Summary and recommendation
Sourcegraph supports native SCIM 2.0 provisioning, but only on Enterprise plans starting at $59/user/month. While the SCIM implementation covers standard user lifecycle operations (create, update, deactivate), it has notable limitations: it's only tested with Okta and Microsoft Entra ID, has a known validator issue with Entra ID that may cause confusion, and requires network connectivity that can complicate private deployments.
For engineering teams managing sensitive code access, these limitations create operational friction. The pricing barrier is significant—teams on lower tiers face a substantial cost increase to unlock automated provisioning. Given that code search platforms contain proprietary intellectual property, manual user management creates security risks when developers join or leave the organization.
The strategic alternative
Stitchflow provides SCIM-level provisioning through resilient browser automation for Sourcegraph across all plans and identity providers. Works with any IdP (Okta, Entra, Google Workspace, OneLogin) without the network connectivity requirements or validator issues. Flat pricing under $5K/year, regardless of team size.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0, OIDC, OAuth |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Sourcegraph accounts manually. Here's what that costs:
The Sourcegraph pricing problem
Sourcegraph gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Enterprise Starter | $19/user/mo (up to 50 devs) | ||
| Enterprise | $59/user/mo |
Note: Both Enterprise tiers include SCIM, but Enterprise Starter is limited to 50 developers, 100 repositories, and 5GB storage. Most growing engineering teams quickly outgrow these constraints.
What this means in practice
For teams exceeding Enterprise Starter limits, the jump to full Enterprise creates substantial costs:
| Team Size | Annual Enterprise Cost | vs. Basic Code Search |
|---|---|---|
| 75 developers | $53,100/year | 3x cost increase |
| 150 developers | $106,200/year | 3x cost increase |
| 300 developers | $212,400/year | 3x cost increase |
Calculation: $59 × users × 12 months. "Basic code search" refers to hypothetical lower-tier pricing without enterprise features.
Additional constraints
Summary of challenges
- Sourcegraph supports SCIM but only at Enterprise tier ($59/user/mo)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Sourcegraph doesn't sell SCIM à la carte. It's bundled with Enterprise features at $59/user/month:
Stitchflow Insight
The jump from free/starter to Enterprise is significant—you're paying for code intelligence features that may exceed your team's needs. If you just want to automate developer onboarding and offboarding for code search access, you're buying enterprise-grade code analysis tools you may never use. We estimate ~60% of Enterprise features are overkill for teams that only need identity management for their code search platform.
What IT admins are saying
Community sentiment on Sourcegraph's SCIM implementation is mixed, with praise for core functionality but frustration over Enterprise pricing barriers and IdP limitations. Common complaints:
- Enterprise tier requirement creates a $59/user/month barrier for smaller dev teams
- Limited to only Okta and Microsoft Entra ID (officially tested)
- Microsoft Entra ID validator failures cause setup confusion despite working provisioning
- Private deployment complexity requiring additional Okta provisioning agents
The Azure validator issue is annoying - it throws errors during setup even though the actual provisioning works fine. Makes troubleshooting confusing.
We're a 30-person engineering team and can't justify $1,770/month just to get automated user provisioning. The Enterprise Starter caps at 50 devs but we need room to grow.
The recurring theme
Sourcegraph gates essential identity automation behind expensive Enterprise pricing, while IdP compatibility issues create unnecessary friction for common enterprise identity providers.
The decision
| Your Situation | Recommendation |
|---|---|
| Not on Enterprise, need SCIM | Use Stitchflow: avoid the $59/user/mo Enterprise upgrade |
| On Enterprise Starter (50 dev limit), growing team | Use Stitchflow: get SCIM without full Enterprise costs |
| Already on Enterprise | Use native SCIM: you're paying for it already |
| Private Sourcegraph instance with network restrictions | Use Stitchflow: simpler than managing Okta provisioning agents |
| Using non-Okta/Entra IdPs | Use Stitchflow: guaranteed compatibility vs. untested native support |
The bottom line
Sourcegraph gates SCIM behind its $59/user/mo Enterprise tier, creating a substantial cost barrier for teams that just need provisioning automation. For development teams wanting secure code access management without the Enterprise price tag, Stitchflow delivers the same automation at a fraction of the cost.
Automate Sourcegraph without the tier upgrade
Stitchflow delivers SCIM-level provisioning through resilient browser automation, backed by 24/7 human in the loop for Sourcegraph at <$5K/year, flat, regardless of team size.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- Only tested with Okta and Microsoft Entra ID
- Known issue: Microsoft Entra ID validator fails (doesn't impact provisioning)
- SCIM provider needs network connectivity to Sourcegraph instance
- Private instances may need Okta provisioning agent
Unlock SCIM for
Sourcegraph
Sourcegraph gates automation behind Enterprise plan. Stitchflow delivers the same SCIM outcomes for a flat fee.
See how it works
