no ETA
MFA enforcement complicates automated provisioning
The recurring theme
For a platform handling sensitive financial data where role-based access is critical for SOX compliance, NetSuite forces IT teams into manual provisioning workflows that create audit gaps and compliance documentation overhead.
The decision
| Your Situation | Recommendation |
|---|---|
| Small finance team with stable NetSuite roles | Manual management with JIT provisioning may work |
| Microsoft Entra ID shop needing automated provisioning | Use Stitchflow: no native Entra provisioning exists |
| SOX-compliant organization requiring audit trails | Use Stitchflow: manual provisioning creates compliance gaps |
| Growing company with frequent role changes | Use Stitchflow: manual role management becomes unmanageable |
| Multi-subsidiary NetSuite with complex permissions | Use Stitchflow: proprietary API limitations can't handle complexity |
The bottom line
NetSuite forces even the largest enterprises into manual user management—no SCIM support, no Microsoft Entra integration, and only limited Okta provisioning through proprietary APIs. For finance teams managing sensitive ERP data with strict compliance requirements, Stitchflow delivers the automated provisioning and audit trails that Oracle's outdated identity architecture simply can't provide.
Make Netsuite workflows AI-native
Netsuite gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
None
Key limitations
- No SCIM support - API doesn't follow SCIM standard
- No OAuth2 support for provisioning
- Microsoft Entra provisioning integration not available
- SuiteCloud Plus License required for batch user operations
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Docs
Okta uses NetSuite's proprietary API for provisioning (token-based auth). Schema discovery supported for custom attributes. Group linking available.
Netsuite gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app
Where to enable
Microsoft Entra does not support NetSuite provisioning. NetSuite API doesn't support OAuth2 or SCIM which Microsoft requires. SSO via SAML and JIT provisioning available. Microsoft working on modernized integration with no ETA.
Use Stitchflow for automated provisioning.
Unlock SCIM for
Netsuite
Netsuite gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
