Summary and recommendation
Tropic, the procurement intelligence platform used by enterprises to manage vendor relationships and spending, does not support SCIM provisioning on any plan. While Tropic offers SAML SSO integration with identity providers like Okta and Microsoft Entra, this only handles authentication, not user lifecycle management. User accounts must be manually created in Tropic before SSO can work—adding users to your IdP does not automatically provision them in Tropic. This creates a significant operational burden for IT teams managing access to a platform that handles sensitive procurement and financial data.
The lack of provisioning automation becomes particularly problematic as procurement teams scale. IT administrators must manually coordinate user creation with Tropic administrators for every new hire, contractor, or role change. This manual process introduces delays in onboarding, increases the risk of access errors, and creates compliance gaps in organizations that require automated user lifecycle management for financial systems. Despite Tropic's enterprise-focused pricing starting at $10,000+ annually, the platform provides no automation for the most basic identity management functions.
The strategic alternative
Tropic has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | Supports SAML SSO with Okta but no provisioning. User creation in Tropic must be manual. |
| Microsoft Entra ID | ✓ | ❌ | Supports SAML SSO with Microsoft Entra but no SCIM provisioning |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Tropic accounts manually. Here's what that costs:
The Tropic pricing problem
Tropic gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro (Supplier Intelligence) | $10,000/yr | ||
| Business (Intake to Procure) | $14,500/yr | ||
| Enterprise (Intelligent Spend Management) | $22,000/yr |
Pricing structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro (Supplier Intelligence) | $10,000/yr | ||
| Business (Intake to Procure) | $14,500/yr | ||
| Enterprise (Intelligent Spend Management) | $22,000/yr |
What this means in practice
Manual user management at enterprise scale: Even on the $22,000/year Enterprise plan, every user addition, role change, or offboarding requires manual intervention in Tropic's admin panel. For procurement teams that frequently onboard stakeholders across departments, this creates significant administrative overhead.
SSO without provisioning creates gaps: While Business and Enterprise tiers support SAML SSO, users must still be manually created in Tropic before they can authenticate. Creating a user in your IdP does not automatically provision access to Tropic.
No Just-in-Time (JIT) provisioning: Tropic explicitly does not support JIT provisioning, meaning you cannot rely on first-time SSO login to automatically create user accounts.
Additional constraints
Summary of challenges
- Tropic does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Tropic actually offers for identity
SAML SSO (Enterprise tier required)
Tropic supports SAML 2.0 integration starting at their Enterprise tier ($22,000/year):
| Feature | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, Microsoft Entra, custom SAML providers |
| Initiation | Both IdP-initiated and SP-initiated |
| User requirement | Manual user creation required in Tropic |
Critical limitation: Tropic explicitly does not support SCIM provisioning or Just-in-Time (JIT) provisioning. Users must be manually created in Tropic before they can authenticate via SSO.
Okta Integration
The Okta integration for Tropic shows:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes (Enterprise tier) |
| OIDC SSO | ❌ No |
| Create users | ❌ No |
| Update users | ❌ No |
| Deactivate users | ❌ No |
| Group push | ❌ No |
| SCIM provisioning | ❌ No |
Microsoft Entra Integration
Similarly limited capabilities with Microsoft Entra:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes (Enterprise tier) |
| SCIM provisioning | ❌ No |
| Automatic user creation | ❌ No |
The reality: At $22,000/year minimum for SSO access, you're paying enterprise-level prices for basic SAML authentication with zero provisioning capabilities. Every user onboarding and offboarding still requires manual intervention in Tropic's interface.
What IT admins are saying
Tropic's lack of SCIM provisioning creates operational overhead for IT teams managing procurement platform access:
- Manual user creation required despite SSO - accounts must be created in Tropic before users can authenticate
- No automated deprovisioning when employees leave, creating security gaps
- JIT provisioning explicitly not supported, forcing admins to pre-create accounts
- SSO limited to higher tiers only - Starter plan users stuck with password management
User creation in Tropic must be manual
Supports SAML SSO with Microsoft Entra but no SCIM provisioning
The recurring theme
IT teams pay $14,500-$22,000 annually for Tropic but still handle user lifecycle management manually. Every new hire requires separate account creation, and offboarding becomes a checklist item that's easy to miss.
The decision
| Your Situation | Recommendation |
|---|---|
| Small procurement team (<10 users) | Manual user management is workable |
| Stable purchasing team with infrequent changes | Stick with manual management and SSO authentication |
| Mid-size organization (25+ users) with regular onboarding | Use Stitchflow: manual provisioning becomes a bottleneck |
| Enterprise with compliance requirements | Use Stitchflow: automation essential for audit trail and governance |
| Multi-department procurement with frequent role changes | Use Stitchflow: automation strongly recommended |
The bottom line
Tropic is a comprehensive spend management platform, but it completely lacks automated provisioning capabilities—no SCIM, no JIT provisioning, just manual user creation even when paying $22,000+ annually. For organizations that need provisioning automation without the administrative overhead, Stitchflow delivers the automation Tropic doesn't provide.
Make Tropic workflows AI-native
Tropic has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- SCIM provisioning explicitly not supported
- JIT (Just-in-Time) provisioning not supported
- User creation must be done manually - creating users in SSO provider does not automatically create them in Tropic
- SSO is available in Advanced tier only, not Starter
- Supports IdP-initiated and SP-initiated SSO
Documentation not available.
Unlock SCIM for
Tropic
Tropic has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
