Summary and recommendation
Whatfix, the digital adoption platform, offers no SCIM provisioning capabilities on any plan, including Enterprise. While Whatfix supports SAML-based SSO through both Okta and Microsoft Entra ID, this only handles authentication—not user lifecycle management. IT administrators must manually provision and deprovision users in Whatfix, creating significant operational overhead for organizations deploying digital adoption experiences across their workforce.
This gap becomes particularly problematic for enterprises using Whatfix to onboard employees or drive software adoption at scale. Without automated provisioning, IT teams face manual account creation, role assignment, and cleanup processes. When employees join, leave, or change roles, their Whatfix access must be managed separately from other business applications, creating compliance risks and administrative burden that scales poorly with organization size.
The strategic alternative
Whatfix has no native SCIM. Automate offboarding, user access reviews, and license workflows across every app, including the ones without APIs. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | No |
| SCIM tier required | N/A |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ❌ | SSO only via SAML |
| Microsoft Entra ID | ✓ | ❌ | SSO via SAML only |
| Google Workspace | Via third-party | ❌ | No native support |
| OneLogin | Via third-party | ❌ | No native support |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Whatfix accounts manually. Here's what that costs:
The Whatfix pricing problem
Whatfix gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | Not disclosed | ||
| Business | Not disclosed | ||
| Enterprise | Custom quote |
Pricing and provisioning availability
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | Not disclosed | ||
| Business | Not disclosed | ||
| Enterprise | Custom quote |
Even Enterprise customers with custom contracts exceeding $50,000+ annually get no automated provisioning options.
What this means in practice
Manual account management at scale: Every user addition, role change, or deactivation requires manual intervention in the Whatfix admin console. For organizations deploying Whatfix across hundreds or thousands of employees, this creates significant administrative overhead.
No automated deprovisioning: When employees leave, their Whatfix accounts remain active until manually disabled. This creates both security risks and unnecessary license costs, particularly problematic given Whatfix's per-user pricing model.
Identity system disconnect: Your IdP becomes a record-keeping system rather than a source of truth. User attributes, department changes, and role modifications don't sync automatically, leading to access governance gaps.
Additional constraints
Summary of challenges
- Whatfix does not provide native SCIM at any price tier
- Organizations must rely on third-party tools or manual provisioning
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What Whatfix actually offers for identity
SAML SSO Only
Whatfix provides basic SAML 2.0 authentication across all plans, but stops there:
| Feature | Available |
|---|---|
| SAML SSO | ✓ Yes |
| User provisioning | ❌ No |
| User deprovisioning | ❌ No |
| Group management | ❌ No |
| Attribute sync | ❌ No |
| SCIM protocol | ❌ No |
IdP Integration Status
Both major identity providers show the same story:
Okta Integration Network:
Microsoft Entra (Azure AD):
The Manual Reality
Without provisioning capabilities, IT teams must:
This creates the exact identity sprawl and security gaps that SCIM is designed to eliminate. Users get federated login, but IT gets stuck with manual account lifecycle management.
What IT admins are saying
Whatfix's lack of automated provisioning creates significant operational overhead for IT teams managing digital adoption platforms:
- Manual user creation required despite SSO being available
- No way to automatically sync user attributes or group memberships
- Deprovisioning requires manual intervention across systems
- Time-intensive onboarding process for new employees accessing training content
Even though we have SSO set up with Whatfix, we still have to manually create every user account before they can access our guided tours and training materials. It defeats the purpose of having identity management.
The lack of SCIM support means we're constantly playing catch-up with user management in Whatfix. When someone changes departments or leaves, we have to remember to update their access manually.
The recurring theme
Whatfix treats user provisioning as a secondary concern, forcing IT teams to maintain dual processes for user lifecycle management even after implementing SSO authentication.
The decision
| Your Situation | Recommendation |
|---|---|
| Small team (<10 users) with low turnover | Manual user management is workable |
| Growing digital adoption team (15+ users) | Use Stitchflow: automation prevents bottlenecks |
| Enterprise with multiple Whatfix instances | Use Stitchflow: automation essential for scale |
| Compliance-focused organization | Use Stitchflow: automated audit trail required |
| High user churn (onboarding/offboarding) | Use Stitchflow: manual processes create security risks |
The bottom line
Whatfix offers powerful digital adoption tools but zero provisioning automation—even with enterprise pricing, you're stuck with manual user management. For organizations that need automated user lifecycle management and proper audit trails, Stitchflow delivers SCIM-level provisioning that Whatfix simply doesn't offer.
Make Whatfix workflows AI-native
Whatfix has no native SCIM. We build complete offboarding, user access reviews, and license workflows across every app, including the ones without APIs.
Technical specifications
SCIM Version
Not specifiedSupported Operations
Not specifiedSupported Attributes
Plan requirement
Not specifiedPrerequisites
Not specifiedKey limitations
- No SCIM support available
- Manual user provisioning required
- SSO available for authentication
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app
Where to enable
Docs
SSO only via SAML
Use Stitchflow for automated provisioning.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app
Where to enable
SSO via SAML only
Use Stitchflow for automated provisioning.
Unlock SCIM for
Whatfix
Whatfix has no native SCIM. We still automate end-to-end workflows across every app, including the ones without APIs.
See how it works
