Stitchflow
Back to directory
Redash logo

Redash SCIM guide

Connector Only

How to automate Redash user provisioning, and what it actually costs

Summary and recommendation

Redash, the open-source data visualization platform, does not support SCIM provisioning. Since Databricks discontinued the cloud service in November 2021, Redash is now only available as a self-hosted solution with SAML 2.0 SSO and JIT (Just-In-Time) provisioning. Users are automatically created on their first SAML login, with group membership controlled through the RedashGroups SAML attribute. While this works for small teams, it creates significant operational overhead for larger organizations that need predictable user lifecycle management.

The JIT-only approach means IT teams have no visibility into who will have access until users actually log in, making it impossible to audit access rights or ensure proper deprovisioning when employees leave. For organizations using Redash for sensitive business intelligence and data visualization, this creates compliance gaps and security risks. Self-hosting requirements add additional complexity, as teams must manage both the application infrastructure and user provisioning workflows manually.

The strategic alternative

Redash has no native SCIM. That leaves a workflow gap in offboarding, access reviews, and license cleanup unless your team handles the app another way. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.

Quick SCIM facts

SCIM available?No
SCIM tier requiredN/A
SSO required first?No
SSO available?Yes
SSO protocolSAML 2.0
DocumentationNot available

Supported identity providers

IdPSSOSCIMNotes
OktaSAML SSO only. No SCIM provisioning. JIT provisioning creates users on first login.
Microsoft Entra IDSAML SSO only. No SCIM provisioning. JIT provisioning creates users on first login.
Google WorkspaceVia third-partyNo native support
OneLoginVia third-partyNo native support

The cost of not automating

Without SCIM (or an alternative like Stitchflow), your IT team manages Redash accounts manually. Here's what that costs:

Source: Stitchflow aggregate data across apps with 2+ instances, normalized to 500 employees
Orphaned accounts (ex-employees with access)7
Unused licenses12
IT hours spent on manual management/year101 hours
Unused license cost/year$3,925
IT labor cost/year$6,088
Cost of compliance misses/year$1,741
Total annual financial impact$11,754

The Redash pricing problem

Redash gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.

Tier comparison

PlanPriceSSOSCIM
Self-hostedFree (open source)
Third-party hosting~$49/user/month

Pricing structure

PlanPriceSSOSCIM
Self-hostedFree (open source)
Third-party hosting~$49/user/month

Self-hosting requirements

Infrastructure costs (servers, maintenance, updates)
DevOps resources for deployment and monitoring
Manual configuration of SAML integration
No official support (community-driven development)

What this means in practice

For a 50-user deployment

Third-party hosting
~$29,400/year just for hosting
Self-hosting
"Free" software + infrastructure and DevOps overhead
User provisioning
Manual account creation or wait for JIT on first login
Group management
RedashGroups SAML attribute only

JIT provisioning limitations

Users don't exist until they log in for the first time
No ability to pre-provision accounts or set permissions
Group membership depends on SAML attribute configuration
Deprovisioning requires manual account deletion

Additional constraints

Development uncertainty
Project development has slowed significantly since the Databricks acquisition
No enterprise features
Missing advanced user management, audit logs, and enterprise security controls
Self-hosting burden
IT teams must handle deployment, scaling, security patching, and backup strategies
Limited integration ecosystem
Fewer third-party connectors compared to modern BI platforms
Community support only
No official support channel or SLA guarantees

Summary of challenges

  • Redash does not provide native SCIM at any price tier
  • Organizations must rely on third-party tools or manual provisioning
  • Our research shows teams manually provisioning this app spend significant hidden costs annually

What Redash actually offers for identity

SAML SSO (Self-hosted only)

Redash supports SAML 2.0 integration for single sign-on:

SettingDetails
ProtocolSAML 2.0
Supported IdPsOkta, Azure AD/Entra, Google Workspace, OneLogin, generic SAML
ConfigurationStatic XML metadata or dynamic metadata URL
User creationJIT (Just-in-Time) provisioning on first login
Group mappingVia RedashGroups SAML attribute

Critical context: Redash shut down its cloud service in November 2021 after Databricks acquired the company. You can only use the self-hosted open-source version now.

What's missing: Any provisioning automation

FeatureSupported?
SCIM provisioning❌ No
Automated user creation❌ No (JIT only)
Automated user updates❌ No
Automated user deactivation❌ No
Group-based access control⚠️ Limited (SAML attribute only)

Translation: Redash offers basic SAML SSO with JIT provisioning, but zero automation for user lifecycle management. Users are created when they first log in via SAML, and group membership is controlled through a single SAML attribute (RedashGroups).

The self-hosted requirement means you'll need to maintain your own Redash instance and configure SAML authentication yourself. Third-party hosting providers like Elestio charge around $49/user/month for managed Redash hosting.

What IT admins are saying

Redash's discontinued cloud service and JIT-only provisioning creates ongoing challenges for IT teams:

  • Cloud version shut down after Databricks acquisition, forcing migration to self-hosted
  • No SCIM support means manual user management even with SSO configured
  • Development has significantly slowed since the acquisition
  • Self-hosted deployment adds infrastructure overhead and maintenance burden

Cloud version discontinued after Databricks acquisition

Community feedback on service changes

Development has slowed significantly

User concerns about project future

The recurring theme

IT teams are stuck managing a self-hosted data visualization tool with no automated provisioning, while wondering about the project's long-term viability after its commercial cloud service was discontinued.

The decision

Your SituationRecommendation
Small data team (<10 users) self-hostingManual user management is workable
Open source evaluation or proof-of-conceptUse native JIT provisioning via SAML
Growing analytics team (15+ users)Use Stitchflow: automation essential for user lifecycle
Enterprise with compliance requirementsUse Stitchflow: automation required for audit trail
Multi-environment deployments (dev/staging/prod)Use Stitchflow: automation strongly recommended

The bottom line

Redash has no native SCIM. That means one more workflow gap in offboarding, access reviews, and license cleanup unless your team handles it another way.

Close the Redash workflow gap

Redash is one gap in a broader workflow. Stitchflow builds and maintains the offboarding, access review, or license workflow across every app in your environment.

Across every app in the workflow, including the ones without APIs
Built in less than a week, with roughly 2 hours from your team
You review the exceptions. Stitchflow maintains the workflow underneath
Start with the free gap diagnostic

Technical specifications

SCIM Version

Not specified

Supported Operations

Not specified

Supported Attributes

No SCIM - JIT provisioning onlyGroup mapping via RedashGroups SAML attributeSelf-hosted configuration requiredCloud version discontinued

Plan requirement

Not specified

Prerequisites

Not specified

Key limitations

  • No SCIM - JIT provisioning only
  • Group mapping via RedashGroups SAML attribute
  • Self-hosted configuration required
  • Cloud version discontinued

Documentation not available.

Close the workflow gap in
Redash

Redash has no native SCIM. That leaves one more workflow gap in offboarding, access reviews, and license cleanup unless your team handles it another way.

Start with the free gap diagnostic
Admin Console
Directory
Applications
Redash logo
Redash
via Stitchflow

Last updated: 2026-01-11

* Pricing and features sourced from public documentation.

Keep exploring

Related apps

Apache Superset logo

Apache Superset

No SCIM

Business Intelligence / Data Visualization

ProvisioningNot Supported
Manual Cost$11,754/yr

Apache Superset, the open-source business intelligence platform, provides no native SCIM provisioning capabilities. While Superset supports various authentication methods including OAuth2, OIDC, and LDAP, SAML SSO requires custom development through a CustomSsoSecurityManager class implementation. Even with SSO configured, user provisioning must be handled manually or through Superset's beta User API, which isn't enabled by default and requires additional configuration in superset_config.py. This creates a significant operational burden for IT teams managing data analysts, engineers, and business users who need access to dashboards and datasets. The lack of automated provisioning means manual account creation for every new hire, plus ongoing management of complex dashboard permissions and row-level security settings. For organizations running self-hosted Superset instances, this translates to custom development work just to achieve basic enterprise SSO integration, let alone automated user lifecycle management.

View full guide
Tableau logo

Tableau

SCIM Tax

Business Intelligence / Data Visualization

SCIM StatusIncluded
Manual Cost$11,754/yr

Tableau supports SCIM 2.0 for automated user provisioning across all Tableau Cloud tiers, starting at $75/user/month for Creator licenses. However, SCIM requires SAML SSO to be configured first—you cannot enable SCIM provisioning without SSO. Once SCIM is active, any changes made directly in Tableau Cloud get overwritten by your identity provider, and you cannot disable SAML configuration while SCIM remains enabled. This creates operational friction for IT teams managing mixed authentication scenarios or organizations that need flexibility in user management approaches. The SAML prerequisite means you're locked into a specific authentication flow, and the overwrite behavior can disrupt workflows when users or admins make direct changes in Tableau that then get reverted during the next sync cycle.

View full guide
6sense logo

6sense

No SCIM

B2B Revenue Intelligence / ABM

ProvisioningNot Supported
Manual Cost$11,754/yr

6sense, the B2B revenue intelligence platform, has paused SCIM provisioning for new customers until Q4 2026. While existing customers with SCIM enabled can continue using it, new implementations are limited to JIT (Just-In-Time) provisioning through SAML SSO. This creates a significant gap for IT teams managing revenue intelligence access, as JIT only creates users on first login and provides minimal attribute mapping (email, first name, last name only). For an enterprise platform with typical pricing of $55,000-$130,000 annually, the absence of automated user lifecycle management is a substantial limitation. The lack of SCIM until Q4 2026 forces IT teams into manual provisioning workflows for a platform handling sensitive revenue data. While SAML SSO handles authentication, it doesn't address user lifecycle events like role changes, department transfers, or offboarding. This creates compliance risks in revenue teams where access to prospect data and sales intelligence must be tightly controlled. The nearly two-year wait for SCIM restoration means organizations implementing 6sense today face manual user management for the foreseeable future.

View full guide