Summary and recommendation
Tugboat Logic (now part of OneTrust) supports SCIM provisioning, but only on Enterprise plans starting at $80,000-$200,000+/year. This creates a massive cost barrier for most organizations - teams on lower tiers ($500-$80,000/year) are locked out of automated provisioning entirely, despite having full access to the compliance platform itself.
This pricing structure creates a significant operational gap. Security compliance platforms like Tugboat Logic are critical infrastructure that require strict access controls and audit trails. Without SCIM, IT teams must manually provision and deprovision users in a system that handles sensitive compliance data - creating both security risks and audit headaches. Just-in-time provisioning through SSO helps with onboarding, but provides no lifecycle management for role changes or offboarding.
The strategic alternative
Tugboat Logic gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Tugboat Logic accounts manually. Here's what that costs:
The Tugboat Logic pricing problem
Tugboat Logic gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Starter | $500/year | ||
| Pro | $20,000-$40,000/year | ||
| Business | $40,000-$80,000/year | ||
| Enterprise | $80,000-$200,000+/year |
What this means in practice
The minimum cost to access SCIM provisioning is $80,000 annually - a massive jump from any lower tier:
Upgrade costs to Enterprise tier
Many compliance teams operating on modest budgets find themselves forced into Enterprise pricing solely for user provisioning capabilities they could get elsewhere for under $5,000/year.
Additional constraints
Summary of challenges
- Tugboat Logic supports SCIM but only at Enterprise tier ($80,000-$200,000+/year)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Tugboat Logic (now OneTrust) doesn't sell SCIM separately. It's bundled with Enterprise-tier GRC platform features:
Stitchflow Insight
The reality: if you're already investing $80K-$200K+ annually in a comprehensive GRC platform, automated provisioning makes sense as part of the package. But if your primary need is just user management automation for a security compliance tool, you're paying enterprise software prices for features most IT teams won't touch. We estimate ~60% of Enterprise-tier GRC features are irrelevant for organizations that simply need reliable user provisioning for their security compliance workflows.
What IT admins are saying
Community sentiment on Tugboat Logic's acquisition by OneTrust is mixed, with concerns about enterprise-only SCIM access and platform consolidation. Common complaints:
- SCIM provisioning locked behind Enterprise tier ($80K-$200K+ annually)
- Uncertainty about product roadmap after OneTrust acquisition
- Having to navigate OneTrust's complex pricing structure for what was once a simpler GRC tool
- Limited clarity on whether Tugboat Logic features will be sunset in favor of OneTrust's native offerings
The recurring theme
IT admins are frustrated by the acquisition uncertainty and the high cost barrier for automated provisioning in what should be a straightforward compliance platform.
The decision
| Your Situation | Recommendation |
|---|---|
| On Starter/Pro/Business, need SCIM | Use Stitchflow: avoid the $60K-160K/year Enterprise jump |
| Already on Enterprise tier | Use native SCIM: you're paying for it |
| Need Enterprise GRC features beyond SCIM | Evaluate Enterprise: SCIM comes bundled |
| Part of broader OneTrust ecosystem | Consider native: may align with existing licensing |
| Small compliance team, low employee churn | Manual may work: but monitor for audit readiness gaps |
The bottom line
Tugboat Logic's Enterprise-only SCIM requirement creates a massive pricing barrier—potentially $60K-160K+ annually just to automate user provisioning. For security compliance platforms where access control is critical, Stitchflow delivers the automation you need without forcing an expensive tier upgrade.
Make Tugboat Logic workflows AI-native
Tugboat Logic gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- Now part of OneTrust platform
- SCIM requires Enterprise tier
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Enterprise required for SCIM
Tugboat Logic gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Enterprise required for SCIM
Tugboat Logic gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Tugboat Logic
Tugboat Logic gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
