Summary and recommendation
Sage Intacct, the cloud financial management platform with pricing starting at $12,000-$35,000/year, does not offer native SCIM provisioning on any plan. While Sage provides SAML 2.0 SSO integration with major identity providers like Okta and Entra ID, user provisioning requires either manual API integration or third-party connectors like Aquera. This creates a significant operational burden for IT teams managing what is typically a critical financial system with strict access controls and compliance requirements.
The gap between SSO and provisioning is particularly problematic for financial applications like Sage Intacct. Finance teams frequently onboard contractors, auditors, and temporary staff who need immediate access to financial data, while terminated employees must be deprovisioned instantly to maintain SOX compliance and financial data security. Without automated provisioning, IT teams are forced into manual account creation and deletion processes that create compliance risks and operational delays.
The strategic alternative
Sage has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | Native Okta integration for SAML SSO. SCIM provisioning available via third-party Aquera connector. Aquera provides bi-directional sync for user lifecycle management. |
| Microsoft Entra ID | ✓ | ❌ | Microsoft Entra SSO tutorial available. No native SCIM provisioning - use Aquera Sync Bridge for bi-directional user sync. Aquera supports AD, Entra ID hybrid, and pure Entra ID cloud. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Sage accounts manually. Here's what that costs:
The Sage pricing problem
Sage gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Aquera connector | $3,000-$5,000/year | Vendor-managed | |
| Sage APIs | Development time | IT team responsibility | |
| Manual provisioning | Staff time | High touch |
Provisioning options
| Method | Cost | Reliability | Maintenance |
|---|---|---|---|
| Aquera connector | $3,000-$5,000/year | Third-party dependency | Vendor-managed |
| Sage APIs | Development time | Custom code maintenance | IT team responsibility |
| Manual provisioning | Staff time | Human error prone | High touch |
Enterprise pricing context
What this means in practice
Without native SCIM, IT teams face these operational challenges:
New employee onboarding
Employee changes
Offboarding gaps
Additional constraints
Summary of challenges
- Sage does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Sage actually offers for identity
SAML SSO (All Plans)
Sage Intacct supports SAML 2.0 integration across all pricing tiers:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, Microsoft Entra ID, Salesforce, generic SAML |
| SP-initiated SSO | ✓ Yes |
| IdP-initiated SSO | ✓ Yes |
| JIT provisioning | ❌ No |
Key requirement: Custom SAML attribute mappings must be configured to match Sage Intacct's user fields. Users must be manually created in Sage before SSO authentication works.
Provisioning Options (Third-party only)
Sage Intacct has no native SCIM support. Your options for automated user management:
| Method | How it works | Cost |
|---|---|---|
| Aquera Connector | Third-party SCIM bridge for Okta/Entra | Additional subscription |
| Sage APIs | Custom integration via REST APIs | Development resources |
| Manual | Create/update/deactivate users by hand | Time-intensive |
The Aquera reality: Both Okta and Microsoft integration guides point to Aquera's third-party connector for provisioning. This adds another vendor to manage, another contract to negotiate, and another potential point of failure.
What's Missing
The financial management platform that handles your company's money requires manual user management or a third-party integration to automate basic identity tasks.
What IT admins are saying
Sage Intacct's missing native SCIM forces IT teams into expensive workarounds:
- Manual user provisioning through Sage's web interface for every hire/departure
- Reliance on third-party connectors like Aquera that add complexity and cost
- Custom API integrations that require developer resources to maintain
- Quote-based pricing makes budgeting unpredictable
SCIM provisioning available via third-party Aquera connector
No native SCIM provisioning - use Aquera Sync Bridge for bi-directional user sync
The recurring theme
Despite being an enterprise financial platform, Sage Intacct offers SAML SSO but forces customers to either manually manage users or pay for additional third-party provisioning solutions.
The decision
| Your Situation | Recommendation |
|---|---|
| Small finance team (<10 users) with minimal turnover | Manual user management acceptable |
| Mid-size company with Okta/Entra and budget for connectors | Consider Aquera connector ($3K-5K/year additional) |
| Enterprise with 50+ financial users across entities | Use Stitchflow: automation essential for scale |
| Multi-subsidiary organizations with complex access needs | Use Stitchflow: handles complex role mappings automatically |
| Companies requiring SOC 2 compliance audit trails | Use Stitchflow: comprehensive provisioning logs included |
The bottom line
Sage Intacct offers robust financial management but no native SCIM provisioning. While third-party connectors like Aquera exist, they add complexity and cost to an already expensive platform. For organizations that need reliable user lifecycle automation without vendor lock-in to specific connectors, Stitchflow provides the simpler, more predictable solution.
Make Sage workflows AI-native
Sage has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No native SCIM documented
- Provisioning via APIs or third-party (Aquera)
- IdP-initiated SSO supported
- Custom SAML attribute mappings required
- Quote-based pricing
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Docs
Native Okta integration for SAML SSO. SCIM provisioning available via third-party Aquera connector. Aquera provides bi-directional sync for user lifecycle management.
Use Stitchflow for automated provisioning.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Microsoft Entra SSO tutorial available. No native SCIM provisioning - use Aquera Sync Bridge for bi-directional user sync. Aquera supports AD, Entra ID hybrid, and pure Entra ID cloud.
Use Stitchflow for automated provisioning.
Unlock SCIM for
Sage
Sage has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
