Summary and recommendation
Orca Security supports native SCIM 2.0 provisioning with full functionality through both Okta and Microsoft Entra. However, SCIM is only available on Enterprise plans with custom pricing, and requires SSO to be configured first as a prerequisite. This creates a significant barrier for organizations that want automated user provisioning but don't need the full enterprise feature set.
The custom pricing model means you'll need to go through a sales process to even understand the cost, and enterprise security platforms typically start in the tens of thousands annually. For mid-market organizations or those with smaller security teams, paying enterprise rates just to unlock basic user lifecycle management creates unnecessary budget strain. SSO alone doesn't solve the operational overhead of manually managing user accounts as your team grows.
The strategic alternative
Orca Security gates SCIM behind Custom. Skip the Custom plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Custom |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Orca Security accounts manually. Here's what that costs:
The Orca Security pricing problem
Orca Security gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | Custom | ||
| Business | Custom | ||
| Enterprise | Custom |
Note: All Orca Security pricing is custom, making cost comparison difficult for IT teams during budget planning cycles.
What this means in practice
The custom pricing model creates several challenges:
Additional constraints
Summary of challenges
- Orca Security supports SCIM but only at Custom tier (Custom)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Orca Security doesn't sell SCIM à la carte. It's bundled with their Enterprise tier at custom pricing:
Stitchflow Insight
The custom pricing model means you're negotiating for an enterprise security platform, not just user provisioning. If you need comprehensive cloud security posture management anyway, the bundle makes sense. If you just want automated user provisioning for your existing security stack, you're paying enterprise rates for capabilities you won't use. We estimate ~60% of Enterprise features are overkill for teams that only need SCIM provisioning.
What IT admins are saying
Community sentiment on Orca Security's SCIM implementation is mixed, with cost and complexity being primary concerns:
- Custom pricing creates budget uncertainty and lengthy procurement cycles
- SSO prerequisite adds configuration complexity and potential failure points
- Enterprise-only SCIM excludes growing security teams on smaller budgets
- Lack of transparent pricing makes ROI calculations difficult
Another security vendor that won't show pricing until you're deep in a sales process. Makes it impossible to budget properly.
Had to implement SSO first before SCIM would work. One more thing that can break and take down user access.
The recurring theme
While Orca Security offers solid SCIM functionality, the custom pricing model and SSO dependency create adoption barriers that force teams into complex sales cycles just to understand their provisioning costs.
The decision
| Your Situation | Recommendation |
|---|---|
| Need SCIM but don't qualify for custom pricing | Use Stitchflow: avoid the enterprise sales process |
| Want SCIM without SSO complexity | Use Stitchflow: bypass the SSO prerequisite |
| Already on Enterprise with custom pricing | Use native SCIM: you're paying premium rates |
| Large security organization, need enterprise features | Evaluate Enterprise: SCIM comes with the territory |
| Small security team, low user churn | Manual may suffice: but prepare for audit gaps |
The bottom line
Orca Security gates SCIM behind Custom. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Make Orca Security workflows AI-native
Orca Security gates SCIM behind Custom. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Custom
Prerequisites
SSO must be configured first
Key limitations
- Custom pricing only
- SSO configuration required before SCIM
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Docs
Full SCIM provisioning support
Orca Security gates SCIM behind Custom. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Full SCIM provisioning support
Orca Security gates SCIM behind Custom. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Orca Security
Orca Security gates SCIM behind Custom plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
