Summary and recommendation
SurveyMonkey Enterprise includes native SCIM 2.0 support that automatically creates, updates, and deactivates user accounts from your identity provider. However, SCIM functionality is restricted to Enterprise plans (starting ~$18/user/month with custom quotes required) and comes with a critical architectural limitation: only one IdP per Enterprise team. This means organizations with multiple identity providers or complex organizational structures can't fully automate user lifecycle management across their entire SurveyMonkey deployment.
The single IdP restriction creates significant operational friction for larger enterprises or organizations that have acquired companies with different identity systems. IT teams must either maintain manual provisioning processes for users outside their primary IdP or restructure their identity architecture—neither of which scales effectively. Additionally, SCIM won't retroactively deactivate users who were removed from the IdP before SCIM was enabled, creating potential compliance gaps.
The strategic alternative
SurveyMonkey gates SCIM behind Enterprise. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across the rest of your stack. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages SurveyMonkey accounts manually. Here's what that costs:
The SurveyMonkey pricing problem
SurveyMonkey gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Team Advantage | $30/user/mo | ||
| Team Premier | $92/user/mo | ||
| Enterprise | Starting ~$18/user/mo* |
*Custom quote required - actual pricing varies significantly based on seat count and contract terms
What this means in practice
The Enterprise tier creates a procurement hurdle that blocks automated provisioning:
Pricing opacity: No published Enterprise pricing means extended sales cycles and budget approval delays. The "starting at $18/user/mo" is misleading - actual quotes often come in much higher for smaller teams.
Sales requirement: You can't simply upgrade online. Every Enterprise deal requires sales engagement, demos, and custom contracts.
Forced bundling: SCIM comes packaged with enterprise features many teams don't need (HIPAA compliance, CSM support, advanced analytics).
Additional constraints
Summary of challenges
- SurveyMonkey supports SCIM but only at Enterprise tier (Starting ~$18/user/mo (custom quote))
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
SurveyMonkey doesn't sell SCIM à la carte. It's bundled with Enterprise features:
Key limitation: Only one IdP connection per Enterprise team, which creates problems for organizations using multiple identity providers or managing complex structures.
The single IdP restriction is particularly problematic for organizations with subsidiaries, acquisitions, or complex identity architectures.
Stitchflow Insight
If you need enterprise compliance and dedicated support anyway, the upgrade provides real value. If you just want automated user provisioning, you're paying for enterprise features you won't use. We estimate ~60% of Enterprise features are irrelevant for teams that only need SCIM automation - particularly the compliance overhead and CSM relationship that most IT teams don't require.
What IT admins are saying
Community sentiment on SurveyMonkey's SCIM implementation is mixed, with specific architectural concerns raised by IT teams:
- The one IdP per Enterprise team limitation creates deployment complexity for multi-tenant organizations
- SCIM won't retroactively deactivate users who were removed before SCIM was enabled, creating security gaps
- SP-initiated SSO only restriction limits user experience flexibility
- Enterprise tier requirement adds significant cost for teams that only need basic provisioning
The recurring theme
While SurveyMonkey's native SCIM works reliably for straightforward deployments, the one-IdP-per-team restriction and retroactive user cleanup issues create operational headaches for larger organizations with complex identity architectures.
The decision
| Your Situation | Recommendation |
|---|---|
| On Team Advantage/Premier, need SCIM | Use Stitchflow: avoid the $18+/user Enterprise upgrade |
| Already on Enterprise with native SCIM | Use native SCIM: you're paying for it already |
| Need Enterprise features beyond SCIM | Evaluate Enterprise: SCIM comes bundled with compliance tools |
| Multi-IdP environment | Use Stitchflow: bypasses SurveyMonkey's one IdP per team limit |
| Small survey teams, low user churn | Manual may work: but watch for deactivation gaps |
The bottom line
SurveyMonkey gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the SurveyMonkey workflow gap
SurveyMonkey gates SCIM behind Enterprise, but the bigger issue is the workflow around it. Stitchflow builds and maintains the offboarding, access review, or license workflow underneath.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- Only 1 IdP per Enterprise team
- SCIM won't deactivate users removed before enablement
- SP-initiated SSO only
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Enterprise required for SCIM
SurveyMonkey gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Enterprise required for SCIM
SurveyMonkey gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the workflow gap in
SurveyMonkey
SurveyMonkey gates SCIM behind Enterprise plan. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across your stack.
Start with the free gap diagnostic
