Summary and recommendation
Relativity, the enterprise eDiscovery platform used by law firms and corporate legal departments, does not support native SCIM provisioning on any plan. While Relativity integrates with identity providers like Okta and Entra ID for SAML 2.0 SSO, user provisioning relies entirely on Just-in-Time (JIT) provisioning. This creates a significant operational gap: JIT only creates user accounts on first authentication and cannot update user attributes, assign proper permissions, or handle deprovisioning when employees leave or change roles.
For legal organizations managing sensitive case data and strict compliance requirements, this limitation creates serious security risks. Users retain access until manually deprovisioned, and there's no automated way to update user attributes or group memberships as organizational roles change. The lack of proper lifecycle management is particularly problematic given Relativity's usage-based pricing model—orphaned accounts continue accruing costs while potentially exposing confidential legal data.
The strategic alternative
Relativity has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | SSO via SAML 2.0 and OpenID Connect. Group Linking and Schema Discovery available but no SCIM user provisioning. |
| Microsoft Entra ID | ✓ | ❌ | SSO via SAML 2.0 or OpenID Connect. JIT provisioning supported. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Relativity accounts manually. Here's what that costs:
The Relativity pricing problem
Relativity gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| RelativityOne | Custom (usage-based, per-GB) |
Pricing and provisioning options
| Plan | Pricing | SCIM | SSO |
|---|---|---|---|
| RelativityOne | Custom (usage-based, per-GB) | ❌ Not available | ✓ SAML 2.0/OIDC |
Pricing context
What this means in practice
JIT provisioning limitations
Real-world scenario: When a legal team member leaves, their Relativity access remains active even after you disable their corporate account. IT must manually track and remove these orphaned accounts across potentially multiple Relativity instances.
Additional constraints
Summary of challenges
- Relativity does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Relativity actually offers for identity
SAML SSO (Standard)
Relativity supports federated authentication through multiple protocols:
| Protocol | Supported |
|---|---|
| SAML 2.0 | ✓ Yes |
| OpenID Connect | ✓ Yes |
| JIT provisioning | ✓ Yes (basic) |
| User attribute updates | ❌ No |
Critical limitation: JIT provisioning only creates users on first login. Once created, user attributes (email, role assignments, group memberships) are never updated automatically, even if they change in your IdP.
Okta Integration (via OIN)
The official Okta Integration Network listing for Relativity shows:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| OIDC SSO | ✓ Yes |
| Create users | ✓ Yes (JIT only) |
| Update users | ❌ No |
| Deactivate users | ❌ No |
| Group push | ❌ No |
| SCIM provisioning | ❌ No |
Additional complexity: RelativityOne and Relativity Server maintain separate user stores. Multi-instance SSO requires RelativityOne Connect licensing.
Microsoft Entra Integration
Entra ID supports SAML 2.0 and OpenID Connect for Relativity with the same JIT limitations:
The core problem: Relativity's JIT approach creates a one-time snapshot of user data. Any subsequent changes in your identity provider (role updates, group changes, user deactivation) never sync to Relativity, forcing manual administration.
What IT admins are saying
Relativity's reliance on JIT provisioning instead of proper SCIM creates ongoing headaches for IT teams managing eDiscovery access:
- Users must authenticate before their accounts are created, causing confusion during onboarding
- User attributes never update after initial JIT creation - outdated department, role, and contact information persist indefinitely
- No way to pre-provision accounts or bulk manage user lifecycle changes
- Complex pricing model makes it difficult to predict costs when adding users at scale
JIT provisioning supported
Group Linking and Schema Discovery available but no SCIM user provisioning
The recurring theme
IT teams are stuck with a "set it and forget it" approach that works poorly in practice. Once users are created via JIT, there's no automated way to keep their information current or manage their lifecycle, forcing manual intervention for any user management beyond initial login.
The decision
| Your Situation | Recommendation |
|---|---|
| Small legal team (<20 users, minimal case volume) | Manual management is acceptable |
| Established firm with stable paralegal/attorney roster | Manual management with SSO for authentication |
| Large law firm or corporate legal department (50+ users) | Use Stitchflow: automation essential for case staffing |
| Multi-matter environment with frequent user role changes | Use Stitchflow: automation essential for access control |
| eDiscovery service provider with client-based provisioning | Use Stitchflow: automation strongly recommended |
The bottom line
Relativity is the industry standard for eDiscovery, but it offers only JIT provisioning—users are created once on first login, then never updated. For legal teams managing complex case access and evolving user roles across matters, Stitchflow delivers the SCIM-level automation that Relativity doesn't provide.
Make Relativity workflows AI-native
Relativity has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No native SCIM endpoint - uses JIT provisioning instead
- JIT provisioning creates users on first authentication only
- User attributes not automatically updated after initial creation
- Separate user stores between Relativity Server and RelativityOne
- Usage-based pricing with volume discounts up to 50%
- Requires RelativityOne Connect for multi-instance SSO
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
SSO via SAML 2.0 and OpenID Connect. Group Linking and Schema Discovery available but no SCIM user provisioning.
Use Stitchflow for automated provisioning.
Unlock SCIM for
Relativity
Relativity has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
