Stitchflow
Back to directory
Vend logo

Vend SCIM guide

Connector Only

How to automate Vend user provisioning, and what it actually costs

Summary and recommendation

Vend (now Lightspeed Retail X-Series) does not offer SCIM provisioning on any plan. The platform only supports OIDC-based SSO authentication, with no automated user lifecycle management capabilities. This means IT teams must manually create, update, and deactivate user accounts for retail staff—a significant operational burden given the high turnover rates typical in retail environments. While SSO handles authentication for existing users, it doesn't address the core provisioning challenge of managing cashiers, store staff, and managers across multiple locations.

The retail industry's staffing dynamics make this limitation particularly problematic. Stores frequently onboard seasonal workers, transfer employees between locations, and manage role changes from cashier to supervisor. Without automated provisioning, IT teams face constant manual account management requests, creating delays that impact store operations and leaving former employees with lingering system access—a clear security risk in POS environments handling payment data.

The strategic alternative

Vend has no native SCIM. That leaves a workflow gap in offboarding, access reviews, and license cleanup unless your team handles the app another way. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.

Quick SCIM facts

SCIM available?No
SCIM tier requiredN/A
SSO required first?Yes
SSO available?Yes
SSO protocolOIDC
DocumentationNot available

Supported identity providers

IdPSSOSCIMNotes
OktaVia third-partyNo SCIM available
Microsoft Entra IDNo SCIM available
Google WorkspaceVia third-partyNo native support
OneLoginVia third-partyNo native support

The cost of not automating

Without SCIM (or an alternative like Stitchflow), your IT team manages Vend accounts manually. Here's what that costs:

Source: Stitchflow aggregate data across apps with 2+ instances, normalized to 500 employees
Orphaned accounts (ex-employees with access)7
Unused licenses12
IT hours spent on manual management/year101 hours
Unused license cost/year$3,925
IT labor cost/year$6,088
Cost of compliance misses/year$1,741
Total annual financial impact$11,754

The Vend pricing problem

Vend gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.

Tier comparison

PlanPriceSSOSCIM
Lean$79/month
Standard$129/month
Advanced$259/month
EnterpriseCustom quote

Pricing structure

PlanPriceSSOSCIM
Lean$79/month
Standard$129/month
Advanced$259/month
EnterpriseCustom quote

Additional costs

Extra registers
$29/month each
Payment processing
2.4% + $0.10 (card present) or 2.9% + $0.30 (card not present)
Non-Lightspeed payment solutions
$400/month penalty fee

What this means in practice

No automated user lifecycle management: Every new hire, role change, or termination requires manual intervention in the Vend system. For retail operations with high staff turnover, this creates significant administrative overhead.

OIDC-only SSO limitations: Unlike SAML, OIDC provides fewer enterprise controls and may not integrate as seamlessly with all identity providers. The platform offers two modes - "Authentication only" (recommended) or "Access management" - but neither includes automated provisioning.

Additional constraints

Retail-specific complexity
Point-of-sale systems require specific permissions for registers, inventory access, and payment handling that can't be automated through identity providers
Lightspeed migration uncertainty
As Vend transitions to Lightspeed Retail X-Series, documentation and features may change without notice
Manual onboarding bottleneck
New cashiers and store staff can't start work until IT manually creates their accounts, potentially delaying store operations
No group-based access
Role assignments must be configured individually rather than inherited from IdP group memberships

Summary of challenges

  • Vend does not provide native SCIM at any price tier
  • Organizations must rely on third-party tools or manual provisioning
  • Our research shows teams manually provisioning this app spend significant hidden costs annually

What Vend actually offers for identity

OIDC SSO (plan availability unknown)

Vend (now Lightspeed Retail X-Series) supports single sign-on through OpenID Connect:

SettingDetails
ProtocolOIDC only (SAML not supported)
Supported IdPsAny OIDC-compatible provider (Okta, Entra ID, Google Workspace)
Configuration modesAuthentication only (recommended) or Access management
User requirementManual provisioning required

Critical limitation: Vend only supports OIDC authentication - there's no SAML option and no automated provisioning capabilities.

Zero provisioning automation

Vend provides no SCIM endpoint or automated user management:

❌ Create users
All accounts must be manually created in Vend
❌ Update users
Profile changes require manual intervention
❌ Deactivate users
Departing employees must be manually removed
❌ Group management
No role or group sync capabilities

Why this falls short for retail operations

Retail environments have unique provisioning challenges that Vend's manual approach can't address:

High staff turnover
Seasonal workers and frequent hiring/departing require rapid account changes
Multiple locations
Store managers need quick access to add cashiers and staff across locations
Security compliance
Manual deprovisioning creates risk when employees leave

With only OIDC SSO and no provisioning automation, IT teams face the worst of both worlds: they get basic authentication but still handle all user lifecycle management manually.

What IT admins are saying

Vend's transition to Lightspeed Retail X-Series has left IT teams navigating limited identity management options:

  • Manual user provisioning required - no SCIM support means every retail employee must be added individually
  • OIDC-only SSO creates compatibility issues for organizations standardized on SAML workflows
  • Lack of automated deprovisioning poses security risks in high-turnover retail environments
  • Documentation gaps during the Lightspeed rebrand have made implementation challenging

SSO using OIDC only. SAML not supported.

Lightspeed official documentation

Now Lightspeed Retail (X-Series). SSO via OpenID Connect (OIDC), not SAML.

Integration documentation

The recurring theme

Retail businesses with frequent staff changes are stuck with manual user management, creating operational overhead and security gaps when employees can't be automatically deprovisioned from POS systems.

The decision

Your SituationRecommendation
Small retail store (<10 staff)Manual user management is acceptable
Low staff turnover with stable teamManual management with OIDC SSO for authentication
High-turnover retail environment (20+ staff)Use Stitchflow: automation essential for frequent onboarding/offboarding
Multi-location retail chainUse Stitchflow: automation strongly recommended for scale
Enterprise with compliance requirementsUse Stitchflow: automation essential for audit trail and security

The bottom line

Vend has no native SCIM. That means one more workflow gap in offboarding, access reviews, and license cleanup unless your team handles it another way.

Close the Vend workflow gap

Vend is one gap in a broader workflow. Stitchflow builds and maintains the offboarding, access review, or license workflow across every app in your environment.

Across every app in the workflow, including the ones without APIs
Built in less than a week, with roughly 2 hours from your team
You review the exceptions. Stitchflow maintains the workflow underneath
Start with the free gap diagnostic

Technical specifications

SCIM Version

Not specified

Supported Operations

Not specified

Supported Attributes

No public SCIM documentation foundOnly OIDC SSO supported, not SAMLAcquired by Lightspeed - check Lightspeed documentation

Plan requirement

Not specified

Prerequisites

Not specified

Key limitations

  • No public SCIM documentation found
  • Only OIDC SSO supported, not SAML
  • Acquired by Lightspeed - check Lightspeed documentation

Documentation not available.

Configuration for Entra ID

Integration type

Microsoft Entra Gallery app

Prerequisite

SSO must be configured before enabling SCIM.

Where to enable

Entra admin center → Enterprise applications → Vend → Single sign-on

Docs

Microsoft Entra integration

Unknown required for SCIM

Use Stitchflow for automated provisioning.

Close the workflow gap in
Vend

Vend has no native SCIM. That leaves one more workflow gap in offboarding, access reviews, and license cleanup unless your team handles it another way.

Start with the free gap diagnostic
Admin Console
Directory
Applications
Vend logo
Vend
via Stitchflow

Last updated: 2026-01-11

* Pricing and features sourced from public documentation.

Keep exploring

Related apps

6sense logo

6sense

No SCIM

B2B Revenue Intelligence / ABM

ProvisioningNot Supported
Manual Cost$11,754/yr

6sense, the B2B revenue intelligence platform, has paused SCIM provisioning for new customers until Q4 2026. While existing customers with SCIM enabled can continue using it, new implementations are limited to JIT (Just-In-Time) provisioning through SAML SSO. This creates a significant gap for IT teams managing revenue intelligence access, as JIT only creates users on first login and provides minimal attribute mapping (email, first name, last name only). For an enterprise platform with typical pricing of $55,000-$130,000 annually, the absence of automated user lifecycle management is a substantial limitation. The lack of SCIM until Q4 2026 forces IT teams into manual provisioning workflows for a platform handling sensitive revenue data. While SAML SSO handles authentication, it doesn't address user lifecycle events like role changes, department transfers, or offboarding. This creates compliance risks in revenue teams where access to prospect data and sales intelligence must be tightly controlled. The nearly two-year wait for SCIM restoration means organizations implementing 6sense today face manual user management for the foreseeable future.

View full guide
ActiveCampaign logo

ActiveCampaign

No SCIM

Marketing Automation / Email

ProvisioningNot Supported
Manual Cost$11,754/yr

ActiveCampaign, the marketing automation platform, does not offer native SCIM provisioning on any plan. While the Enterprise plan ($145+/month) includes SAML 2.0 SSO with just-in-time (JIT) provisioning, this only creates user accounts on first login—there's no automated deprovisioning when employees leave or change roles. New SSO users are automatically added to a generic "SSO Users" group with configurable permissions, but IT teams have no way to programmatically manage user lifecycles or enforce granular access controls based on department or role changes. This creates a significant gap for marketing teams that need to manage access to customer data and campaign tools. When employees leave the company or change departments, their ActiveCampaign access must be manually revoked, creating compliance risks and potential data exposure. The lack of automated deprovisioning means former employees could theoretically retain access to sensitive marketing data and customer information until someone manually removes them from the platform.

View full guide
Adyen logo

Adyen

No SCIM

Payments / Fintech

ProvisioningNot Supported
Manual Cost$11,754/yr

Adyen offers SCIM 2.0 provisioning, but only through Okta's integration—there's no native SCIM endpoint. This creates a significant vendor lock-in scenario where your provisioning capabilities are entirely dependent on using Okta as your identity provider. Teams using Azure Entra, Google Workspace, or OneLogin are left with manual user management despite Adyen supporting SAML SSO with these platforms. The Okta integration itself requires maintaining a company account (not just a merchant account) and keeping at least one non-SSO admin for troubleshooting, adding operational complexity. For payment platforms handling sensitive financial data, this provisioning gap creates serious compliance risks. Your finance team, payment operations staff, and developers need timely access to process transactions and manage risk controls, but without automated provisioning, you're stuck with manual onboarding that can delay critical payment operations. The requirement to maintain non-SSO admin accounts also creates a security backdoor that compliance auditors will flag.

View full guide