Stitchflow
Back to directory
Oracle Commerce logo

Oracle Commerce SCIM guide

Connector Only

How to automate Oracle Commerce user provisioning, and what it actually costs

Summary and recommendation

Oracle Commerce (CX Commerce) does not provide native SCIM provisioning. While the platform supports SAML 2.0 SSO through Oracle Identity Cloud Service (IDCS), SCIM functionality is only available indirectly through Oracle's broader IAM ecosystem, requiring IDCS as an intermediary layer. This architecture creates significant complexity for IT teams managing user provisioning, as you must configure and maintain Oracle's identity infrastructure even if you don't use other Oracle cloud services. The platform's enterprise-grade pricing (starting at $180,000-$300,000 annually) makes this limitation particularly problematic for organizations that need streamlined user lifecycle management.

This creates a critical gap for e-commerce teams where Oracle Commerce handles the storefront but user provisioning remains a manual process. Without direct SCIM support, IT admins must manually create, update, and deactivate user accounts for merchants, administrators, and e-commerce team members. The reliance on IDCS as an intermediary adds another layer of complexity and potential failure points, making what should be automated provisioning workflows dependent on Oracle's broader cloud architecture.

The strategic alternative

Oracle Commerce has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.

Quick SCIM facts

SCIM available?No
SCIM tier requiredN/A
SSO required first?Yes
SSO available?Yes
SSO protocolSAML 2.0
DocumentationOfficial docs

Supported identity providers

IdPSSOSCIMNotes
OktaVia third-partySCIM provisioning to Oracle Cloud via IDCS. Search for Oracle Identity Cloud Service in OIN. Configure SAML SSO and SCIM with Base64 encoded credentials.
Microsoft Entra IDVia third-partyIntegrate via IDCS as intermediary. OCI IAM tutorials available for Entra ID federation. No direct Oracle Commerce Entra gallery app.
Google WorkspaceVia third-partyNo native support
OneLoginVia third-partyNo native support

The cost of not automating

Without SCIM (or an alternative like Stitchflow), your IT team manages Oracle Commerce accounts manually. Here's what that costs:

Source: Stitchflow aggregate data across apps with 2+ instances, normalized to 500 employees
Orphaned accounts (ex-employees with access)7
Unused licenses12
IT hours spent on manual management/year101 hours
Unused license cost/year$3,925
IT labor cost/year$6,088
Cost of compliance misses/year$1,741
Total annual financial impact$11,754

The Oracle Commerce pricing problem

Oracle Commerce gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.

Tier comparison

PlanPriceSSOSCIM
Enterprise$180,000-$300,000/year
Via IDCS only

Pricing and provisioning options

PlanPricingSCIMSSO
Enterprise$180,000-$300,000/yearVia IDCS onlySAML 2.0

Oracle Commerce pricing details

Base subscription
~$15,000/month minimum
Usage-based fees
$800 per 1,000 page views + $3 per additional 1,000
Minimum 3-year contract commitment
Mid-sized deployments typically cost $180,000-$300,000 annually

What this means in practice

Oracle Commerce forces you into their identity ecosystem rather than providing direct SCIM integration. Your provisioning workflow becomes:

1. Your IdP → Oracle IDCS → Oracle Commerce

This three-hop architecture creates multiple failure points and requires managing Oracle IDCS licenses and configuration separately from your Commerce subscription. You're paying enterprise-tier pricing for a solution that can't integrate directly with your existing identity infrastructure.

Additional constraints

Oracle ecosystem lock-in
SCIM requires Oracle Identity Cloud Service subscription and configuration
No direct IdP integration
All major IdPs (Okta, Entra, Google Workspace) must route through IDCS
Production security requirements
Encrypted assertions and signed responses mandatory
Limited API access
Uses REST APIs with OAuth 2.0 instead of standard SCIM endpoints
Complex troubleshooting
Identity issues require coordination between your IdP, Oracle IDCS, and Oracle Commerce support teams

Summary of challenges

  • Oracle Commerce does not provide native SCIM at any price tier
  • Organizations must rely on third-party tools or manual provisioning
  • Our research shows teams manually provisioning this app spend significant hidden costs annually

What Oracle Commerce actually offers for identity

SAML SSO (via Oracle Identity Cloud Service)

Oracle Commerce doesn't provide direct identity integration. Instead, it routes everything through Oracle Identity Cloud Service (IDCS):

SettingDetails
ProtocolSAML 2.0
Supported IdPsOkta, Entra ID, generic SAML
ConfigurationConfigure via Oracle IDCS console
Production requirementsEncrypted assertions and signed responses required
JIT Provisioning✓ Yes

SCIM Provisioning (via Oracle IDCS intermediary)

Oracle Commerce has no native SCIM endpoint. All user provisioning must flow through Oracle Identity Cloud Service:

FeatureSupported?
Native SCIM endpoint❌ No
Create users✓ Yes (via IDCS)
Update user attributes✓ Yes (via IDCS)
Deactivate users✓ Yes (via IDCS)
Direct IdP integration❌ No - requires IDCS

Critical architectural limitation: You cannot connect your identity provider directly to Oracle Commerce. Every provisioning action must route through Oracle's Identity Cloud Service, adding complexity and potential failure points.

Okta Integration (requires Oracle IDCS)

The Okta Integration Network has an Oracle Identity Cloud Service connector, not a direct Oracle Commerce integration:

Search for "Oracle Identity Cloud Service" in Okta's app catalog
Configure SAML SSO and SCIM through IDCS
Requires Base64 encoded credentials for API authentication
No direct Oracle Commerce app available

This architecture means you're managing identity integration across two Oracle services instead of one direct connection to your e-commerce platform.

What IT admins are saying

Oracle Commerce's complex provisioning architecture through Oracle Identity Cloud Service creates deployment headaches for IT teams:

  • No native SCIM endpoint - All provisioning must route through Oracle IDCS as an intermediary
  • Oracle ecosystem lock-in - Requires Oracle Identity Cloud Service even for basic user management
  • Enterprise-only access - Automated provisioning unavailable on lower-tier plans
  • Complex multi-step configuration - SAML SSO and SCIM require separate IDCS setup with Base64 encoded credentials

Configure via Oracle Identity Cloud Service. Enable encrypted assertions and signed responses in production.

Oracle Commerce documentation

SCIM provisioning to Oracle Cloud via IDCS. Search for Oracle Identity Cloud Service in OIN.

Okta Integration Network

The recurring theme

Oracle Commerce treats user provisioning as an afterthought, forcing IT teams to navigate Oracle's broader identity ecosystem just to automate basic user lifecycle management. The lack of direct SCIM support means every provisioning workflow requires Oracle IDCS as a middleman.

The decision

Your SituationRecommendation
Small e-commerce team (<20 users)Manual management is acceptable
Already using Oracle IDCS ecosystemConfigure SCIM through Oracle Identity Cloud Service
Multi-platform commerce setup (50+ users)Use Stitchflow: automation essential for complex deployments
Enterprise with compliance requirementsUse Stitchflow: avoid Oracle ecosystem complexity
Budget-conscious organizationsUse Stitchflow: avoid $180K+ Oracle Commerce licensing

The bottom line

Oracle Commerce requires Oracle Identity Cloud Service as an intermediary for SCIM provisioning, adding complexity to an already expensive platform ($180K+ annually). For organizations that want automated provisioning without Oracle's ecosystem overhead and premium pricing, Stitchflow delivers the same automation at a fraction of the cost.

Make Oracle Commerce workflows AI-native

Oracle Commerce has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.

Covers apps without native SCIM, including the ones without APIs
Less than a week, start to finish (~2 hours of your time)
Built with your team; extend to anything else in the company
Book a Demo

Technical specifications

SCIM Version

Not specified

Supported Operations

Not specified

Supported Attributes

Not specified

Plan requirement

Not specified

Prerequisites

Not specified

Key limitations

  • Uses Oracle Identity Cloud Service
  • Part of Oracle CX suite
  • Encrypted assertions recommended
  • Signed responses required in production
  • No native SCIM endpoint
View Official Documentation

Configuration for Okta

Integration type

Okta Integration Network (OIN) app

Prerequisite

SSO must be configured before enabling SCIM.

Where to enable

Okta Admin Console → Applications → Oracle Commerce → Sign On

Docs

Okta integrationOracle Commerce SCIM setup

SCIM provisioning to Oracle Cloud via IDCS. Search for Oracle Identity Cloud Service in OIN. Configure SAML SSO and SCIM with Base64 encoded credentials.

Use Stitchflow for automated provisioning.

Configuration for Entra ID

Integration type

Microsoft Entra Gallery app

Prerequisite

SSO must be configured before enabling SCIM.

Where to enable

Entra admin center → Enterprise applications → Oracle Commerce → Single sign-on

Docs

Microsoft Entra integrationOracle Commerce SCIM setup

Integrate via IDCS as intermediary. OCI IAM tutorials available for Entra ID federation. No direct Oracle Commerce Entra gallery app.

Use Stitchflow for automated provisioning.

Unlock SCIM for
Oracle Commerce

Oracle Commerce has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.

See how it works
Admin Console
Directory
Applications
Oracle Commerce logo
Oracle Commerce
via Stitchflow

Last updated: 2026-01-11

* Pricing and features sourced from public documentation.

Keep exploring

Related apps

Magento logo

Magento

No SCIM

E-commerce Platform

ProvisioningNot Supported
Manual Cost$11,754/yr

Adobe Commerce (Magento) does not offer native SCIM provisioning on any plan. While the platform supports SSO through third-party marketplace extensions (like miniOrange SAML SP), these only handle authentication for storefront access. User provisioning must be handled manually through the admin panel or via custom API integrations. Even Adobe's Admin Console—used for managing Adobe product access—only supports SCIM with Azure AD and Google Workspace, leaving Okta and OneLogin users without automated provisioning options. This creates a significant operational gap for IT teams managing e-commerce operations. Without automated provisioning, onboarding new store managers, developers, and customer service staff requires manual account creation in both the identity provider and Magento. When employees leave or change roles, IT must remember to manually deprovision access across both systems. For enterprises running multiple Magento instances or managing seasonal staff fluctuations, this manual process becomes a compliance risk and administrative burden.

View full guide
BigCommerce logo

BigCommerce

No SCIM

E-commerce Platform

ProvisioningNot Supported
Manual Cost$13,174/yr

BigCommerce, the e-commerce platform used by thousands of online retailers, does not offer native SCIM provisioning on any plan. While BigCommerce supports SSO through SAML 2.0 and OAuth protocols, organizations must rely on third-party solutions like miniOrange or LoginRadius to achieve automated user provisioning. This creates a significant gap for IT teams managing e-commerce operations, as they must integrate and maintain separate identity management tools just to automate basic user lifecycle tasks like onboarding store administrators, merchandisers, and customer service teams. The lack of native SCIM support becomes particularly problematic for growing e-commerce businesses that need rapid access changes across multiple storefronts or seasonal staff adjustments. Without automated provisioning, IT teams face manual user management overhead precisely when business velocity matters most. SSO alone doesn't solve this problem—it only handles authentication for users who already have accounts, leaving account creation, role assignments, and deprovisioning as manual processes that introduce security risks and operational delays.

View full guide
Medusa logo

Medusa

No SCIM

E-commerce Platform

ProvisioningNot Supported
Manual Cost$11,754/yr

Medusa, the open-source headless commerce platform, does not offer native SCIM provisioning on any plan—including their Cloud Enterprise tier. While Medusa's modular authentication system allows for custom OAuth/OIDC implementations (they even provide an Okta auth module for admin authentication), this only handles login authentication, not automated user lifecycle management. Organizations must manually provision and deprovision admin dashboard users, regardless of whether they're using the free open-source version or paying for Medusa Cloud Enterprise. This creates a significant operational burden for IT teams managing e-commerce operations. Without automated provisioning, every new developer, admin, or contractor requires manual account creation in Medusa's admin dashboard. When team members leave or change roles, IT must remember to manually revoke access—a process that becomes increasingly error-prone as teams scale. For companies building mission-critical e-commerce platforms on Medusa, this manual approach creates both security risks and operational inefficiency.

View full guide