Summary and recommendation
Tines supports native SCIM 2.0 provisioning, but only on Enterprise plans with custom pricing. The platform requires SSO configuration as a prerequisite before enabling SCIM, and Community (free) tier users are locked out entirely from automated provisioning capabilities.
This creates a significant barrier for security teams evaluating Tines for workflow automation. Moving from Community to Enterprise purely for SCIM access forces organizations into enterprise sales cycles and custom pricing negotiations, often adding tens of thousands in annual costs. Meanwhile, manual user management in a security orchestration platform creates operational overhead and potential access control gaps—exactly what you're trying to eliminate with automation tools.
The strategic alternative
Tines gates SCIM behind Enterprise. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across the rest of your stack. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ❌ | SSO only |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Tines accounts manually. Here's what that costs:
The Tines pricing problem
Tines gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Community | Free | ||
| Pro | N/A | ||
| Business | N/A | ||
| Enterprise | Custom |
Note: Pro and Business pricing details are not publicly available, but SCIM access is exclusively available in the Enterprise tier.
What this means in practice
No transparent pricing path: Unlike most SaaS tools with published tier pricing, Tines requires sales engagement and custom quotes for Enterprise access. This creates uncertainty around:
Community tier limitations: Organizations using the free Community tier face a significant jump to Enterprise for basic provisioning capabilities.
Additional constraints
Summary of challenges
- Tines supports SCIM but only at Enterprise tier (Custom)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Tines doesn't sell SCIM à la carte. It's bundled with Enterprise features that require custom pricing:
Stitchflow Insight
The Enterprise tier targets security teams at large organizations that need comprehensive SOAR (Security Orchestration, Automation and Response) capabilities. If you're a smaller team that just wants automated user provisioning for your security workflows, you're paying for enterprise security features, custom support tiers, and advanced automation tools you likely don't need. We estimate ~80% of Enterprise features are irrelevant for teams that only need SCIM provisioning.
What IT admins are saying
Community sentiment on Tines's SCIM limitations reveals mixed experiences. Common complaints:
- Enterprise tier requirement creating cost barriers for smaller security teams
- Lack of SCIM support in Microsoft Entra ID despite SSO availability
- Having to implement SSO first before accessing SCIM functionality
- Custom Enterprise pricing making budget planning difficult
We're stuck on the Community tier because Enterprise pricing is out of reach, but we really need automated user provisioning for our security workflows.
Tines works great with Okta SCIM but there's no provisioning support for Azure AD. We're a Microsoft shop so that's frustrating.
The recurring theme
SCIM availability varies dramatically by IdP, and Enterprise tier requirements create artificial barriers for teams that need automated provisioning but don't require other Enterprise features.
The decision
| Your Situation | Recommendation |
|---|---|
| On Community/Pro/Business, need SCIM | Use Stitchflow: avoid the Enterprise tier jump and custom pricing |
| Already on Enterprise with SCIM | Use native SCIM: you're paying for it |
| Using Entra ID and need provisioning | Use Stitchflow: Tines only supports Entra SSO, not provisioning |
| Need Enterprise security features beyond SCIM | Evaluate Enterprise: SCIM comes bundled with the tier |
| Small security team, low employee churn | Manual may work: but monitor for access gaps as you scale |
The bottom line
Tines gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the Tines workflow gap
Tines gates SCIM behind Enterprise, but the bigger issue is the workflow around it. Stitchflow builds and maintains the offboarding, access review, or license workflow underneath.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- Enterprise tier required for SCIM
- SSO configuration required before SCIM
- Community (free) tier has limited features
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Docs
Full SCIM provisioning support
Tines gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the workflow gap in
Tines
Tines gates SCIM behind Enterprise plan. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across your stack.
Start with the free gap diagnostic
