Summary and recommendation
TinyPulse (now part of WebMD Health Services) does not offer native SCIM provisioning. While the platform supports SAML SSO with major identity providers including Okta, OneLogin, PingFederate, and ADFS, automated user provisioning is only available through OneLogin's connector—leaving Okta, Entra, and Google Workspace admins without provisioning options. This creates a significant gap for IT teams using other identity providers, as they must manually manage user lifecycle events like onboarding new employees or deprovisioning departing staff.
The absence of universal SCIM support means IT teams face ongoing manual overhead and compliance risks. When employees leave the organization, their TinyPulse access must be manually revoked, creating potential security gaps. For growing organizations conducting regular employee engagement surveys, this manual user management becomes increasingly time-consuming and error-prone, especially given TinyPulse's inflexible annual licensing model that makes it difficult to adjust user counts mid-contract.
The strategic alternative
TinyPulse has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | Provisioning | Notes |
|---|---|---|---|
| Okta | ✓ | Via API | Okta OIN integration with SWA authentication. Provisioning features include group import and schema discovery. |
| Microsoft Entra ID | ✓ | ❌ | SAML SSO supported. No native Entra provisioning documented. |
| Google Workspace | ✓ | ❌ | SSO only, no provisioning |
| OneLogin | ✓ | ❌ | SSO only |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages TinyPulse accounts manually. Here's what that costs:
The TinyPulse pricing problem
TinyPulse gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| OneLogin connector | ✓ Available | Create, update, deactivate users | |
| Okta API provisioning | ✓ Available | Group import, schema discovery | |
| Native SCIM | ❌ Not available | N/A | |
| Manual provisioning | ✓ Always available | Full control |
Provisioning options
| Method | Availability | Reliability | Features |
|---|---|---|---|
| OneLogin connector | ✓ Available | Third-party dependent | Create, update, deactivate users |
| Okta API provisioning | ✓ Available | Third-party dependent | Group import, schema discovery |
| Native SCIM | ❌ Not available | N/A | N/A |
| Manual provisioning | ✓ Always available | Manual overhead | Full control |
What this means in practice
You're locked into your IdP's implementation quality. If OneLogin's TinyPulse connector has bugs or goes down, your provisioning stops working. There's no fallback to a native SCIM endpoint.
Limited troubleshooting options. When provisioning fails, you're dependent on both TinyPulse and your IdP vendor to diagnose issues. Neither party owns the full integration stack.
IdP switching becomes complex. Moving from OneLogin to another provider means potentially losing automated provisioning capabilities if the new IdP doesn't maintain a TinyPulse connector.
Additional constraints
Summary of challenges
- TinyPulse does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What TinyPulse actually offers for identity
SAML SSO (Enterprise plan)
TinyPulse supports SAML 2.0 authentication with multiple identity providers:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, OneLogin, PingFederate, ADFS, custom SAML providers |
| JIT Provisioning | ✓ Yes |
| Login options | Both SP-initiated and IdP-initiated |
| Direct login | Disabled once SSO is enabled |
Note: TinyPulse is now part of WebMD Health Services (formerly Limeade), which may affect future integration support.
User Provisioning via OneLogin Only
The only native provisioning option comes through OneLogin's connector:
| Feature | Supported? |
|---|---|
| Create users | ✓ Yes (OneLogin only) |
| Update user attributes | ✓ Yes (OneLogin only) |
| Deactivate users | ✓ Yes (OneLogin only) |
| Group management | ❌ No |
| Okta provisioning | ❌ No native support |
| Entra provisioning | ❌ No native support |
| Google Workspace | ❌ No native support |
Okta Integration (Limited)
The Okta Integration Network listing shows minimal capabilities:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes |
| User provisioning | ✓ Yes (via API) |
| Group import | ✓ Yes |
| Schema discovery | ✓ Yes |
Despite these features being listed, TinyPulse lacks native SCIM support for most identity providers beyond OneLogin.
The problem: If you're using Okta, Entra, or Google Workspace, you're stuck with JIT provisioning or manual user management. Only OneLogin customers get automated user lifecycle management—leaving most organizations with incomplete provisioning workflows.
What IT admins are saying
Community sentiment on TinyPulse's provisioning centers around inflexible licensing and limited SCIM options:
- SCIM provisioning only works reliably through OneLogin - other IdPs are left out
- Annual licensing lock-in regardless of actual usage patterns
- No direct SCIM API - must rely on third-party IdP connectors
- SSO disables password-based login entirely, forcing full commitment
TinyPulse is now part of WebMD Health Services (formerly Limeade). Subscription-based pricing. Contact vendor for quote. Known for inflexible licensing - annual lock-in.
SCIM via OneLogin (not all IdPs)
The recurring theme
TinyPulse forces IT teams into vendor lock-in with annual commitments while providing SCIM automation only for OneLogin users. Organizations using Okta, Entra, or other IdPs face manual provisioning despite paying enterprise rates.
The decision
| Your Situation | Recommendation |
|---|---|
| Small HR team (<20 users) with stable workforce | Manual management is acceptable |
| Mid-size company using OneLogin | Use OneLogin's TinyPulse connector for basic provisioning |
| Enterprise using Okta/Entra with complex org structure | Use Stitchflow: automation essential for scale |
| Multi-location company with high turnover | Use Stitchflow: automation strongly recommended |
| Organization requiring audit compliance | Use Stitchflow: automation essential for audit trail |
The bottom line
TinyPulse (now WebMD Health Services) offers limited provisioning options—SCIM only works through OneLogin, leaving Okta and Entra users with manual processes. For organizations that need reliable automation across any IdP without vendor lock-in, Stitchflow delivers the consistency that TinyPulse's fragmented approach can't match.
Make TinyPulse workflows AI-native
TinyPulse has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Not specifiedPlan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- SCIM via OneLogin (not all IdPs)
- SSO disables direct login with password
- Inflexible licensing - annual lock-in
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Okta OIN integration with SWA authentication. Provisioning features include group import and schema discovery.
Use Stitchflow for automated provisioning.
Unlock SCIM for
TinyPulse
TinyPulse has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
