Summary and recommendation
SonarQube supports native SCIM 2.0 provisioning, but only on Enterprise Edition—which costs $35,700/year for 5M lines of code before discounts. This creates a significant barrier: teams on Developer Edition ($2,500-$10,000/year) must pay 3-14x more just to unlock automated user provisioning. Additionally, SonarQube's SCIM implementation requires your instance to be publicly accessible, and once enabled, all user management becomes read-only through the SonarQube interface.
For development teams managing code quality across growing organizations, this pricing structure creates a problematic gap. Manual user provisioning in a DevOps tool means developers wait for access, security teams can't enforce consistent group memberships, and offboarding becomes a compliance risk. SSO with just-in-time provisioning helps with login, but doesn't solve the fundamental problem of keeping user access synchronized with your identity provider.
The strategic alternative
SonarQube gates SCIM behind Enterprise Edition. Skip the Enterprise Edition plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages SonarQube accounts manually. Here's what that costs:
The SonarQube pricing problem
SonarQube gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Developer | $10,000/year | ||
| Enterprise | $35,700/year |
Note: Pricing shown is list price before potential enterprise discounts of 39-46%. All pricing is per-instance, per-year based on lines of code analyzed.
What this means in practice
The jump from Developer to Enterprise Edition represents a substantial cost increase:
| Code Base Size | Developer Price | Enterprise Price | SCIM Upgrade Cost |
|---|---|---|---|
| 500K LOC | $2,500/year | ~$7,100/year* | +$4,600/year |
| 2M LOC | $10,000/year | ~$19,300/year* | +$9,300/year |
| 5M LOC | $10,000/year | $35,700/year | +$25,700/year |
Estimated based on LOC scaling from available pricing data *Developer Edition caps at 2M LOC; larger codebases require Enterprise
Additional constraints
Summary of challenges
- SonarQube supports SCIM but only at Enterprise tier (custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
SonarQube doesn't sell SCIM separately. It's bundled with Enterprise Edition features that push the total cost to $35,700/year for 5M lines of code:
The challenge: SCIM requires your SonarQube instance to be publicly accessible, and users become read-only once SCIM is enabled. You're also paying enterprise prices even if you only need basic code quality scanning with automated user management.
Stitchflow Insight
For teams that just want SCIM provisioning without the full enterprise feature set, you're paying for capabilities you likely won't use. We estimate ~60% of Enterprise Edition features are irrelevant for organizations that simply need automated user provisioning for their development teams.
What IT admins are saying
Community sentiment on SonarQube's SCIM requirements reveals significant frustration with the Enterprise Edition paywall. Common complaints:
While specific community quotes weren't available in recent discussions, the pricing structure speaks volumes - teams face a massive jump from Developer Edition ($10,000 for 2M LOC) to Enterprise Edition just to get basic identity automation.
- Being locked out of SCIM unless you upgrade to Enterprise Edition ($35,700/year for 5M LOC)
- The requirement for publicly accessible base URLs, creating security concerns for internal deployments
- Users becoming read-only when SCIM is enabled, limiting local admin flexibility
- Having to configure SAML before SCIM can even be set up, adding deployment complexity
The recurring theme
SonarQube gates essential IT security features behind their highest-priced tier, forcing organizations to pay enterprise prices regardless of their actual code volume or team size needs.
The decision
| Your Situation | Recommendation |
|---|---|
| On Developer Edition, need SCIM | Use Stitchflow: avoid the $33K+/year Enterprise upgrade |
| Enterprise Edition too expensive for your LOC volume | Use Stitchflow: get SCIM without the tier jump |
| Can't expose SonarQube publicly for SCIM | Use Stitchflow: works with private instances |
| Already on Enterprise Edition | Use native SCIM: you're paying for it |
| Small dev team, infrequent changes | Manual may work: but watch for security gaps |
The bottom line
SonarQube's SCIM requires Enterprise Edition, creating a massive cost barrier for teams on Developer plans. For organizations that need provisioning automation without the Enterprise upgrade or public URL requirement, Stitchflow delivers the same outcomes at a fraction of the cost.
Make SonarQube workflows AI-native
SonarQube gates SCIM behind Enterprise Edition. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- SCIM requires Enterprise Edition
- Base URL must be publicly accessible for SCIM
- Users become read-only when SCIM enabled
- SAML must be configured before SCIM
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Full SCIM 2.0 support via Microsoft Entra. Syncs every 40 minutes.
SonarQube gates SCIM behind Enterprise Edition. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
SonarQube
SonarQube gates SCIM behind Enterprise Edition plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade, avoiding a 257% markup.
See how it works
