Summary and recommendation
SysAid's SCIM provisioning story is complicated and limited. While the ITSM platform offers SCIM integration through Okta's application network, this requires SysAid's Enterprise plan (custom pricing) plus their SSO Connector add-on. The integration only supports basic user lifecycle operations (create, update, deactivate) but lacks the granular control IT teams need for a help desk system. Most critically, SysAid's SCIM implementation doesn't handle role assignments or group memberships that determine whether users are provisioned as end users, agents, or administrators - these must be configured manually in SysAid after provisioning.
This creates a significant operational gap. Help desk platforms like SysAid require different access levels for different user types, but the SCIM integration can't differentiate between an end user who needs to submit tickets and an IT agent who needs to resolve them. IT teams end up with automated user creation but manual role assignment, defeating much of the purpose of automated provisioning. For organizations using multiple identity providers or those not on Okta, the situation is even worse - Azure AD integration uses a basic Graph API sync that only pulls user data once every 24 hours.
The strategic alternative
SysAid has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | No SCIM available |
| Microsoft Entra ID | ✓ | ❌ | Azure integration pulls user data via Graph API every 24 hours. Not SCIM-based. Requires separate O365 SSO integration for user access. |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages SysAid accounts manually. Here's what that costs:
The SysAid pricing problem
SysAid gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Help Desk | $79/user/month | ||
| ITSM | $108/user/month | ||
| Enterprise | Custom quote | ⚠️ Okta only |
Pricing and provisioning breakdown
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Help Desk | $79/user/month | ||
| ITSM | $108/user/month | ||
| Enterprise | Custom quote | ⚠️ Okta only |
What this means in practice
For Enterprise customers: Even at the highest tier, SCIM provisioning is limited to Okta users only. Organizations using Entra ID, Google Workspace, or other IdPs cannot automate user provisioning - they're limited to Azure's 24-hour Graph API sync for user data pulls, not true provisioning.
For lower-tier customers: No automated provisioning options exist. IT teams must manually create, update, and deactivate user accounts in SysAid, creating significant administrative overhead for help desk and ITSM workflows.
Additional constraints
Summary of challenges
- SysAid does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Enterprise Plan Requirements
SysAid gates SCIM provisioning behind their Enterprise tier, which requires custom pricing through their sales team. Here's what you're paying for beyond identity management:
| Feature Category | What's Included |
|---|---|
| ITSM Core | Advanced workflow engine, custom forms, SLA management |
| Asset Management | Hardware/software inventory, license tracking |
| Advanced Analytics | Custom dashboards, reporting engine |
| Integrations | API access, third-party connectors |
| SSO Connector | SAML 2.0 with Okta, Azure AD (separate add-on) |
| SCIM Provisioning | User lifecycle management via Okta only |
SCIM Features (Okta Only)
When you do get Enterprise pricing, SysAid's SCIM implementation includes:
Major limitation: SCIM provisioning only works through Okta's integration. Azure AD users get a different integration that pulls data via Microsoft Graph API every 24 hours—not real-time SCIM provisioning.
The Reality Check
Most IT teams evaluating SysAid just need reliable user provisioning for their help desk agents. The Enterprise tier bundles SCIM with advanced ITSM features that 80% of organizations never use—like complex workflow automation, advanced asset tracking, and custom reporting engines.
You're essentially paying enterprise software prices (typically $150+ per agent per month) to get basic identity management capabilities that should be standard.
What IT admins are saying
SysAid's provisioning limitations create ongoing headaches for IT teams managing ITSM deployments:
- Okta-only SCIM support - No automated provisioning for Azure AD, Google Workspace, or other identity providers
- Enterprise tier requirement - SCIM provisioning locked behind custom enterprise pricing, not available on standard Help Desk ($79/user/month) or ITSM ($108/user/month) plans
- SSO Connector add-on complexity - Even basic SSO requires additional licensing and configuration beyond base platform
- Manual provisioning for most deployments - Without Enterprise + Okta, every user requires manual account creation in SysAid
SSO with Okta, Azure AD via SSO Connector. Multi-tenant support for O365 domains. SCIM provisioning via Okta.
The Azure integration pulls user data via Graph API every 24 hours. Not SCIM-based. Requires separate O365 SSO integration for user access.
The recurring theme
Unless you're on Enterprise with Okta, SysAid provisioning is entirely manual. Even Azure AD customers get only one-way sync that doesn't handle real-time provisioning or deprovisioning - creating security gaps when employees leave.
The decision
| Your Situation | Recommendation |
|---|---|
| Small IT team (<10 agents) with basic help desk needs | Manual management acceptable with JIT provisioning |
| Using Okta and want automated provisioning | Native SCIM works well through Okta integration |
| Enterprise with Azure AD/Entra ID as primary IdP | Use Stitchflow: native Azure sync is one-way only |
| Multi-IdP environment or using Google Workspace | Use Stitchflow: comprehensive IdP support needed |
| Large ITSM deployment with compliance requirements | Use Stitchflow: automation essential for audit trail |
The bottom line
SysAid offers solid SCIM support through Okta, but leaves Azure AD and other IdP users with limited one-way sync options. For organizations that need full bidirectional provisioning across any identity provider, Stitchflow delivers comprehensive automation without the IdP restrictions.
Make SysAid workflows AI-native
SysAid has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Not specifiedPlan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- SSO Connector is add-on
- Multi-tenant requires domain mapping
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Enterprise required for SCIM
Use Stitchflow for automated provisioning.
Unlock SCIM for
SysAid
SysAid has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
