Summary and recommendation
Wiz supports native SCIM 2.0 provisioning, but only on their Enterprise tier with custom pricing. Teams on lower tiers have no automated provisioning option, forcing IT admins to manually manage user accounts in what's typically a critical security platform. Additionally, SSO must be configured before SCIM can be enabled, adding deployment complexity.
This creates a significant gap for growing security teams. Without automated provisioning, new hires can't immediately access security dashboards and alerts, while departing employees may retain access longer than policy allows. For a security platform that's meant to protect your entire cloud infrastructure, manual user management introduces exactly the kind of access control risks Wiz is designed to prevent.
The strategic alternative
Wiz gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ❌ | SSO only |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Wiz accounts manually. Here's what that costs:
The Wiz pricing problem
Wiz gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Plan Structure
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | N/A | ||
| Business | N/A | ||
| Enterprise | Custom |
Note: Wiz doesn't publish pricing for any tier, but Enterprise represents their highest-cost offering with comprehensive cloud security features bundled alongside SCIM access.
What this means in practice
Without published pricing, organizations face:
Additional constraints
Summary of challenges
- Wiz supports SCIM but only at Enterprise tier (Custom)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Wiz doesn't sell SCIM à la carte. It's bundled with Enterprise features at custom pricing:
Stitchflow Insight
The Enterprise tier is designed for large organizations with complex security operations. If you just need automated user provisioning for your security team, you're paying enterprise rates for capabilities like custom compliance frameworks and dedicated support that smaller teams rarely use. We estimate ~60% of Enterprise features are overkill for teams that simply want to automate Wiz user management.
What IT admins are saying
Community sentiment on Wiz's SCIM availability is mixed, with cost concerns dominating discussions. Common complaints:
- Enterprise-only SCIM forces expensive upgrades for basic provisioning
- Custom pricing model lacks transparency for budget planning
- SSO prerequisite creates unnecessary complexity for some deployments
- Limited provisioning options outside of Okta ecosystem
We wanted to automate user provisioning but hit the Enterprise paywall. For a security tool, they sure make it expensive to implement security best practices.
The lack of SCIM in Azure AD gallery is frustrating. We're an Entra shop and don't want to manage separate provisioning workflows just for Wiz.
The recurring theme
Wiz gates essential identity automation behind enterprise pricing, creating barriers for teams that need cloud security tooling with automated user management but can't justify enterprise costs.
The decision
| Your Situation | Recommendation |
|---|---|
| On Pro/Business tier, need SCIM provisioning | Use Stitchflow: avoid the Enterprise upgrade and custom pricing negotiations |
| Already on Enterprise with SCIM enabled | Use native SCIM: you're paying enterprise prices for the full feature set |
| Using Microsoft Entra ID as your IdP | Use Stitchflow: no native Entra SCIM support in gallery |
| Small security team, infrequent user changes | Manual provisioning may work: but monitor for access governance gaps |
| Need Enterprise security features beyond SCIM | Evaluate Enterprise upgrade: SCIM comes bundled with advanced capabilities |
The bottom line
Wiz restricts SCIM to Enterprise tier with custom pricing, creating a significant barrier for smaller security teams that need automated provisioning. For organizations on Pro or Business plans, or those using Entra ID, Stitchflow delivers SCIM-level provisioning without the enterprise upgrade or pricing negotiations.
Make Wiz workflows AI-native
Wiz gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- Enterprise tier required for SCIM
- SSO must be configured before SCIM
- Custom pricing only
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Docs
Full SCIM 2.0 provisioning support
Wiz gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Wiz
Wiz gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
