Summary and recommendation
New Relic offers robust SCIM 2.0 support that automates user creation, updates, deactivation, and group synchronization. However, SCIM requires upgrading to Pro ($349/user/year for full platform access) or Enterprise plans. More critically, enabling SCIM is irreversible—once you turn it on for an authentication domain, you cannot revert to manual user management, forcing permanent dependency on your identity provider for all user lifecycle operations.
This irreversible commitment creates operational risk. If your SCIM integration breaks or you need to temporarily manage users manually, you're locked out of those options. For organizations evaluating New Relic or considering SCIM enablement, this permanent change means you must be certain about your long-term identity management strategy before proceeding.
The strategic alternative
New Relic gates SCIM behind Pro/Enterprise. Skip the Pro/Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Pro |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages New Relic accounts manually. Here's what that costs:
The New Relic pricing problem
New Relic gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Free | $0 (100 GB, 1 full user) | ||
| Standard | $99/mo per full user | ||
| Pro | $349/user/year (full platform) | ||
| Enterprise | Custom pricing |
Plan Structure
| Plan | Price | SCIM |
|---|---|---|
| Free | $0 (100 GB, 1 full user) | ❌ |
| Standard | $99/mo per full user | ❌ |
| Pro | $349/user/year (full platform) | ✓ |
| Enterprise | Custom pricing | ✓ |
Note: New Relic offers different user types - Basic (free, view-only), Core ($49/mo), and Full Platform ($99-349/mo depending on tier). SCIM can manage user type assignments on Pro/Enterprise.
What this means in practice
Moving from free tier to Pro for SCIM access:
| Team Size | Annual Cost (Full Platform Users) |
|---|---|
| 5 users | $1,745/year |
| 10 users | $3,490/year |
| 25 users | $8,725/year |
| 50 users | $17,450/year |
Calculation: $349 × users (annual Pro pricing for full platform access)
Additional constraints
Summary of challenges
- New Relic supports SCIM but only at Pro tier (Custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
New Relic doesn't sell SCIM separately. It comes bundled with Pro/Enterprise observability features:
If your team needs enterprise observability features anyway, the Pro upgrade ($349/user/year for full platform access) delivers solid value. But if you only want user provisioning for a basic monitoring setup, you're paying for advanced APM, infrastructure monitoring, and analytics capabilities you may never use. We estimate ~60% of Pro/Enterprise features are overkill for teams that just need automated user lifecycle management.
Stitchflow Insight
Once you enable SCIM for an authentication domain, you cannot revert to manual user management. This is permanent and irreversible.
What IT admins are saying
Community sentiment on New Relic's SCIM implementation is cautiously positive, though several concerns persist:
- The irreversible nature of SCIM enablement creates deployment anxiety
- Pro tier pricing can be steep for teams that primarily need basic monitoring
- No ability to test SCIM in lower tiers before committing to the upgrade
- Mixed feelings about being locked into SCIM management once enabled
New Relic's SCIM works great, but the fact that you can't go back once you enable it makes me nervous about rollout planning. We had to be 100% sure our directory was clean first.
The Pro tier jump is significant just for SCIM, especially when you factor in the per-user costs for full platform access. Wish there was a middle ground.
The recurring theme
While the SCIM functionality itself is solid, the permanent commitment and tier requirements create hesitation for teams evaluating automated provisioning options.
The decision
| Your Situation | Recommendation |
|---|---|
| On Free/Standard, need SCIM | Use Stitchflow: avoid the Pro upgrade ($349/user/year minimum) |
| On Pro/Enterprise with SCIM included | Use native SCIM: you're already paying for full platform users |
| Mixed user types (Basic, Core, Full Platform) | Use Stitchflow: simpler than New Relic's complex user type management |
| Want to test SCIM before committing | Use Stitchflow: New Relic's SCIM enablement is permanent and irreversible |
| Small dev team, infrequent changes | Manual may work: but monitor for security gaps as team grows |
The bottom line
New Relic gates SCIM behind Pro/Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Make New Relic workflows AI-native
New Relic gates SCIM behind Pro/Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Pro
Prerequisites
SSO must be configured first
Key limitations
- Pro or Enterprise required
- Once SCIM enabled, cannot revert to non-SCIM
- Must manage users via SCIM after enablement
- Groups control account access
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Full SCIM 2.0 support via New Relic by Organization app in OIN. Supports user creation, updates, deactivation, and group sync. Can manage user types via SCIM.
New Relic gates SCIM behind Pro/Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Full SCIM 2.0 support. Tenant URL: https://scim-provisioning.service.newrelic.com/scim/v2. Supports automatic provisioning and deprovisioning.
New Relic gates SCIM behind Pro/Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
New Relic
New Relic gates SCIM behind Pro/Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
