Summary and recommendation
Postman supports SCIM provisioning, but only on Enterprise plans at ~$49/user/month annually. This creates a significant barrier: teams on Basic ($19/user/month) or Professional ($39/user/month) face a 26-63% price increase just to unlock automated user provisioning. The setup also requires SSO to be configured first and restricts you to a single SSO method when using SCIM—limiting flexibility for organizations with complex identity requirements.
For a 50-person development team, upgrading from Professional to Enterprise solely for SCIM costs an extra $6,000/year. That's expensive automation for what should be a basic IT management capability, especially when your developers just need reliable access to API workspaces and testing environments.
The strategic alternative
Postman gates SCIM behind Enterprise. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across the rest of your stack. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Postman accounts manually. Here's what that costs:
The Postman pricing problem
Postman gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure (Annual Billing)
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Basic | $19/user/mo | ||
| Professional | $39/user/mo | ||
| Enterprise | $49/user/mo |
Note: Free plan available for up to 3 users. SCIM requires SSO to be configured first and only supports one SSO method when SCIM is active.
What this means in practice
Using current list prices (Professional → Enterprise for SCIM access):
| Team Size | Annual Upgrade Cost | Total Enterprise Cost |
|---|---|---|
| 25 developers | +$3,000/year | $14,700/year |
| 50 developers | +$6,000/year | $29,400/year |
| 100 developers | +$12,000/year | $58,800/year |
Calculation: ($49 - $39) × users × 12 months for upgrade cost
Additional constraints
Summary of challenges
- Postman supports SCIM but only at Enterprise tier (~$49/user/mo annual - Enterprise)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Postman doesn't sell SCIM à la carte. It's bundled with Enterprise features at ~$49/user/month:
Stitchflow Insight
The catch: you can only use one SSO method when SCIM is enabled, and SSO must be configured first. For development teams that just need automated user provisioning for API workspaces, you're paying for enterprise governance features you likely won't use. We estimate ~60% of Enterprise features are irrelevant for teams that only need SCIM provisioning.
What IT admins are saying
Community sentiment on Postman's SCIM requirements centers around the Enterprise pricing barrier and SSO complexity. Common complaints:
- Being locked into Enterprise plan at $49/user just for automated provisioning
- SSO prerequisite that adds unnecessary setup complexity
- Single SSO method limitation when SCIM is enabled
- No flexibility for teams that only need identity automation
Why do we need to pay Enterprise prices just to automate user provisioning? We don't need half the features in that tier.
The SSO requirement before SCIM is backwards - we want automated provisioning first, then SSO later.
The recurring theme
Postman treats SCIM as an enterprise-only feature despite it being a basic identity management need, forcing smaller dev teams to overpay or manage users manually.
The decision
| Your Situation | Recommendation |
|---|---|
| On Basic or Professional, need SCIM | Use Stitchflow: avoid the $10-30/user/mo tier jump to Enterprise |
| Already on Enterprise plan | Use native SCIM: you're paying for it |
| Need Enterprise features beyond SCIM (audit logs, advanced RBAC) | Evaluate Enterprise: SCIM comes bundled with other security features |
| Have complex SSO requirements (multiple identity providers) | Use Stitchflow: native SCIM restricts you to one SSO method |
| Small dev team, infrequent user changes | Manual may be acceptable: but watch for API credential sprawl |
The bottom line
Postman gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the Postman workflow gap
Postman gates SCIM behind Enterprise, but the bigger issue is the workflow around it. Stitchflow builds and maintains the offboarding, access review, or license workflow underneath.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- SCIM only on Enterprise plan
- SSO must be configured before SCIM
- Only one SSO method allowed if using SCIM
- Must be Team Admin or Super Admin to enable SCIM
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Enterprise required for SCIM
Postman gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Enterprise required for SCIM
Postman gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the workflow gap in
Postman
Postman gates SCIM behind Enterprise plan. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across your stack, and it can add a 158% markup just to get there.
Start with the free gap diagnostic
