Summary and recommendation
PandaDoc supports SCIM, but only the outdated SCIM 1.1 protocol on Enterprise plans with additional fees. The implementation is severely limited: it can only create and delete users—no attribute updates whatsoever. This means when employees change roles, departments, or access requirements, IT teams must manually update their PandaDoc profiles. The setup also requires contacting PandaDoc Support, and you can't use JIT provisioning alongside SCIM.
For document automation platforms handling sensitive contracts and legal documents, this creates a significant operational gap. Manual user management becomes a bottleneck as teams scale, and the inability to update user attributes means stale permissions and potential compliance issues. SSO handles authentication, but without proper provisioning automation, you're still managing user lifecycle events manually—exactly what SCIM should eliminate.
The strategic alternative
PandaDoc gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages PandaDoc accounts manually. Here's what that costs:
The PandaDoc pricing problem
PandaDoc gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Starter | $19-35/user/mo | ||
| Business | $49-65/user/mo | ||
| Enterprise | $59+/user/mo | SCIM 1.1 only |
Note: SCIM requires Enterprise plan plus additional fees. Only create and delete operations supported - no user attribute updates.
What this means in practice
Using current list prices (Business → Enterprise for SCIM access):
| Team Size | Minimum Upgrade Cost | Additional SCIM Fees |
|---|---|---|
| 25 users | +$3,000/year | Unknown (contact sales) |
| 50 users | +$6,000/year | Unknown (contact sales) |
| 100 users | +$12,000/year | Unknown (contact sales) |
Calculation: ($59 - $49) × users × 12 months, plus undisclosed SCIM fees
Additional constraints
Summary of challenges
- PandaDoc supports SCIM but only at Enterprise tier (custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
PandaDoc doesn't sell SCIM separately. It's bundled with Enterprise features and requires additional fees beyond the base Enterprise price:
The catch: PandaDoc only supports outdated SCIM 1.1 (not the modern 2.0 standard), and you can't update user attributes - only create and delete accounts. You also can't use JIT provisioning if you enable SCIM.
Stitchflow Insight
If you need Enterprise security controls anyway, the upgrade may make sense. But if you just want modern automated provisioning, you're paying premium Enterprise prices for a limited SCIM implementation. We estimate ~60% of Enterprise features are irrelevant for teams that only need user provisioning, and the SCIM 1.1 limitation means you'll still need manual attribute management.
What IT admins are saying
Community sentiment on PandaDoc's SCIM implementation is consistently frustrated. Common complaints:
- SCIM 1.1 only - no support for the modern SCIM 2.0 standard
- Create and delete operations only - cannot update user attributes
- Enterprise tier requirement with additional fees on top of base pricing
- JIT provisioning and SCIM are mutually exclusive (can't use both)
Only SCIM 1.1 supported
SCIM setup requires PandaDoc Support
The recurring theme
PandaDoc offers SCIM but with significant technical limitations that make it feel like a half-built feature locked behind premium pricing.
The decision
| Your Situation | Recommendation |
|---|---|
| On Starter/Business, need SCIM | Use Stitchflow: avoid the Enterprise tier jump and extra SCIM fees |
| Already on Enterprise but SCIM costs extra | Use Stitchflow: save on add-on fees while getting full SCIM 2.0 |
| On Enterprise with SCIM included | Evaluate native vs. Stitchflow: weigh limitations against what you're paying |
| Need user attribute updates | Use Stitchflow: native SCIM only does create/delete |
| Using JIT provisioning successfully | Consider staying: but remember JIT and SCIM are mutually exclusive |
The bottom line
PandaDoc gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Make PandaDoc workflows AI-native
PandaDoc gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- SCIM 1.1 only - SCIM 2.0 not supported
- Only create and delete - no updates
- Enterprise plan required with extra fees
- JIT and SCIM mutually exclusive
- SCIM setup requires PandaDoc Support
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Aquera connector in OIN. Alternatively, use SCIM 1.1 Test App (Header Auth). Add 'Bearer' before API key. Create/delete only - no updates. SCIM setup requires PandaDoc Support.
PandaDoc gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
SSO tutorial available. SCIM 1.1 only (not 2.0). Add 'Bearer' before key in Tenant URL. Create/delete only - no update or read operations. JIT and SCIM mutually exclusive.
PandaDoc gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
PandaDoc
PandaDoc gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
