Summary and recommendation
Vectra AI, the AI-driven threat detection and response platform, does not support SCIM provisioning on any plan. While the platform offers SSO integration through custom SAML configuration with identity providers like Okta and Entra ID, this only handles authentication—not automated user provisioning, deprovisioning, or role management. IT teams must manually create and manage user accounts in Vectra AI, including assigning appropriate security roles and permissions for analysts, investigators, and administrators.
This manual approach creates significant operational overhead for security teams that need to rapidly onboard threat analysts or adjust access permissions as security roles evolve. More critically, it introduces compliance and security risks—when analysts leave the organization or change roles, their Vectra AI access must be manually revoked, creating potential windows where former employees retain access to sensitive threat intelligence and security data. For a platform specifically designed to detect security threats, having gaps in user access management is particularly problematic.
The strategic alternative
Vectra AI has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | Custom SAML integration |
| Microsoft Entra ID | ✓ | ❌ | Custom SAML integration |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Vectra AI accounts manually. Here's what that costs:
The Vectra AI pricing problem
Vectra AI gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | Not disclosed | ||
| Business | Not disclosed | ||
| Enterprise | Custom quote |
Pricing and provisioning support
| Plan | Pricing | SCIM | SSO |
|---|---|---|---|
| Pro | Not disclosed | ❌ No | ✓ Custom SAML |
| Business | Not disclosed | ❌ No | ✓ Custom SAML |
| Enterprise | Custom quote | ❌ No | ✓ Custom SAML |
What this means in practice
Manual provisioning at enterprise scale: Security teams using Vectra AI for threat detection across thousands of endpoints still create user accounts one by one. New hires wait for manual account creation. Departing employees require manual deprovisioning - a critical security gap in a threat detection platform.
Custom SAML complexity: While SSO is available, it requires custom SAML configuration by Vectra support for each customer. This creates implementation delays and ongoing dependency on vendor support for SSO maintenance.
Additional constraints
Summary of challenges
- Vectra AI does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Vectra AI actually offers for identity
SAML SSO (Custom Integration Required)
Vectra AI supports SAML 2.0 integration with identity providers, but requires custom configuration:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, Entra ID, Google Workspace, custom SAML providers |
| Configuration | Manual SAML setup required |
| User requirement | Manual user provisioning in Vectra AI platform |
Critical limitation: Vectra AI requires entirely manual user management. There's no automated provisioning, deprovisioning, or attribute updates. IT teams must create, modify, and remove user accounts directly in the Vectra AI console.
No Okta or Entra Integration
Unlike most enterprise security platforms, Vectra AI has no published integrations in either the Okta Integration Network (OIN) or Microsoft Entra Gallery:
| Feature | Supported? |
|---|---|
| SAML SSO | ✓ Yes (custom setup) |
| OIDC SSO | ❌ No |
| Create users | ❌ No |
| Update users | ❌ No |
| Deactivate users | ❌ No |
| Group sync | ❌ No |
| Automated provisioning | ❌ No |
The Real Problem
For a cybersecurity platform that organizations rely on for threat detection, the complete lack of user lifecycle automation creates significant operational overhead. Security teams must manually onboard every analyst, update permissions when roles change, and remember to remove access when people leave—exactly the kind of manual processes that introduce security risks.
What IT admins are saying
Vectra AI's lack of automated provisioning creates operational overhead for IT teams:
- Manual user creation required for each new employee
- No automated deprovisioning when users leave the organization
- Inconsistent access management across security tools
- Time-consuming account management for a critical security platform
Having to manually manage users in our NDR platform is problematic from a security perspective - we need automated provisioning for our security tools more than anywhere else.
The irony of having manual user management in a security platform that's supposed to automate threat detection isn't lost on us.
The recurring theme
IT teams expect their security infrastructure to have the most robust identity management capabilities, yet Vectra AI requires manual user provisioning despite being an enterprise security platform with custom pricing.
The decision
| Your Situation | Recommendation |
|---|---|
| Small security team (<10 users) | Manual management is workable given security focus |
| Enterprise with high security turnover | Use Stitchflow: automation essential for rapid onboarding/offboarding |
| Multi-environment deployments (dev/staging/prod) | Use Stitchflow: manual provisioning becomes unmanageable |
| Organizations with strict compliance requirements | Use Stitchflow: automated audit trails required |
| Teams integrating Vectra with broader security stack | Use Stitchflow: consistent provisioning across all security tools |
The bottom line
Vectra AI delivers advanced threat detection capabilities but offers no user provisioning automation—even their custom SAML setup requires manual user management. For security teams that need rapid user lifecycle management and audit compliance, Stitchflow provides the automation that Vectra AI simply doesn't offer.
Make Vectra AI workflows AI-native
Vectra AI has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No SCIM support available
- Manual user provisioning required
- SSO available via custom SAML
Documentation not available.
Unlock SCIM for
Vectra AI
Vectra AI has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
