Summary and recommendation
Sketch supports native SCIM provisioning, but only on Enterprise plans at $44/editor/month. While Business plans ($20/editor/month) include SAML SSO with JIT provisioning, full automated user lifecycle management requires the expensive Enterprise tier. This creates a significant cost barrier: upgrading from Business to Enterprise costs an additional $24/editor/month—for a 50-person design team, that's $14,400/year extra just to unlock SCIM.
The gap between SSO availability (Business) and SCIM provisioning (Enterprise) leaves IT teams manually managing user accounts in Sketch while users authenticate automatically. JIT provisioning creates free Viewer seats by default, requiring admins to manually upgrade users to Editor licenses—defeating the purpose of automation. This manual overhead becomes particularly problematic for design teams with frequent contractor rotations or project-based access needs.
The strategic alternative
Sketch gates SCIM behind Enterprise. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across the rest of your stack. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Sketch accounts manually. Here's what that costs:
The Sketch pricing problem
Sketch gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure (Billed Annually)
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Standard | $9/editor/mo | ||
| Business | $20/editor/mo | JIT only | |
| Enterprise | $44/editor/mo | ||
| Private Cloud | $74/editor/mo |
Note: Business tier includes SAML SSO with JIT provisioning that creates free Viewer seats by default. Admins must manually upgrade users to Editor seats. Only Enterprise and Private Cloud support full SCIM provisioning.
What this means in practice
Using current list prices (Business → Enterprise for SCIM):
| Team Size | Annual Upgrade Cost |
|---|---|
| 25 editors | +$7,200/year |
| 50 editors | +$14,400/year |
| 100 editors | +$28,800/year |
| 200 editors | +$57,600/year |
Calculation: ($44 - $20) × editors × 12 months
Additional constraints
Summary of challenges
- Sketch supports SCIM but only at Enterprise tier ($44/editor/mo (Enterprise - SSO + SCIM))
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Sketch doesn't sell SCIM à la carte. It's bundled with Enterprise features at $44/editor/month:
Stitchflow Insight
Business plan ($20/editor/month) gets you SSO but not SCIM - you're forced into the full Enterprise tier for automated provisioning. If you need enterprise-grade security controls anyway, the upgrade may make sense. If you just want automated user provisioning, you're paying $24/editor/month extra for features most IT teams won't use. We estimate ~60% of Enterprise features are irrelevant for teams that only need SCIM automation.
What IT admins are saying
Community sentiment on Sketch's SCIM pricing is mixed, with most frustration centered around the steep pricing tier requirements. Common complaints:
- Being forced into Enterprise plan ($44/editor/month) just for SCIM provisioning
- The 2.2x price jump from Business ($20) to Enterprise for automation features
- Confusion around the subscription model changes and annual billing requirements
- Design teams feeling locked into expensive plans for basic IT security needs
The pricing structure forces you to pay for Enterprise features when all we need is automated user provisioning. It's a $24/month per user tax just to connect our IdP.
We're a 15-person design team and Sketch wants us to pay Enterprise rates across the board just so IT can manage user accounts properly. That's an extra $4,800/year just for SCIM.
The recurring theme
Sketch bundles SCIM with their highest-tier Enterprise plan, creating a significant cost barrier for teams that only need automated provisioning without advanced enterprise features.
The decision
| Your Situation | Recommendation |
|---|---|
| On Standard/Business, need SCIM | Use Stitchflow: avoid the $24-35/editor/mo tier jump |
| Already on Enterprise plan | Use native SCIM: you're paying $44/editor/mo for it |
| Design team with tight budget constraints | Use Stitchflow: get automation without Enterprise costs |
| Need Enterprise features beyond SCIM | Evaluate Enterprise: SCIM comes bundled with BYOK |
| Small design team, low turnover | Manual may work: but watch for offboarding gaps |
The bottom line
Sketch gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the Sketch workflow gap
Sketch gates SCIM behind Enterprise, but the bigger issue is the workflow around it. Stitchflow builds and maintains the offboarding, access review, or license workflow underneath.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- SCIM requires Enterprise or Private Cloud plan
- SSO requires Business plan or higher
- Mac app + web app SSO supported
- JIT provisioning creates free Viewer seats by default
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
SSO and JIT provisioning via Okta. SCIM provisioning available on Enterprise/Private Cloud plans.
Sketch gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Microsoft Entra ID SSO and SCIM supported. Import XML Metadata file for SSO setup. SCIM on Enterprise/Private Cloud.
Sketch gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the workflow gap in
Sketch
Sketch gates SCIM behind Enterprise plan. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across your stack, and it can add a 389% markup just to get there.
Start with the free gap diagnostic
