Summary and recommendation
Shopify supports native SCIM 2.0 provisioning, but only on Shopify Plus—their enterprise tier that starts at $2,300/month (minimum $27,600/year). For merchants on Standard, Shopify, or Advanced plans ($29-$299/month), there's no automated provisioning whatsoever. This creates a massive pricing gap: you either pay $299/month with manual user management, or jump to $2,300/month for automation—an 8x increase that puts SCIM out of reach for most merchants.
For e-commerce businesses, especially during peak seasons, this limitation creates real operational pain. Retailers need to rapidly onboard seasonal staff, manage multi-location access, and ensure former employees immediately lose access to customer data and payment systems. Without SCIM, IT teams manually provision every holiday temp worker and customer service rep—a process that's both time-intensive and creates compliance risks in an industry handling sensitive payment data.
The strategic alternative
Stitchflow provides SCIM-level provisioning through resilient browser automation for Shopify without requiring the Plus upgrade. Works with any Shopify plan and any identity provider. Flat pricing under $5K/year, regardless of team size—a fraction of the Plus licensing premium.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Shopify accounts manually. Here's what that costs:
The Shopify pricing problem
Shopify gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Basic | $29/mo | ||
| Shopify | $79/mo | ||
| Advanced | $299/mo | ||
| Plus | $2,300-$2,500/mo |
Note: Plus pricing is actually variable based on revenue (0.3-0.4% of monthly sales) with a minimum of $2,300/mo and cap at $40,000/mo. The tier shown reflects the minimum commitment.
What this means in practice
For merchants requiring SCIM access, the upgrade costs are substantial:
| Current Plan | Annual Upgrade to Plus | Cost Increase |
|---|---|---|
| Basic ($29/mo) | +$27,252/year | 970% increase |
| Shopify ($79/mo) | +$26,772/year | 860% increase |
| Advanced ($299/mo) | +$24,012/year | 670% increase |
This represents one of the steepest SCIM upgrade penalties in enterprise software.
Additional constraints
Summary of challenges
- Shopify supports SCIM but only at Enterprise tier ($2,300-$2,500/mo (Plus - 3-year vs 1-year term))
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Shopify doesn't sell SCIM à la carte. It's bundled with Shopify Plus features:
The real issue: you're paying $27,600+ annually for features like checkout customization and script editing when you just want automated user provisioning. Plus requires domain verification and SAML setup before SCIM works—a multi-step process that smaller merchants find unnecessarily complex.
Stitchflow Insight
The Plus upgrade delivers powerful e-commerce features, but most are irrelevant if you just need identity management. We estimate ~80% of Plus features focus on advanced storefront customization, multi-store management, and enterprise sales tools that typical IT teams never touch.
What IT admins are saying
Community sentiment on Shopify's SCIM implementation centers on pricing barriers and complexity. Common complaints:
- Plus pricing ($2,300-$2,500/mo) puts SCIM completely out of reach for smaller merchants
- Multi-step setup requiring domain verification and SAML configuration before SCIM
- Complete lack of SSO/SCIM on standard Shopify plans despite managing sensitive customer data
- Revenue-based pricing model that penalizes successful businesses with higher identity costs
Plus pricing puts SCIM out of reach for smaller merchants who still need to manage seasonal staff and protect customer data.
You have to verify your domain AND set up SAML before you can even generate a SCIM token - it's unnecessarily complex for what should be basic identity management.
The recurring theme
Shopify treats identity management as a luxury enterprise feature rather than a security fundamental, forcing smaller e-commerce businesses to manage user access manually despite handling sensitive payment and customer data.
The decision
| Your Situation | Recommendation |
|---|---|
| On Basic/Shopify/Advanced, need SCIM | Use Stitchflow: avoid the $2,300+/month Plus upgrade |
| On Plus but struggling with SAML prerequisite complexity | Use Stitchflow: bypass the multi-step domain verification dance |
| Already on Plus with SAML configured | Use native SCIM: you're paying $27K+/year for it |
| Need Plus features for multi-store management | Evaluate Plus: SCIM comes bundled with expansion stores |
| Small shop with low seasonal staff turnover | Manual may work: but monitor for holiday hiring gaps |
The bottom line
Shopify's SCIM barrier is brutal—a $2,300+/month tier jump that puts provisioning automation out of reach for most merchants. For e-commerce teams that need rapid seasonal onboarding without the Plus premium, Stitchflow delivers enterprise-grade provisioning at under $5K/year.
Automate Shopify without the tier upgrade
Stitchflow delivers SCIM-level provisioning through resilient browser automation, backed by 24/7 human in the loop for Shopify at <$5K/year, flat, regardless of team size.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- SCIM only on Shopify Plus (enterprise tier)
- Domain must be verified before SCIM setup
- SAML must be configured before SCIM token generation
- Only manages users associated with verified domain
- Okta Group Push not supported
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Full SCIM provisioning with user lifecycle management. Supports Group Linking, Schema Discovery, Attribute Writeback. Role provisioning available.
Native SCIM is available on Enterprise. Use Stitchflow if you need provisioning without the tier upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Microsoft Entra provisioning service supports automatic user/group provisioning. Base URL: https://shopifyscim.com/scim/v2/
Native SCIM is available on Enterprise. Use Stitchflow if you need provisioning without the tier upgrade.
Unlock SCIM for
Shopify
Shopify gates automation behind Plus plan. Stitchflow delivers the same SCIM outcomes for a flat fee.
See how it works
