Summary and recommendation
Sourcegraph supports native SCIM 2.0 provisioning, but only on Enterprise plans starting at $59/user/month. While the SCIM implementation covers standard user lifecycle operations (create, update, deactivate), it has notable limitations: it's only tested with Okta and Microsoft Entra ID, has a known validator issue with Entra ID that may cause confusion, and requires network connectivity that can complicate private deployments.
For engineering teams managing sensitive code access, these limitations create operational friction. The pricing barrier is significant—teams on lower tiers face a substantial cost increase to unlock automated provisioning. Given that code search platforms contain proprietary intellectual property, manual user management creates security risks when developers join or leave the organization.
The strategic alternative
Sourcegraph gates SCIM behind Enterprise. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across the rest of your stack. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0, OIDC, OAuth |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Sourcegraph accounts manually. Here's what that costs:
The Sourcegraph pricing problem
Sourcegraph gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Enterprise Starter | $19/user/mo (up to 50 devs) | ||
| Enterprise | $59/user/mo |
Note: Both Enterprise tiers include SCIM, but Enterprise Starter is limited to 50 developers, 100 repositories, and 5GB storage. Most growing engineering teams quickly outgrow these constraints.
What this means in practice
For teams exceeding Enterprise Starter limits, the jump to full Enterprise creates substantial costs:
| Team Size | Annual Enterprise Cost | vs. Basic Code Search |
|---|---|---|
| 75 developers | $53,100/year | 3x cost increase |
| 150 developers | $106,200/year | 3x cost increase |
| 300 developers | $212,400/year | 3x cost increase |
Calculation: $59 × users × 12 months. "Basic code search" refers to hypothetical lower-tier pricing without enterprise features.
Additional constraints
Summary of challenges
- Sourcegraph supports SCIM but only at Enterprise tier ($59/user/mo)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Sourcegraph doesn't sell SCIM à la carte. It's bundled with Enterprise features at $59/user/month:
Stitchflow Insight
The jump from free/starter to Enterprise is significant—you're paying for code intelligence features that may exceed your team's needs. If you just want to automate developer onboarding and offboarding for code search access, you're buying enterprise-grade code analysis tools you may never use. We estimate ~60% of Enterprise features are overkill for teams that only need identity management for their code search platform.
What IT admins are saying
Community sentiment on Sourcegraph's SCIM implementation is mixed, with praise for core functionality but frustration over Enterprise pricing barriers and IdP limitations. Common complaints:
- Enterprise tier requirement creates a $59/user/month barrier for smaller dev teams
- Limited to only Okta and Microsoft Entra ID (officially tested)
- Microsoft Entra ID validator failures cause setup confusion despite working provisioning
- Private deployment complexity requiring additional Okta provisioning agents
The Azure validator issue is annoying - it throws errors during setup even though the actual provisioning works fine. Makes troubleshooting confusing.
We're a 30-person engineering team and can't justify $1,770/month just to get automated user provisioning. The Enterprise Starter caps at 50 devs but we need room to grow.
The recurring theme
Sourcegraph gates essential identity automation behind expensive Enterprise pricing, while IdP compatibility issues create unnecessary friction for common enterprise identity providers.
The decision
| Your Situation | Recommendation |
|---|---|
| Not on Enterprise, need SCIM | Use Stitchflow: avoid the $59/user/mo Enterprise upgrade |
| On Enterprise Starter (50 dev limit), growing team | Use Stitchflow: get SCIM without full Enterprise costs |
| Already on Enterprise | Use native SCIM: you're paying for it already |
| Private Sourcegraph instance with network restrictions | Use Stitchflow: simpler than managing Okta provisioning agents |
| Using non-Okta/Entra IdPs | Use Stitchflow: guaranteed compatibility vs. untested native support |
The bottom line
Sourcegraph gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the Sourcegraph workflow gap
Sourcegraph gates SCIM behind Enterprise, but the bigger issue is the workflow around it. Stitchflow builds and maintains the offboarding, access review, or license workflow underneath.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- Only tested with Okta and Microsoft Entra ID
- Known issue: Microsoft Entra ID validator fails (doesn't impact provisioning)
- SCIM provider needs network connectivity to Sourcegraph instance
- Private instances may need Okta provisioning agent
Close the workflow gap in
Sourcegraph
Sourcegraph gates SCIM behind Enterprise plan. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across your stack.
Start with the free gap diagnostic
