Stitchflow
Back to directory
Redash logo

Redash SCIM guide

Connector Only

How to automate Redash user provisioning, and what it actually costs

Summary and recommendation

Redash, the open-source data visualization platform, does not support SCIM provisioning. Since Databricks discontinued the cloud service in November 2021, Redash is now only available as a self-hosted solution with SAML 2.0 SSO and JIT (Just-In-Time) provisioning. Users are automatically created on their first SAML login, with group membership controlled through the RedashGroups SAML attribute. While this works for small teams, it creates significant operational overhead for larger organizations that need predictable user lifecycle management.

The JIT-only approach means IT teams have no visibility into who will have access until users actually log in, making it impossible to audit access rights or ensure proper deprovisioning when employees leave. For organizations using Redash for sensitive business intelligence and data visualization, this creates compliance gaps and security risks. Self-hosting requirements add additional complexity, as teams must manage both the application infrastructure and user provisioning workflows manually.

The strategic alternative

Stitchflow provides SCIM-level provisioning through resilient browser automation for self-hosted Redash deployments, eliminating the need for JIT provisioning and manual user management. Works with any identity provider (Okta, Entra, Google Workspace, OneLogin) and includes automated deprovisioning workflows. Flat pricing under $5K/year, regardless of team size.

Quick SCIM facts

SCIM available?No
SCIM tier requiredN/A
SSO required first?No
SSO available?Yes
SSO protocolSAML 2.0
DocumentationNot available

Supported identity providers

IdPSSOSCIMNotes
OktaSAML SSO only. No SCIM provisioning. JIT provisioning creates users on first login.
Microsoft Entra IDSAML SSO only. No SCIM provisioning. JIT provisioning creates users on first login.
Google WorkspaceVia third-partyNo native support
OneLoginVia third-partyNo native support

The cost of not automating

Without SCIM (or an alternative like Stitchflow), your IT team manages Redash accounts manually. Here's what that costs:

Source: Stitchflow aggregate data across apps with 2+ instances, normalized to 500 employees
Orphaned accounts (ex-employees with access)7
Unused licenses12
IT hours spent on manual management/year101 hours
Unused license cost/year$3,925
IT labor cost/year$6,088
Cost of compliance misses/year$1,741
Total annual financial impact$11,754

The Redash pricing problem

Redash gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.

Tier comparison

PlanPriceSSOSCIM
Self-hostedFree (open source)
Third-party hosting~$49/user/month

Pricing structure

PlanPriceSSOSCIM
Self-hostedFree (open source)
Third-party hosting~$49/user/month

Self-hosting requirements

Infrastructure costs (servers, maintenance, updates)
DevOps resources for deployment and monitoring
Manual configuration of SAML integration
No official support (community-driven development)

What this means in practice

For a 50-user deployment

Third-party hosting
~$29,400/year just for hosting
Self-hosting
"Free" software + infrastructure and DevOps overhead
User provisioning
Manual account creation or wait for JIT on first login
Group management
RedashGroups SAML attribute only

JIT provisioning limitations

Users don't exist until they log in for the first time
No ability to pre-provision accounts or set permissions
Group membership depends on SAML attribute configuration
Deprovisioning requires manual account deletion

Additional constraints

Development uncertainty
Project development has slowed significantly since the Databricks acquisition
No enterprise features
Missing advanced user management, audit logs, and enterprise security controls
Self-hosting burden
IT teams must handle deployment, scaling, security patching, and backup strategies
Limited integration ecosystem
Fewer third-party connectors compared to modern BI platforms
Community support only
No official support channel or SLA guarantees

Summary of challenges

  • Redash does not provide native SCIM at any price tier
  • Organizations must rely on third-party tools or manual provisioning
  • Our research shows teams manually provisioning this app spend significant hidden costs annually

What Redash actually offers for identity

SAML SSO (Self-hosted only)

Redash supports SAML 2.0 integration for single sign-on:

SettingDetails
ProtocolSAML 2.0
Supported IdPsOkta, Azure AD/Entra, Google Workspace, OneLogin, generic SAML
ConfigurationStatic XML metadata or dynamic metadata URL
User creationJIT (Just-in-Time) provisioning on first login
Group mappingVia RedashGroups SAML attribute

Critical context: Redash shut down its cloud service in November 2021 after Databricks acquired the company. You can only use the self-hosted open-source version now.

What's missing: Any provisioning automation

FeatureSupported?
SCIM provisioning❌ No
Automated user creation❌ No (JIT only)
Automated user updates❌ No
Automated user deactivation❌ No
Group-based access control⚠️ Limited (SAML attribute only)

Translation: Redash offers basic SAML SSO with JIT provisioning, but zero automation for user lifecycle management. Users are created when they first log in via SAML, and group membership is controlled through a single SAML attribute (RedashGroups).

The self-hosted requirement means you'll need to maintain your own Redash instance and configure SAML authentication yourself. Third-party hosting providers like Elestio charge around $49/user/month for managed Redash hosting.

What IT admins are saying

Redash's discontinued cloud service and JIT-only provisioning creates ongoing challenges for IT teams:

  • Cloud version shut down after Databricks acquisition, forcing migration to self-hosted
  • No SCIM support means manual user management even with SSO configured
  • Development has significantly slowed since the acquisition
  • Self-hosted deployment adds infrastructure overhead and maintenance burden

Cloud version discontinued after Databricks acquisition

Community feedback on service changes

Development has slowed significantly

User concerns about project future

The recurring theme

IT teams are stuck managing a self-hosted data visualization tool with no automated provisioning, while wondering about the project's long-term viability after its commercial cloud service was discontinued.

The decision

Your SituationRecommendation
Small data team (<10 users) self-hostingManual user management is workable
Open source evaluation or proof-of-conceptUse native JIT provisioning via SAML
Growing analytics team (15+ users)Use Stitchflow: automation essential for user lifecycle
Enterprise with compliance requirementsUse Stitchflow: automation required for audit trail
Multi-environment deployments (dev/staging/prod)Use Stitchflow: automation strongly recommended

The bottom line

Redash is a capable open-source BI tool, but it's stuck in the pre-SCIM era with only JIT provisioning through SAML. With the cloud version discontinued and development momentum slowed, managing user access manually becomes a growing burden for any team beyond basic usage. For organizations that need reliable provisioning automation, Stitchflow eliminates the manual overhead while working with your self-hosted Redash deployment.

Automate Redash without third-party complexity

Stitchflow delivers SCIM-level provisioning through resilient browser automation, backed by 24/7 human in the loop for Redash at <$5K/year, flat, regardless of team size.

Works alongside or instead of native SCIM
Syncs with your existing IdP (Okta, Entra ID, Google Workspace)
Automates onboarding and offboarding
SOC 2 Type II certified
24/7 human-in-the-loop monitoring
Book a Demo

Technical specifications

SCIM Version

Not specified

Supported Operations

Not specified

Supported Attributes

No SCIM - JIT provisioning onlyGroup mapping via RedashGroups SAML attributeSelf-hosted configuration requiredCloud version discontinued

Plan requirement

Not specified

Prerequisites

Not specified

Key limitations

  • No SCIM - JIT provisioning only
  • Group mapping via RedashGroups SAML attribute
  • Self-hosted configuration required
  • Cloud version discontinued

Documentation not available.

Unlock SCIM for
Redash

Redash doesn't offer SCIM. Get an enterprise-grade SCIM endpoint in your IdP, even without native support.

See how it works
Admin Console
Directory
Applications
Redash logo
Redash
via Stitchflow

Last updated: 2026-01-11

* Pricing and features sourced from public documentation.

Keep exploring

Related apps

Apache Superset logo

Apache Superset

No SCIM

Business Intelligence / Data Visualization

ProvisioningNot Supported
Manual Cost$11,754/yr

Apache Superset, the open-source business intelligence platform, provides no native SCIM provisioning capabilities. While Superset supports various authentication methods including OAuth2, OIDC, and LDAP, SAML SSO requires custom development through a CustomSsoSecurityManager class implementation. Even with SSO configured, user provisioning must be handled manually or through Superset's beta User API, which isn't enabled by default and requires additional configuration in superset_config.py. This creates a significant operational burden for IT teams managing data analysts, engineers, and business users who need access to dashboards and datasets. The lack of automated provisioning means manual account creation for every new hire, plus ongoing management of complex dashboard permissions and row-level security settings. For organizations running self-hosted Superset instances, this translates to custom development work just to achieve basic enterprise SSO integration, let alone automated user lifecycle management.

View full guide
Tableau logo

Tableau

SCIM Tax

Business Intelligence / Data Visualization

SCIM StatusIncluded
Manual Cost$11,754/yr

Tableau supports SCIM 2.0 for automated user provisioning across all Tableau Cloud tiers, starting at $75/user/month for Creator licenses. However, SCIM requires SAML SSO to be configured first—you cannot enable SCIM provisioning without SSO. Once SCIM is active, any changes made directly in Tableau Cloud get overwritten by your identity provider, and you cannot disable SAML configuration while SCIM remains enabled. This creates operational friction for IT teams managing mixed authentication scenarios or organizations that need flexibility in user management approaches. The SAML prerequisite means you're locked into a specific authentication flow, and the overwrite behavior can disrupt workflows when users or admins make direct changes in Tableau that then get reverted during the next sync cycle.

View full guide
6sense logo

6sense

No SCIM

B2B Revenue Intelligence / ABM

ProvisioningNot Supported
Manual Cost$11,754/yr

6sense, the B2B revenue intelligence platform, has paused SCIM provisioning for new customers until Q4 2026. While existing customers with SCIM enabled can continue using it, new implementations are limited to JIT (Just-In-Time) provisioning through SAML SSO. This creates a significant gap for IT teams managing revenue intelligence access, as JIT only creates users on first login and provides minimal attribute mapping (email, first name, last name only). For an enterprise platform with typical pricing of $55,000-$130,000 annually, the absence of automated user lifecycle management is a substantial limitation. The lack of SCIM until Q4 2026 forces IT teams into manual provisioning workflows for a platform handling sensitive revenue data. While SAML SSO handles authentication, it doesn't address user lifecycle events like role changes, department transfers, or offboarding. This creates compliance risks in revenue teams where access to prospect data and sales intelligence must be tightly controlled. The nearly two-year wait for SCIM restoration means organizations implementing 6sense today face manual user management for the foreseeable future.

View full guide