Summary and recommendation
Salesforce supports SCIM 2.0 provisioning, but only on Enterprise ($175/user/month) and Unlimited ($350/user/month) editions. For organizations on Starter plans ($25/user/month), unlocking automated provisioning requires a 7x price increase—adding $150/user/month just to eliminate manual account management. For a 50-person team, that's $90,000/year in additional licensing costs solely to access SCIM capabilities.
The pricing barrier creates a significant operational gap. Without automated provisioning, IT teams must manually create Salesforce accounts, assign profiles and permission sets, and remember to deactivate users when they leave—a process that's error-prone and doesn't scale. SSO alone doesn't solve this problem since it only handles authentication, not account lifecycle management. This manual overhead becomes particularly problematic in organizations with frequent role changes or seasonal hiring patterns.
The strategic alternative
Stitchflow provides SCIM-level provisioning through resilient browser automation for Salesforce without requiring the Enterprise tier upgrade. Works with any Salesforce edition and any IdP (Okta, Entra, Google Workspace, OneLogin). Flat pricing under $5K/year, regardless of user count.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0, OIDC |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Salesforce accounts manually. Here's what that costs:
The Salesforce pricing problem
Salesforce gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure (Billed Annually)
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Starter | $25/user/mo | ||
| Professional | $80/user/mo | ||
| Enterprise | $175/user/mo | ||
| Unlimited | $350/user/mo |
Note: Prices reflect Salesforce's August 2025 6% increase. SCIM requires Enterprise edition minimum, which bundles advanced features like API access, custom objects, and workflow automation that many organizations don't need for basic CRM functionality.
What this means in practice
Using current list prices (Professional → Enterprise for SCIM access):
| Team Size | Annual Upgrade Cost | Monthly Impact |
|---|---|---|
| 50 users | +$57,000/year | +$4,750/month |
| 100 users | +$114,000/year | +$9,500/month |
| 200 users | +$228,000/year | +$19,000/month |
Calculation: ($175 - $80) × users × 12 months
Additional constraints
Summary of challenges
- Salesforce supports SCIM but only at Enterprise tier ($175/user/month)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Salesforce doesn't sell SCIM à la carte. Enterprise edition ($175/user/month) includes SCIM bundled with advanced CRM features:
The jump from Starter ($25/user/month) to Enterprise represents a 7x price increase—$1,800 per user annually just to unlock identity management. Most organizations need maybe 20% of Enterprise features but pay for the entire bundle.
For a 100-user company, that's $180,000/year extra to get SCIM functionality that should be standard. The math gets worse with Salesforce's multi-cloud architecture where different Clouds may require separate Enterprise licenses for full identity integration.
What IT admins are saying
Community sentiment on Salesforce's SCIM pricing is overwhelmingly frustrated. Common complaints:
- Being locked into Enterprise edition ($175/user/month) just for basic provisioning
- The 7x price jump from Starter to Enterprise for SCIM access
- Complex multi-cloud licensing that complicates identity management across Sales/Service/Marketing Clouds
- Trial accounts being completely blocked from automated provisioning testing
The Enterprise pricing requirement for SCIM adds massive cost overhead when you just need user automation
Managing identity across multiple Salesforce Clouds is a nightmare with different capabilities and licensing requirements
The recurring theme
Salesforce uses SCIM as an expensive enterprise feature gate, forcing organizations to pay premium prices ($175+ per user) for what should be standard identity automation functionality.
The decision
| Your Situation | Recommendation |
|---|---|
| On Starter, need SCIM | Use Stitchflow: avoid the 7x price jump to Enterprise |
| Already on Enterprise or Unlimited | Use native SCIM: you're paying for it |
| Need Enterprise features beyond SCIM | Evaluate Enterprise: SCIM comes bundled |
| Managing multiple Salesforce Clouds | Use Stitchflow: simplifies multi-cloud identity across Sales/Service/Marketing |
| Small footprint, infrequent user changes | Manual may work: but watch for permission complexity |
The bottom line
Salesforce's SCIM requirement for Enterprise edition creates a massive pricing barrier—jumping from $25 to $175 per user monthly just for provisioning automation. For organizations that need SCIM without Enterprise features, Stitchflow delivers the same automation at a fraction of the cost.
Automate Salesforce without the tier upgrade
Stitchflow delivers SCIM-level provisioning through resilient browser automation, backed by 24/7 human in the loop for Salesforce at <$5K/year, flat, regardless of team size.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- SCIM only on Enterprise and Unlimited editions
- Complex multi-cloud licensing affects feature availability
- Different Salesforce Clouds may have different SSO/SCIM capabilities
- Trial accounts cannot use automated provisioning
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Full SCIM provisioning. OAuth authentication for provisioning. Profiles imported from Salesforce appear as application roles. Schema discovery supported.
Native SCIM is available on Enterprise. Use Stitchflow if you need provisioning without the tier upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Microsoft Entra provisioning tutorial available. Trial accounts can't use automated provisioning (no API access). Profiles imported as roles. Permissions assigned to profile directly, not permission sets.
Native SCIM is available on Enterprise. Use Stitchflow if you need provisioning without the tier upgrade.
Unlock SCIM for
Salesforce
Salesforce gates automation behind Enterprise or Unlimited plan. Stitchflow delivers the same SCIM outcomes for a flat fee, saving you 600%.
See how it works
