Summary and recommendation
Secureframe supports SCIM 2.0 provisioning, but only on their Complete plan ($14,000-20,000/year typical). This creates a significant barrier for organizations on lower tiers who need automated user provisioning for their GRC workflows. The bigger issue: SCIM requires contacting accountmanagement@secureframe.com to enable, adding friction to what should be a straightforward configuration process.
This approach forces IT teams into an uncomfortable position. Compliance and security teams often need immediate access to begin framework assessments, but waiting for manual SCIM enablement or upgrading to Complete creates delays. SSO with JIT provisioning provides login access but doesn't give IT administrators the granular control needed to manage user lifecycle as security team membership changes during audit cycles.
The strategic alternative
Secureframe gates SCIM behind Complete. Skip the Complete plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Custom |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 / OIDC |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Secureframe accounts manually. Here's what that costs:
The Secureframe pricing problem
Secureframe gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Fundamentals | ~$7,500/year | ||
| Complete | ~$14,000-20,000/year | ||
| Federal | Custom |
Note: Pricing scales with employee count and compliance frameworks. Average deal size is $20,500/year according to Vendr data.
What this means in practice
The jump from Fundamentals to Complete for SCIM access:
| Current Fundamentals Spend | Complete Upgrade Cost |
|---|---|
| $7,500/year | +$6,500-12,500/year |
| $10,000/year | +$4,000-10,000/year |
| $12,000/year | +$2,000-8,000/year |
For most organizations, enabling SCIM means nearly doubling your Secureframe investment, with typical Complete plans running $14,000-20,000 annually depending on company size and framework requirements.
Additional constraints
Summary of challenges
- Secureframe supports SCIM but only at Custom tier (Custom)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Secureframe doesn't sell SCIM à la carte. It's bundled with their Complete plan's security and compliance features:
The Complete plan starts around $14,000-20,000/year, with pricing scaling based on employee count and compliance frameworks needed. If you're already investing in GRC tooling, the upgrade makes sense. But if you just want automated user provisioning for a compliance tool, you're paying for enterprise-grade security automation you may not need.
Stitchflow Insight
We estimate ~60% of Complete plan features are irrelevant for teams that only need SCIM provisioning. Plus, you still need to contact account management to actually enable SCIM—it's not automatic even after upgrading.
What IT admins are saying
Community sentiment on Secureframe's SCIM implementation is mixed, with frustration around the manual enablement process and plan requirements. Common complaints:
- Having to contact account management just to enable SCIM features
- SCIM being locked to the Complete plan ($14K-20K/year typical)
- Separate SCIM configuration from SSO connection adds complexity
- No self-service SCIM activation despite paying for Complete tier
Why do I need to email account management to turn on a feature I'm already paying for? Just put it in the admin panel.
The SCIM setup is unnecessarily complicated - you have to create a separate app in Okta as a 'SCIM 2.0 Test App' which feels hacky for a compliance platform.
The recurring theme
Secureframe treats SCIM as a premium service requiring manual intervention, despite compliance teams needing automated user management for audit requirements.
The decision
| Your Situation | Recommendation |
|---|---|
| On Fundamentals plan, need SCIM | Use Stitchflow: avoid the ~$7K-13K/year tier jump to Complete |
| On Complete but SCIM not enabled | Contact account management first: you're already paying for it |
| Already have SCIM enabled on Complete | Use native SCIM: you're paying for it |
| Need Complete features beyond SCIM | Evaluate Complete upgrade: SCIM comes bundled |
| Small compliance team, low employee churn | Manual may work: but monitor for audit trail gaps |
The bottom line
Secureframe gates SCIM behind their Complete plan (starting ~$14K-20K/year) and requires contacting account management to enable it. For teams on lower tiers who need automated provisioning, Stitchflow delivers the same functionality without the plan upgrade or administrative friction.
Make Secureframe workflows AI-native
Secureframe gates SCIM behind Complete. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Custom
Prerequisites
SSO must be configured first
Key limitations
- SCIM requires Complete plan
- Contact accountmanagement@secureframe.com to enable SCIM
- SCIM separate from SSO connection
Unlock SCIM for
Secureframe
Secureframe gates SCIM behind Complete plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade, avoiding a 167% markup.
See how it works
