Summary and recommendation
PDQ Deploy, the software deployment and patch management platform, does not support SCIM provisioning on any plan. While PDQ Connect (their cloud offering) supports Microsoft SSO via OIDC, this only handles authentication—user accounts must still be manually created and managed. The company's per-admin licensing model ($1,575/year per admin for unlimited endpoints) makes this particularly problematic since IT teams can't automatically provision new administrators or deprovision departing ones, creating both security risks and licensing inefficiencies.
This creates a significant operational gap for IT teams managing software deployments across large environments. Without automated provisioning, departing administrators retain system access until manually removed, while new hires face delays waiting for manual account creation. For organizations with compliance requirements, this manual process creates audit trail gaps and potential security vulnerabilities in a system that manages critical infrastructure deployments.
The strategic alternative
PDQ Deploy has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | Via third-party | ❌ | No Okta OIN integration found. PDQ uses OIDC-based SSO (Google, Microsoft). |
| Microsoft Entra ID | ✓ | ❌ | PDQ Connect supports Microsoft SSO via OIDC. No SAML or SCIM. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages PDQ Deploy accounts manually. Here's what that costs:
The PDQ Deploy pricing problem
PDQ Deploy gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Free | $0 | ||
| Standard | $1,575/yr per admin | ||
| Enterprise | Custom (15+ licenses) |
Pricing structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Free | $0 | ||
| Standard | $1,575/yr per admin | ||
| Enterprise | Custom (15+ licenses) |
What this means in practice
Manual user lifecycle management: IT admins must manually create, update, and deactivate PDQ Deploy admin accounts. When employees join, leave, or change roles, there's no automated way to reflect these changes in PDQ Deploy access.
Per-admin cost multiplication: Every admin account costs $1,575 annually. Organizations that need broad administrative access face significant scaling costs, with no automation to help manage the expanding user base.
Authentication complexity: PDQ Deploy uses OIDC-based SSO (Google, Microsoft, custom OIDC) rather than SAML, which may not align with enterprise identity architectures. The cloud PDQ Connect service has different authentication from the on-premises Deploy & Inventory tools.
Additional constraints
Summary of challenges
- PDQ Deploy does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What PDQ Deploy actually offers for identity
OIDC Authentication (Cloud only)
PDQ Connect (the cloud platform) supports basic OIDC authentication with select providers:
| Setting | Details |
|---|---|
| Protocol | OpenID Connect (OIDC) |
| Supported IdPs | Google Workspace, Microsoft Entra ID, custom OIDC providers |
| Configuration | Manual setup through PDQ Connect admin console |
| User requirement | Users must be manually added to PDQ Connect before authentication |
Critical limitation: This only applies to PDQ Connect. The core PDQ Deploy and Inventory products run on-premises with local authentication only.
What's Missing
PDQ Deploy lacks fundamental enterprise identity features:
The per-admin licensing model ($1,575/year per admin) means every user costs real money, but there's no way to automatically provision or deprovision them when employees join or leave. IT teams are stuck with manual user management across potentially hundreds of endpoints.
What IT admins are saying
PDQ Deploy's lack of automated provisioning creates manual overhead for IT teams managing software deployment access:
- Manual user management across PDQ Deploy, PDQ Inventory, and PDQ Connect
- No automated deprovisioning when employees leave the organization
- Per-admin licensing model makes it expensive to provision access broadly
- Different authentication methods between cloud (PDQ Connect) and on-premises tools
The licensing model is per-admin with unlimited endpoints, but that means we're really selective about who gets access since each admin seat costs $1,575/year.
PDQ Connect uses Microsoft SSO but the main Deploy and Inventory tools are separate - so we're managing user access in multiple places.
No SCIM means when someone leaves, we have to remember to manually remove them from PDQ - it's not automated through our identity provider like other tools.
The recurring theme
PDQ Deploy's high per-admin licensing costs and lack of automated provisioning force IT teams to manually manage a limited number of users, creating security risks when access isn't promptly removed.
The decision
| Your Situation | Recommendation |
|---|---|
| Small IT team (<10 endpoints) | Manual account management is acceptable |
| Stable infrastructure with minimal staff changes | Manual provisioning with OIDC SSO for authentication |
| Growing organization (50+ endpoints) | Use Stitchflow: automation essential for scale |
| Multiple PDQ admins across different teams | Use Stitchflow: centralized provisioning prevents access sprawl |
| Enterprise with compliance requirements | Use Stitchflow: automated audit trail required for endpoint management tools |
The bottom line
PDQ Deploy is essential for Windows endpoint management, but it has zero native provisioning capabilities and uses OIDC-only authentication. For IT teams managing multiple admins or facing compliance requirements, Stitchflow delivers the automated user lifecycle management that PDQ Deploy simply doesn't provide.
Make PDQ Deploy workflows AI-native
PDQ Deploy has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No native SCIM provisioning
- SSO via OIDC only (Google, Microsoft, custom OIDC)
- Per-admin licensing model with unlimited endpoints
- PDQ Connect (cloud) has different auth from Deploy & Inventory (on-prem)
Documentation not available.
Unlock SCIM for
PDQ Deploy
PDQ Deploy has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
