Summary and recommendation
Outreach supports SCIM provisioning, but only on Enterprise plans and with significant implementation complexity. The platform requires SCIM and SSO to be configured as separate Okta applications, creating unnecessary administrative overhead. For Azure environments, there's no pre-built gallery app—you must implement SCIM manually via Outreach's OAuth API. At $100-$160/user/month for Enterprise plans, a 100-person sales team faces $120K-$192K annually just for the baseline licensing before SCIM access.
This creates a problematic gap for growing sales organizations. Teams often need automated user provisioning well before they can justify Enterprise pricing, especially when their primary need is simply adding and removing SDRs and AEs as headcount fluctuates. Manual user management becomes a bottleneck that impacts sales productivity and creates security risks when departing employees retain system access.
The strategic alternative
Outreach gates SCIM behind Enterprise. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across the rest of your stack. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ❌ | SSO only |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Outreach accounts manually. Here's what that costs:
The Outreach pricing problem
Outreach gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Standard | $100-$160/user/month | ||
| Professional | Higher (with AI features) | ||
| Enterprise | Contact sales |
Note: Enterprise pricing is not publicly disclosed. Based on market data, typical 200-user Enterprise deployments range from $386K-$787K over 3 years ($64K-$131K annually), suggesting $27-$55/user/month depending on negotiation and contract length.
What this means in practice
Using conservative Enterprise pricing estimates (assuming $35/user/month average):
| Team Size | Annual Standard Cost | Enterprise Upgrade Cost | Total Increase |
|---|---|---|---|
| 50 users | $60K-$96K | $21K | 18-35% increase |
| 100 users | $120K-$192K | $42K | 18-35% increase |
| 200 users | $240K-$384K | $84K | 18-35% increase |
These calculations assume mid-range Standard pricing ($100/user/month) and conservative Enterprise estimates.
Additional constraints
Summary of challenges
- Outreach supports SCIM but only at Enterprise tier (custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Outreach doesn't sell SCIM separately. It's part of Enterprise plans that bundle extensive sales automation features:
Plus Outreach's SCIM has architectural quirks—you need separate Okta apps for SCIM and SSO, and Azure requires custom API integration since there's no gallery provisioning app.
Stitchflow Insight
The challenge: you're paying $100-$160/user/month primarily for sales engagement tools, not identity management. SCIM is a small add-on to a platform designed for SDRs and account executives. We estimate ~85% of Enterprise features are sales-specific automation that IT teams won't use.
What IT admins are saying
Community sentiment on Outreach's SCIM implementation is mixed, with specific technical frustrations around setup complexity.
- Requirement to maintain separate Okta apps for SCIM and SSO creates administrative overhead
- Azure users stuck with manual OAuth API setup instead of gallery integration
- Enterprise pricing tier requirement puts SCIM out of reach for smaller sales teams
- User deactivation only locks accounts rather than fully removing them
Having to manage two separate Okta apps for the same service is just poor architecture. Why can't SCIM and SSO be in the same integration?
The fact that Azure doesn't have a gallery app for provisioning means we're stuck building custom connectors or doing manual API work.
The recurring theme
Outreach's SCIM works but requires technical workarounds and separate app management that creates unnecessary complexity for IT teams.
The decision
| Your Situation | Recommendation |
|---|---|
| Need SCIM but don't have Enterprise plan | Use Stitchflow: avoid the $100-160/user/month Enterprise upgrade |
| Using Azure AD/Entra ID for identity | Use Stitchflow: skip the custom OAuth SCIM API setup |
| Want SCIM and SSO in one streamlined setup | Use Stitchflow: avoid managing separate Okta apps |
| Already on Enterprise with Okta | Use native SCIM: you're paying for it |
| Small sales team, low turnover | Manual provisioning may work: but watch for security gaps |
The bottom line
Outreach gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the Outreach workflow gap
Outreach gates SCIM behind Enterprise, but the bigger issue is the workflow around it. Stitchflow builds and maintains the offboarding, access review, or license workflow underneath.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- SCIM and SSO must be separate Okta apps
- Azure SCIM via API (no gallery app)
- User import limited to specific plans
- Groups sync as Teams
- Deactivation locks users, doesn't delete
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
SCIM app must be separate from SSO app in Okta. Requires Okta Lifecycle Management subscription. Custom attribute roleName uses urn:ietf:params:scim:schemas:extension:outreach:2.0:User namespace. Deactivation locks (not deletes) users.
Outreach gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
No pre-built Entra gallery app for provisioning. SSO via non-gallery enterprise app with SAML. For SCIM, use Outreach's OAuth-based SCIM API manually or via BYOA SCIM connector.
Use Stitchflow for automated provisioning.
Close the workflow gap in
Outreach
Outreach gates SCIM behind Enterprise plan. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across your stack.
Start with the free gap diagnostic
