Summary and recommendation
Splunk On-Call (formerly VictorOps) offers limited SCIM provisioning exclusively on Enterprise plans, but with significant restrictions that make it impractical for most IT teams. While the integration can create and deactivate users through Okta, it cannot update user profiles or attributes—meaning any changes to names, contact information, or roles in your IdP won't sync to On-Call. Worse, the SCIM setup requires opening a support ticket rather than self-service configuration, and deprovisioning permanently deletes critical incident response data including contact methods and escalation policy assignments.
This creates a dangerous gap for incident management teams. On-call rotations depend on accurate, up-to-date contact information and team assignments. When profile updates don't sync automatically, engineers may miss critical alerts due to outdated phone numbers or email addresses. The permanent data deletion during deprovisioning means you lose historical escalation patterns and must manually rebuild contact methods if someone rejoins the team—exactly the opposite of what you need during high-pressure incident scenarios.
The strategic alternative
VictorOps has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | No SCIM available |
| Microsoft Entra ID | ✓ | ❌ | No SCIM available |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages VictorOps accounts manually. Here's what that costs:
The VictorOps pricing problem
VictorOps gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Starter | $5/user/month (add-on to Splunk Observability Cloud) | ||
| Enterprise | Custom quote (part of Splunk Observability Cloud) | ⚠️ Limited |
Pricing structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Starter | $5/user/month (add-on to Splunk Observability Cloud) | ||
| Enterprise | Custom quote (part of Splunk Observability Cloud) | ⚠️ Limited |
The real cost: Splunk Observability Cloud starts at $95/host/month for Standard tier, plus the On-Call add-on. For a 50-person DevOps team, you're looking at $4,750+ monthly base cost before getting any provisioning capabilities.
What this means in practice
Even with Enterprise pricing, Splunk On-Call's SCIM implementation is fundamentally broken for real-world use:
For incident management tools, accurate user data is mission-critical. On-call rotations depend on current contact information and role assignments.
Additional constraints
Summary of challenges
- VictorOps does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What VictorOps actually offers for identity
SAML SSO (Enterprise tier)
Splunk On-Call supports SAML 2.0 integration with identity providers:
| Setting | Details |
|---|---|
| Protocol | SAML 2.0 |
| Supported IdPs | Okta, Entra ID, OneLogin, custom SAML providers |
| Configuration | Manual setup via support team |
| ACS URL | https://sso.victorops.com/sp/ACS.saml2 |
| User requirement | Manual account creation required |
SCIM Provisioning (Enterprise tier - Beta)
The SCIM integration is extremely limited and still in beta:
| Feature | Supported? |
|---|---|
| Create users | ✓ Yes |
| Update user profiles | ❌ No |
| Deactivate users | ✓ Yes (with permanent data loss) |
| Group provisioning | ❌ No |
| Self-service setup | ❌ No (requires support ticket) |
Critical limitations:
What you're actually paying for
The Enterprise tier bundles SCIM with Splunk's full Observability Cloud platform ($95/host/month minimum), plus the On-Call add-on starting at $5/user/month.
Reality check: 90% of teams using VictorOps for incident management don't need the entire Splunk Observability suite. You're paying enterprise prices for a beta SCIM implementation that can't even update user profiles - a basic requirement for maintaining accurate on-call schedules.
What IT admins are saying
VictorOps's limited SCIM implementation creates ongoing maintenance headaches for IT teams managing incident response:
- Profile updates in identity providers don't sync to VictorOps - requiring manual updates
- Deprovisioning permanently deletes contact methods and removes users from on-call schedules
- SCIM setup requires opening support tickets instead of self-service configuration
- Previously deprovisioned users lose all attributes when reassigned
Cannot update user profiles via SCIM
Must delete and recreate user to update attributes
SCIM setup requires support ticket - not self-service
The recurring theme
Even with SCIM enabled, IT teams must manually maintain user profiles and carefully manage deprovisioning to avoid breaking on-call rotations. The inability to update user attributes means constant manual intervention for something as simple as a phone number change.
The decision
| Your Situation | Recommendation |
|---|---|
| Small on-call team (<10 engineers) | Manual management is workable for now |
| Using Okta with basic user sync needs | Try native SCIM first, but prepare for limitations |
| Need profile updates to sync automatically | Use Stitchflow: native SCIM can't update user attributes |
| Enterprise with strict deprovisioning requirements | Use Stitchflow: avoid data loss from permanent deletions |
| Complex on-call rotations requiring accurate contact info | Use Stitchflow: automation essential for incident response |
The bottom line
Splunk On-Call's native SCIM is severely limited—it can't update user profiles and permanently deletes critical data during deprovisioning. For incident management teams that need reliable, up-to-date user information for on-call schedules, Stitchflow provides the automation capabilities that native SCIM simply can't deliver.
Make VictorOps workflows AI-native
VictorOps has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Not specifiedPlan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- SCIM setup requires support ticket - not self-service
- Profile updates in Okta NOT reflected in Splunk On-Call
- Deprovisioning permanently deletes contact methods and push registrations
- Removes user from Escalation Policies and Scheduled Overrides
- Reassigning previously deprovisioned user does not recover attributes
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Enterprise required for SCIM
Use Stitchflow for automated provisioning.
Unlock SCIM for
VictorOps
VictorOps has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
