Summary and recommendation
Workiva supports native SCIM 2.0 provisioning, but only on Enterprise plans with custom pricing averaging $36K-$156K per year. The implementation requires specific technical setup: a dedicated SCIM API user with admin roles, and for Azure Entra users, manual configuration of a custom enterprise app since the gallery app doesn't support provisioning. This creates a significant barrier for organizations on lower-tier plans who need automated user management.
For mid-market companies, this pricing structure creates a tough choice: either manually manage Workiva user accounts (risking compliance gaps and security vulnerabilities) or commit to Enterprise-level spend that may far exceed their actual feature needs. Manual provisioning in financial compliance tools like Workiva is particularly problematic since user access directly impacts audit trails and SOX compliance requirements.
The strategic alternative
Workiva gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | No |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Not available |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages Workiva accounts manually. Here's what that costs:
The Workiva pricing problem
Workiva gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Pro | N/A | ||
| Business | N/A | ||
| Enterprise | Custom (~$36K-$156K/year avg) |
Plan Structure
| Plan | Price | SCIM |
|---|---|---|
| Pro | N/A | ❌ |
| Business | N/A | ❌ |
| Enterprise | Custom (~$36K-$156K/year avg) | ✓ |
What this means in practice
Workiva's custom Enterprise pricing makes it difficult to calculate exact upgrade costs, but based on reported averages:
The pricing gap between Business and Enterprise tiers is substantial, often representing a 3-5x cost increase purely to unlock automated provisioning.
Additional constraints
Summary of challenges
- Workiva supports SCIM but only at Enterprise tier (Custom (~$36K-$156K/year avg))
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
Workiva doesn't sell SCIM separately. It's bundled with Enterprise plan features starting at ~$36K annually:
The catch? Azure Entra users need custom enterprise app setup since Workiva's gallery app doesn't support provisioning. You're also locked into SCIM 2.0 only—no flexibility for legacy systems.
Stitchflow Insight
If you need enterprise-grade financial reporting controls anyway, the upgrade makes sense. If you just want automated user provisioning for a finance team, you're paying for executive dashboards, compliance features, and premium support you'll likely never use. We estimate ~60% of Enterprise features are irrelevant for teams that only need SCIM provisioning.
What IT admins are saying
Community sentiment on Workiva's SCIM implementation reveals significant deployment challenges. Common complaints:
- Enterprise-only pricing that excludes mid-market teams from automated provisioning
- Complex setup requirements with dedicated SCIM API users and specific admin roles
- Azure Entra complications requiring custom enterprise app configuration instead of the gallery app
- High barrier to entry with custom pricing averaging $36K-$156K annually
The Azure gallery app doesn't support SCIM provisioning - you have to create a custom enterprise application and configure everything manually. Not exactly the seamless experience we expected from a major finance platform.
Workiva's SCIM requires a dedicated API user with very specific admin permissions. One misconfiguration and your entire provisioning stops working. The documentation helps but it's still a complex setup.
The recurring theme
Workiva's SCIM is technically solid but locked behind expensive Enterprise tiers and requires significant technical expertise to deploy correctly.
The decision
| Your Situation | Recommendation |
|---|---|
| On Pro/Business, need SCIM | Use Stitchflow: avoid the Enterprise upgrade premium |
| Already on Enterprise with SCIM | Use native SCIM: you're paying $36K-156K/year for it |
| Using Azure Entra ID | Use Stitchflow: simpler than custom app setup |
| Need Enterprise features beyond SCIM | Evaluate Enterprise: SCIM comes bundled with other capabilities |
| Small team, low user churn | Manual may work: but watch for compliance gaps |
The bottom line
Workiva gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Make Workiva workflows AI-native
Workiva gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
None
Key limitations
- SCIM 2.0 only - older SCIM versions not supported
- Requires dedicated SCIM API user with specific admin roles
- SAML SSO recommended alongside SCIM for full security
- Azure Entra requires custom app setup - gallery app doesn't support provisioning
Documentation not available.
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Docs
Official Okta integration supports SSO and SCIM provisioning
Workiva gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Workiva gallery app doesn't support SCIM - requires custom enterprise app setup for SCIM provisioning
Workiva gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
Workiva
Workiva gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
