Summary and recommendation
Qualys, the leading vulnerability management and security platform, does not offer SCIM provisioning on any plan. While Qualys supports SAML SSO integration with identity providers like Okta and Entra ID for authentication, user provisioning must be handled entirely through manual processes via their web console or API calls. This creates a significant operational burden for IT teams managing security tool access across large organizations.
The lack of automated provisioning is particularly problematic for security teams who need to rapidly onboard and offboard users across multiple Qualys modules (VMDR, CSAM, TotalCloud, etc.). Manual user management increases the risk of orphaned accounts with excessive privileges - exactly the security gaps that vulnerability management platforms are designed to prevent. For compliance-focused organizations, this manual process makes it difficult to demonstrate proper access controls and timely deprovisioning.
The strategic alternative
Qualys has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | SSO only via SAML |
| Microsoft Entra ID | ✓ | ❌ | SSO via SAML only |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Qualys accounts manually. Here's what that costs:
The Qualys pricing problem
Qualys gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | Custom quote | ||
| Business | Custom quote | ||
| Enterprise | Custom quote |
Provisioning options
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | Custom quote | ||
| Business | Custom quote | ||
| Enterprise | Custom quote |
What this means in practice
No automated user lifecycle management: IT teams must manually create, update, and deactivate user accounts in Qualys when employees join, change roles, or leave the organization. This creates security risks when departing employees retain access to vulnerability data and scanning capabilities.
API-only bulk operations: While Qualys provides REST APIs for user management, these require custom scripting and ongoing maintenance. IT teams must build their own automation workflows, handle API authentication, and manage error handling - effectively creating a DIY provisioning solution.
Disconnected from IdP workflows: Changes in your identity provider (new hires, role changes, terminations) don't automatically sync to Qualys, creating gaps in your security posture management.
Additional constraints
Summary of challenges
- Qualys does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Qualys actually offers for identity
SAML SSO (Available across plans)
Qualys supports SAML 2.0 single sign-on integration with enterprise identity providers:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, Microsoft Entra ID, Google Workspace |
| Configuration | Manual XML metadata exchange |
| User requirement | Must pre-create accounts in Qualys before SSO login |
Critical limitation: SSO only handles authentication. User accounts must be manually created in the Qualys platform before users can authenticate via SAML.
Okta Integration (via OIN)
The official Okta Integration Network listing for Qualys shows:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| OIDC SSO | ❌ No |
| Create users | ❌ No |
| Update users | ❌ No |
| Deactivate users | ❌ No |
| Group push | ❌ No |
Microsoft Entra ID Integration
Similar story in the Microsoft ecosystem:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| Create users | ❌ No |
| Update users | ❌ No |
| Delete users | ❌ No |
| Sync groups | ❌ No |
The reality
Qualys provides authentication through SAML SSO but zero provisioning capabilities. IT teams must:
For an enterprise security platform managing vulnerability assessments and compliance, manual user management creates obvious security and operational risks.
What IT admins are saying
Qualys's lack of automated provisioning creates operational overhead for security teams managing user access:
- Manual user provisioning through console or API calls
- No automated deprovisioning when employees leave
- Time-consuming user management for enterprise security tools
- SSO authentication available but no account lifecycle automation
You have to manually create users in Qualys even after setting up SSO. There's no automatic provisioning from our IdP.
We love Qualys for vulnerability management, but the user management piece is still very manual. Every new hire in security needs to be added by hand.
The recurring theme
While Qualys provides robust security scanning capabilities, IT teams must manually manage user accounts separate from their identity provider, creating administrative burden for what should be an automated workflow.
The decision
| Your Situation | Recommendation |
|---|---|
| Small security team (<20 users) with low turnover | Manual management via Qualys console is manageable |
| Medium organization (20-100 users) with regular access changes | Use Stitchflow: manual provisioning becomes error-prone |
| Enterprise with compliance requirements (SOC 2, ISO 27001) | Use Stitchflow: automation essential for audit trail |
| Multi-subsidiary deployments with centralized IT | Use Stitchflow: automation critical for scale |
| Organizations requiring rapid onboarding/offboarding | Use Stitchflow: manual processes create security gaps |
The bottom line
Qualys provides enterprise-grade vulnerability management but offers zero provisioning automation—no SCIM, no native IdP integrations beyond basic SSO. For security teams that can't afford manual user management delays or compliance gaps, Stitchflow delivers the automation Qualys should have built.
Make Qualys workflows AI-native
Qualys has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No SCIM support available
- Manual user management via API or console
- SSO available for authentication
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
SSO only via SAML
Use Stitchflow for automated provisioning.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app
Where to enable
SSO via SAML only
Use Stitchflow for automated provisioning.
Unlock SCIM for
Qualys
Qualys has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
