Summary and recommendation
TinyPulse (now part of WebMD Health Services) does not offer native SCIM provisioning. While the platform supports SAML SSO with major identity providers including Okta, OneLogin, PingFederate, and ADFS, automated user provisioning is only available through OneLogin's connector—leaving Okta, Entra, and Google Workspace admins without provisioning options. This creates a significant gap for IT teams using other identity providers, as they must manually manage user lifecycle events like onboarding new employees or deprovisioning departing staff.
The absence of universal SCIM support means IT teams face ongoing manual overhead and compliance risks. When employees leave the organization, their TinyPulse access must be manually revoked, creating potential security gaps. For growing organizations conducting regular employee engagement surveys, this manual user management becomes increasingly time-consuming and error-prone, especially given TinyPulse's inflexible annual licensing model that makes it difficult to adjust user counts mid-contract.
The strategic alternative
TinyPulse has no native SCIM. That leaves a workflow gap in offboarding, access reviews, and license cleanup unless your team handles the app another way. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | Provisioning | Notes |
|---|---|---|---|
| Okta | ✓ | Via API | Okta OIN integration with SWA authentication. Provisioning features include group import and schema discovery. |
| Microsoft Entra ID | ✓ | ❌ | SAML SSO supported. No native Entra provisioning documented. |
| Google Workspace | ✓ | ❌ | SSO only, no provisioning |
| OneLogin | ✓ | ❌ | SSO only |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages TinyPulse accounts manually. Here's what that costs:
The TinyPulse pricing problem
TinyPulse gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| OneLogin connector | ✓ Available | Create, update, deactivate users | |
| Okta API provisioning | ✓ Available | Group import, schema discovery | |
| Native SCIM | ❌ Not available | N/A | |
| Manual provisioning | ✓ Always available | Full control |
Provisioning options
| Method | Availability | Reliability | Features |
|---|---|---|---|
| OneLogin connector | ✓ Available | Third-party dependent | Create, update, deactivate users |
| Okta API provisioning | ✓ Available | Third-party dependent | Group import, schema discovery |
| Native SCIM | ❌ Not available | N/A | N/A |
| Manual provisioning | ✓ Always available | Manual overhead | Full control |
What this means in practice
You're locked into your IdP's implementation quality. If OneLogin's TinyPulse connector has bugs or goes down, your provisioning stops working. There's no fallback to a native SCIM endpoint.
Limited troubleshooting options. When provisioning fails, you're dependent on both TinyPulse and your IdP vendor to diagnose issues. Neither party owns the full integration stack.
IdP switching becomes complex. Moving from OneLogin to another provider means potentially losing automated provisioning capabilities if the new IdP doesn't maintain a TinyPulse connector.
Additional constraints
Summary of challenges
- TinyPulse does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What TinyPulse actually offers for identity
SAML SSO (Enterprise plan)
TinyPulse supports SAML 2.0 authentication with multiple identity providers:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, OneLogin, PingFederate, ADFS, custom SAML providers |
| JIT Provisioning | ✓ Yes |
| Login options | Both SP-initiated and IdP-initiated |
| Direct login | Disabled once SSO is enabled |
Note: TinyPulse is now part of WebMD Health Services (formerly Limeade), which may affect future integration support.
User Provisioning via OneLogin Only
The only native provisioning option comes through OneLogin's connector:
| Feature | Supported? |
|---|---|
| Create users | ✓ Yes (OneLogin only) |
| Update user attributes | ✓ Yes (OneLogin only) |
| Deactivate users | ✓ Yes (OneLogin only) |
| Group management | ❌ No |
| Okta provisioning | ❌ No native support |
| Entra provisioning | ❌ No native support |
| Google Workspace | ❌ No native support |
Okta Integration (Limited)
The Okta Integration Network listing shows minimal capabilities:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| User provisioning | ✓ Yes (via API) |
| Group import | ✓ Yes |
| Schema discovery | ✓ Yes |
Despite these features being listed, TinyPulse lacks native SCIM support for most identity providers beyond OneLogin.
The problem: If you're using Okta, Entra, or Google Workspace, you're stuck with JIT provisioning or manual user management. Only OneLogin customers get automated user lifecycle management—leaving most organizations with incomplete provisioning workflows.
What IT admins are saying
Community sentiment on TinyPulse's provisioning centers around inflexible licensing and limited SCIM options:
- SCIM provisioning only works reliably through OneLogin - other IdPs are left out
- Annual licensing lock-in regardless of actual usage patterns
- No direct SCIM API - must rely on third-party IdP connectors
- SSO disables password-based login entirely, forcing full commitment
TinyPulse is now part of WebMD Health Services (formerly Limeade). Subscription-based pricing. Contact vendor for quote. Known for inflexible licensing - annual lock-in.
SCIM via OneLogin (not all IdPs)
The recurring theme
TinyPulse forces IT teams into vendor lock-in with annual commitments while providing SCIM automation only for OneLogin users. Organizations using Okta, Entra, or other IdPs face manual provisioning despite paying enterprise rates.
The decision
| Your Situation | Recommendation |
|---|---|
| Small HR team (<20 users) with stable workforce | Manual management is acceptable |
| Mid-size company using OneLogin | Use OneLogin's TinyPulse connector for basic provisioning |
| Enterprise using Okta/Entra with complex org structure | Use Stitchflow: automation essential for scale |
| Multi-location company with high turnover | Use Stitchflow: automation strongly recommended |
| Organization requiring audit compliance | Use Stitchflow: automation essential for audit trail |
The bottom line
TinyPulse has no native SCIM. That means one more workflow gap in offboarding, access reviews, and license cleanup unless your team handles it another way.
Close the TinyPulse workflow gap
TinyPulse is one gap in a broader workflow. Stitchflow builds and maintains the offboarding, access review, or license workflow across every app in your environment.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Not specifiedPlan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- SCIM via OneLogin (not all IdPs)
- SSO disables direct login with password
- Inflexible licensing - annual lock-in
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Okta OIN integration with SWA authentication. Provisioning features include group import and schema discovery.
Use Stitchflow for automated provisioning.
Close the workflow gap in
TinyPulse
TinyPulse has no native SCIM. That leaves one more workflow gap in offboarding, access reviews, and license cleanup unless your team handles it another way.
Start with the free gap diagnostic
