Summary and recommendation
Symitar, Jack Henry's core banking platform for credit unions, does not support SCIM provisioning on any plan. While SSO integration is available through the Jack Henry & Associates Client Portal with identity providers like Okta and Azure AD, this only handles authentication. User provisioning must be managed manually or through custom API integrations via the SymXchange API, which requires significant technical development work and ongoing maintenance. The platform's identity management is further complicated by its requirement for Episys release 2020.01 or higher for modern integrations, and the need to coordinate access across multiple Jack Henry components (Banno platform, NetTeller Back Office).
This creates a substantial operational burden for credit union IT teams who must manually create, update, and deactivate user accounts across their banking systems while maintaining compliance with financial industry regulations. The lack of automated provisioning means that employee onboarding and offboarding processes remain manual and error-prone, creating potential security gaps and audit concerns in an industry where access controls are critical for regulatory compliance.
The strategic alternative
Symitar has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | Symitar is owned by Jack Henry. Uses Jack Henry & Associates Client Portal integration for SSO. Identity mapping via SymXchange API. |
| Microsoft Entra ID | ✓ | ❌ | SSO can be configured via third-party IdPs like Azure AD/Okta but no native SCIM provisioning |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Symitar accounts manually. Here's what that costs:
The Symitar pricing problem
Symitar gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Enterprise | Custom quote (enterprise only) |
Pricing structure
| Plan | Pricing | SCIM | SSO |
|---|---|---|---|
| Enterprise | Custom quote (enterprise only) | ❌ Not available | ✓ Via Jack Henry Client Portal |
Enterprise-only positioning: Symitar is exclusively sold as an enterprise core banking solution with custom pricing based on credit union size, transaction volume, and feature requirements.
What this means in practice
Without SCIM provisioning, IT teams managing Symitar access face:
For a mid-sized credit union with 200+ employees and regular turnover, this translates to 10+ hours weekly of manual user management tasks.
Additional constraints
Summary of challenges
- Symitar does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Symitar actually offers for identity
SSO Configuration (Enterprise Only)
Symitar supports SAML SSO through Jack Henry & Associates Client Portal integration:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, Azure AD, other SAML providers |
| Configuration | Via Banno platform or NetTeller Back Office |
| Minimum requirements | Episys release 2020.01 or later |
| User management | Manual via SymXchange API |
Key limitation: SSO requires custom API integration work through MuleSoft for identity mapping. Credit unions must handle user lifecycle management separately.
Identity Integration Options
| Feature | Available? | Method |
|---|---|---|
| SAML SSO | ✓ Yes | Jack Henry Client Portal |
| User provisioning | ❌ No | Manual via SymXchange API |
| Group management | ❌ No | N/A |
| Automated deprovisioning | ❌ No | Manual process required |
Reality check: Symitar is a core banking platform built for credit unions, not modern SaaS identity management. The SymXchange API exists for data integration, not user lifecycle automation. Even with SSO configured, IT teams must manually create, update, and remove user accounts through separate banking administration interfaces.
The "enterprise-only" designation reflects that Symitar is exclusively sold to financial institutions with custom implementations, not standard SaaS pricing tiers.
What IT admins are saying
Community sentiment on Symitar's provisioning capabilities highlights the complexity of managing user access in credit union core banking systems:
- Manual user provisioning through SymXchange API requires custom development work
- SSO works but doesn't eliminate the need for separate user management
- Complex integration requirements through MuleSoft for third-party identity providers
- Minimum system requirements (Episys 2020.01+) create barriers for older installations
SSO can be configured via third-party IdPs like Azure AD/Okta but no native SCIM provisioning
Third-party identity management (like Okta) requires custom API integration via MuleSoft
The recurring theme
While Symitar supports SSO through Jack Henry's Client Portal, IT teams are left building custom API integrations for user provisioning, creating technical debt and ongoing maintenance overhead for credit union IT departments.
The decision
| Your Situation | Recommendation |
|---|---|
| Small credit union (<25 users) with minimal IT resources | Manual management acceptable, focus on SSO setup |
| Mid-size credit union (25-100 users) with frequent staff changes | Use Stitchflow: manual provisioning creates security risks |
| Multi-branch credit union with complex role requirements | Use Stitchflow: automation essential for consistent access control |
| Enterprise credit union with compliance mandates | Use Stitchflow: automation required for audit trail and SOX compliance |
| Credit union planning digital transformation initiatives | Use Stitchflow: establish modern identity management foundation |
The bottom line
Symitar serves credit unions with critical core banking functions, but offers no SCIM provisioning—only custom API integrations that require specialized development resources. For credit unions that need automated user lifecycle management without the complexity of SymXchange API development, Stitchflow delivers enterprise-grade provisioning through proven automation.
Make Symitar workflows AI-native
Symitar has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No native SCIM provisioning - uses SymXchange API for identity mapping
- Core banking platform for credit unions (Episys)
- SSO configuration available via Banno platform or NetTeller Back Office
- Minimum Episys release 2020.01 required for modern integrations
- Third-party identity management (like Okta) requires custom API integration via MuleSoft
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
Symitar is owned by Jack Henry. Uses Jack Henry & Associates Client Portal integration for SSO. Identity mapping via SymXchange API.
Use Stitchflow for automated provisioning.
Unlock SCIM for
Symitar
Symitar has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
