Summary and recommendation
Spacelift, the infrastructure-as-code management platform, does not support SCIM provisioning on any plan despite user requests for this functionality. While Spacelift offers SAML 2.0 and OIDC SSO integration with identity providers like Okta and Azure AD, SSO is only available on Enterprise plans and requires custom pricing. More critically, SSO only handles authentication - IT teams must still manually create, update, and deactivate user accounts within Spacelift. IdP group memberships can be referenced in login policies, but users aren't automatically provisioned based on those groups.
This creates a significant operational burden for IT teams managing infrastructure access. Unlike typical SaaS applications, Spacelift controls access to critical infrastructure resources and deployment pipelines. Manual user management means delayed onboarding for new developers, potential security gaps when team members change roles, and compliance risks when departing employees aren't promptly deprovisioned from infrastructure management tools. The lack of automated group-based provisioning is particularly problematic given Spacelift's role-based access model for different infrastructure environments and deployment workflows.
The strategic alternative
Spacelift has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | No Okta OIN app. Supports SSO via SAML 2.0 or OIDC with Okta. SSO is Enterprise plan only. |
| Microsoft Entra ID | ✓ | ❌ | Supports Azure AD via SAML or OIDC for SSO. No SCIM provisioning available. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Spacelift accounts manually. Here's what that costs:
The Spacelift pricing problem
Spacelift gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | $399/mo (up to 10 users) | ||
| Business | Custom pricing | ||
| Enterprise | Custom pricing |
Pricing structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | $399/mo (up to 10 users) | ||
| Business | Custom pricing | ||
| Enterprise | Custom pricing |
What this means in practice
Without SCIM, Spacelift user management creates operational overhead:
Additional constraints
Summary of challenges
- Spacelift does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Spacelift actually offers for identity
SSO (Enterprise plan required)
Spacelift provides federated authentication through standard protocols:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 or OIDC |
| Supported IdPs | Okta, Entra ID, Google Workspace, any SAML/OIDC provider |
| Plan requirement | Enterprise tier only |
| User management | Manual or JIT provisioning |
Critical gap: While SSO handles authentication, there's no automated user lifecycle management. Users must be manually added to Spacelift before they can access resources.
What's missing entirely
Spacelift has no SCIM endpoint or automated provisioning capabilities:
| Feature | Supported? |
|---|---|
| Create users | ❌ Manual only |
| Update user attributes | ❌ Manual only |
| Deactivate users | ❌ Manual only |
| Group synchronization | ❌ No |
| Role assignment automation | ❌ Manual only |
Real-world impact: IT teams manage Spacelift access through manual processes. When employees join, change roles, or leave, someone must remember to update Spacelift permissions separately from your IdP.
IdP Integration Status
Neither Okta nor Entra ID offer native Spacelift provisioning apps:
This leaves teams with SSO for authentication but manual user management for everything else.
What IT admins are saying
Community sentiment on Spacelift's provisioning reveals frustration with manual user management:
- Users must be manually added to Spacelift workspaces even after SSO is configured
- No automated deprovisioning when employees leave the organization
- SSO requires expensive Enterprise plan, blocking automation for smaller teams
- IdP group memberships can inform login policies but don't trigger user creation
We've been asking for SCIM support for a while now. Having to manually manage users in Spacelift when we have everything automated through Okta is a pain point.
SSO works great but you still have to go into Spacelift and manually add each user to the right spaces. Defeats the purpose of having centralized identity management.
The recurring theme
Spacelift forces IT teams to maintain a separate user management process outside their identity provider, creating operational overhead and security gaps when user access isn't automatically revoked.
The decision
| Your Situation | Recommendation |
|---|---|
| Small infrastructure team (<10 users) | Manual management acceptable for now |
| Growing DevOps team (10-50 users) | Use Stitchflow: automation prevents bottlenecks |
| Enterprise with compliance requirements | Use Stitchflow: automated provisioning essential for audit trails |
| Multi-team infrastructure access | Use Stitchflow: centralized user management critical |
| High developer turnover environment | Use Stitchflow: instant deprovisioning reduces security risk |
The bottom line
Spacelift excels at infrastructure automation but completely lacks user provisioning capabilities—no SCIM support despite user demand, and even SSO requires their Enterprise plan. For teams managing infrastructure access at scale, Stitchflow delivers the automated user lifecycle management that Spacelift should have built natively.
Make Spacelift workflows AI-native
Spacelift has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No SCIM support - feature requested by users but not implemented
- Users must be manually added/removed or rely on SSO JIT
- SSO (SAML/OIDC) requires Enterprise plan
- IdP group memberships can be used in login policies but not auto-provisioned
Documentation not available.
Unlock SCIM for
Spacelift
Spacelift has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
