Stitchflow
Back to directory
Observable logo

Observable SCIM guide

Connector Only

How to automate Observable user provisioning, and what it actually costs

Native SCIM not available

Summary and recommendation

Observable, the collaborative data notebook platform, does not offer SCIM provisioning on any plan. While Observable Enterprise customers can configure custom OIDC single sign-on with providers like Okta and Entra ID, this only handles authentication—not user lifecycle management. Users must still be manually invited to Observable workspaces or rely on just-in-time (JIT) provisioning, which only creates accounts upon first login without proper role assignment or workspace allocation. Additionally, Observable's SSO implementation is OIDC-only with no SAML support, limiting integration options for organizations standardized on SAML workflows.

This creates a significant operational burden for IT teams managing data science and analytics teams. Without automated provisioning, administrators must manually coordinate Observable workspace access with team changes, track which users belong to which projects, and remember to deprovision access when employees leave. For organizations where data analysts and scientists frequently collaborate across teams and projects, this manual overhead scales poorly and increases the risk of inappropriate data access lingering after role changes.

The strategic alternative

Observable has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.

Quick SCIM facts

SCIM available?No
SCIM tier requiredN/A
SSO required first?No
SSO available?Yes
SSO protocolSAML 2.0
DocumentationNot available

Supported identity providers

IdPSSOSCIMNotes
OktaNo Okta OIN integration. Custom SSO via OIDC for Enterprise teams with Okta Identity Cloud.
Microsoft Entra IDSupports Microsoft as identity provider. Custom OIDC SSO available for Enterprise.
Google WorkspaceVia third-partyNo native support
OneLoginVia third-partyNo native support

The cost of not automating

Without SCIM (or an alternative like Stitchflow), your IT team manages Observable accounts manually. Here's what that costs:

Source: Stitchflow research, normalized to 500 employees:
Orphaned accounts (ex-employees with access)5
Unused licenses12
IT hours spent on manual management/year85 hours
Unused license cost/year$3,500
IT labor cost/year$5,100
Cost of compliance misses/year$890
Total annual financial impact$9,490

The Observable pricing problem

Observable gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.

Tier comparison

PlanPriceSSOSCIM
Starter$0
Pro$9/user/mo
BusinessCustom
EnterpriseCustom (contact sales)

Pricing structure

PlanPriceSSOSCIM
Starter$0
Pro$9/user/mo
BusinessCustom
EnterpriseCustom (contact sales)

What this means in practice

Without SCIM support, IT teams face manual user management across all Observable plans:

User lifecycle management

New hires require manual account creation and workspace assignment
Role changes need manual permission updates across notebooks and workspaces
Departing employees must be manually removed from all Observable resources

Enterprise SSO limitations

Custom pricing required just to get basic OIDC SSO
No SAML support
OIDC only, limiting IdP compatibility
JIT provisioning available but doesn't solve deprovisioning challenges

Additional constraints

No centralized user directory
Observable users exist independently of your IdP
Workspace permission complexity
Data notebooks often have granular sharing that requires manual oversight
Compliance gaps
Manual processes create audit trail issues for data access governance
Scale limitations
Growing data teams require increasingly manual Observable administration

Summary of challenges

  • Observable does not provide native SCIM at any price tier
  • Organizations must rely on third-party tools or manual provisioning
  • Our research shows teams manually provisioning this app spend significant hidden costs annually

What Observable actually offers for identity

OIDC SSO (Enterprise only)

Observable supports OpenID Connect integration with major identity providers:

SettingDetails
ProtocolOIDC only (SAML not supported)
Built-in providersGoogle, GitHub, Microsoft
Custom OIDCAvailable on Enterprise plan
User managementManual or Just-In-Time (JIT) provisioning only

Critical limitation: Observable explicitly does not support SAML authentication. Teams requiring SAML integration cannot use Observable's SSO features.

Okta Integration

Observable has no official Okta Integration Network (OIN) listing. Custom OIDC integration requires:

RequirementDetails
Observable planEnterprise (contact sales)
ConfigurationManual OIDC setup in both Okta and Observable
User provisioning❌ No SCIM support
Group management❌ No group sync

Microsoft Entra Integration

Similar limitations apply to Entra ID:

FeatureSupported?
OIDC SSO✓ Yes (Enterprise)
SAML SSO❌ No
User provisioning❌ No
Group sync❌ No
Automatic deprovisioning❌ No

Bottom line: Observable's identity features are limited to basic OIDC SSO with JIT provisioning. No SCIM support means all user lifecycle management must be handled manually through Observable's interface, regardless of your plan tier.

What IT admins are saying

Observable's lack of automated provisioning forces IT teams into manual user management workflows:

  • Manual user invitations required for every new team member
  • No automated deprovisioning when employees leave the organization
  • OIDC-only SSO limits identity provider flexibility (no SAML support)
  • Enterprise plan required for any custom SSO beyond built-in Google/GitHub/Microsoft

Observable supports OIDC only, not SAML. This creates integration challenges since our primary IdP setup is SAML-based.

IT Administrator, Reddit

Even with SSO enabled, we still have to manually invite each user to Observable workspaces. There's no automatic provisioning from our directory.

Systems Admin, Observable Community Forum

The recurring theme

Observable treats user provisioning as a manual, workspace-by-workspace process. IT teams must individually invite users and remember to remove access when employees leave, creating security gaps and administrative overhead.

The decision

Your SituationRecommendation
Small data science team (<10 users)Manual management is acceptable
Research team with stable membershipManual management with built-in SSO (Google/GitHub/Microsoft)
Growing analytics organization (25+ users)Use Stitchflow: automation essential for scaling
Enterprise with compliance requirementsUse Stitchflow: automation essential for audit trail
Multiple data teams across departmentsUse Stitchflow: automation strongly recommended

The bottom line

Observable is an excellent data notebook platform, but it completely lacks SCIM provisioning capabilities across all plans. Even Enterprise customers must manage users manually or rely on JIT provisioning. For organizations that need proper user lifecycle automation and compliance audit trails, Stitchflow delivers SCIM-level provisioning without the platform limitations.

Make Observable workflows AI-native

Observable has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.

Covers apps without native SCIM, including the ones without APIs
Less than a week, start to finish (~2 hours of your time)
Built with your team; extend to anything else in the company
Book a Demo

Technical specifications

SCIM Version

Not specified

Supported Operations

Not specified

Supported Attributes

No SCIM support - users must be managed manually or via SSO JIT provisioningSAML is NOT supported (OIDC only)Custom SSO requires Enterprise planBuilt-in SSO for Google, GitHub, Microsoft only

Plan requirement

Not specified

Prerequisites

Not specified

Key limitations

  • No SCIM support - users must be managed manually or via SSO JIT provisioning
  • SAML is NOT supported (OIDC only)
  • Custom SSO requires Enterprise plan
  • Built-in SSO for Google, GitHub, Microsoft only

Documentation not available.

Unlock SCIM for
Observable

Observable has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.

See how it works
Admin Console
Directory
Applications
Observable logo
Observable
via Stitchflow

Last updated: 2026-01-20

* Pricing and features sourced from public documentation.

Keep exploring

Related apps

Abnormal Security logo

Abnormal Security

No SCIM

Security / Email Security

ProvisioningNot Supported
Manual Cost$9,490/yr

Abnormal Security, the AI-powered email security platform protecting against BEC and phishing attacks, does not offer SCIM provisioning on any plan. While the platform supports SAML 2.0 SSO integration with identity providers like Okta and Entra ID, this only handles authentication—not automated user lifecycle management. Security teams must manually provision and deprovision analyst access through Abnormal's portal, creating operational overhead and potential security gaps in a platform specifically designed to protect against email-based threats. This manual provisioning model creates significant challenges for security operations. When new SOC analysts join or existing team members change roles, IT admins must coordinate manual account creation and permission updates in Abnormal Security. For a platform that's critical to threat detection and incident response, delays in provisioning can leave security gaps, while delayed deprovisioning creates compliance risks. The irony is stark: a security platform designed to prevent account takeover and credential abuse lacks the automated provisioning controls that prevent exactly these risks.

View full guide
Airwallex logo

Airwallex

No SCIM
ProvisioningNot Supported
Manual Cost$9,490/yr

Airwallex, the global payments and treasury platform, offers no SCIM provisioning support on any plan, including their custom Accelerate enterprise tier. Despite being positioned for enterprise use with features like multi-entity management and advanced treasury controls, Airwallex lacks any official identity provider integrations—no SSO, no provisioning, and no presence in major IdP galleries like Okta's OIN or Microsoft Entra. This creates a significant operational burden for IT teams managing financial access across growing organizations, where manual user provisioning and deprovisioning in a payments platform presents both efficiency and security risks. The absence of identity management capabilities means IT administrators must manually create, update, and remove user accounts in Airwallex—a particularly concerning gap given that this platform handles sensitive financial operations, cross-border payments, and treasury management. Without automated deprovisioning, former employees could retain access to financial systems, creating compliance risks and potential security vulnerabilities that most finance and IT teams cannot afford to overlook.

View full guide
Alkami logo

Alkami

No SCIM
ProvisioningNot Supported
Manual Cost$9,490/yr

Alkami, the digital banking platform used by banks and credit unions, does not offer SCIM provisioning or public SSO integrations. As an enterprise-only platform with custom pricing, Alkami appears to handle user management through direct account administration rather than standardized identity protocols. This creates significant challenges for financial institutions that need to integrate Alkami with their existing identity infrastructure—particularly problematic given the compliance requirements and security standards that banks must maintain. The lack of automated provisioning means IT teams at financial institutions must manually create, update, and deprovision user accounts in Alkami. For a platform handling sensitive financial data and customer information, this manual approach introduces compliance risks and operational overhead. Banks typically require seamless integration between their core identity systems and all applications accessing customer data.

View full guide