Summary and recommendation
Wiz supports native SCIM 2.0 provisioning, but only on their Enterprise tier with custom pricing. Teams on lower tiers have no automated provisioning option, forcing IT admins to manually manage user accounts in what's typically a critical security platform. Additionally, SSO must be configured before SCIM can be enabled, adding deployment complexity.
This creates a significant gap for growing security teams. Without automated provisioning, new hires can't immediately access security dashboards and alerts, while departing employees may retain access longer than policy allows. For a security platform that's meant to protect your entire cloud infrastructure, manual user management introduces exactly the kind of access control risks Wiz is designed to prevent.
The strategic alternative
Wiz gates SCIM behind Enterprise. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across the rest of your stack. Stitchflow builds and maintains the IT workflows your team still runs manually, across every app, including the ones without APIs.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ❌ | SSO only |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Wiz accounts manually. Here's what that costs:
The Wiz pricing problem
Wiz gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | N/A | ||
| Business | N/A | ||
| Enterprise | Custom |
Note: Wiz doesn't publish pricing for any tier, but Enterprise represents their highest-cost offering with comprehensive cloud security features bundled alongside SCIM access.
What this means in practice
Without published pricing, organizations face:
Additional constraints
Summary of challenges
- Wiz supports SCIM but only at Enterprise tier (Custom)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Wiz doesn't sell SCIM à la carte. It's bundled with Enterprise features at custom pricing:
Stitchflow Insight
The Enterprise tier is designed for large organizations with complex security operations. If you just need automated user provisioning for your security team, you're paying enterprise rates for capabilities like custom compliance frameworks and dedicated support that smaller teams rarely use. We estimate ~60% of Enterprise features are overkill for teams that simply want to automate Wiz user management.
What IT admins are saying
Community sentiment on Wiz's SCIM availability is mixed, with cost concerns dominating discussions. Common complaints:
- Enterprise-only SCIM forces expensive upgrades for basic provisioning
- Custom pricing model lacks transparency for budget planning
- SSO prerequisite creates unnecessary complexity for some deployments
- Limited provisioning options outside of Okta ecosystem
We wanted to automate user provisioning but hit the Enterprise paywall. For a security tool, they sure make it expensive to implement security best practices.
The lack of SCIM in Azure AD gallery is frustrating. We're an Entra shop and don't want to manage separate provisioning workflows just for Wiz.
The recurring theme
Wiz gates essential identity automation behind enterprise pricing, creating barriers for teams that need cloud security tooling with automated user management but can't justify enterprise costs.
The decision
| Your Situation | Recommendation |
|---|---|
| On Pro/Business tier, need SCIM provisioning | Use Stitchflow: avoid the Enterprise upgrade and custom pricing negotiations |
| Already on Enterprise with SCIM enabled | Use native SCIM: you're paying enterprise prices for the full feature set |
| Using Microsoft Entra ID as your IdP | Use Stitchflow: no native Entra SCIM support in gallery |
| Small security team, infrequent user changes | Manual provisioning may work: but monitor for access governance gaps |
| Need Enterprise security features beyond SCIM | Evaluate Enterprise upgrade: SCIM comes bundled with advanced capabilities |
The bottom line
Wiz gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the Wiz workflow gap
Wiz gates SCIM behind Enterprise, but the bigger issue is the workflow around it. Stitchflow builds and maintains the offboarding, access review, or license workflow underneath.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- Enterprise tier required for SCIM
- SSO must be configured before SCIM
- Custom pricing only
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Docs
Full SCIM 2.0 provisioning support
Wiz gates SCIM behind Enterprise. The upgrade may unlock provisioning, but the workflow still has to complete across the rest of your stack.
Close the workflow gap in
Wiz
Wiz gates SCIM behind Enterprise plan. That can unlock provisioning, but it still does not complete the offboarding, access review, or license workflow across your stack.
Start with the free gap diagnostic
