Summary and recommendation
xMatters supports SCIM 2.0 for automated user provisioning, but only on Enterprise plans with custom pricing. The SCIM implementation has notable technical quirks: tokens for Entra ID aren't refreshable (creating ongoing maintenance overhead), SCIM endpoints must end in 'tokens' with an 's' (easy to misconfigure), and native login requires special role assignment after SSO is enabled.
For incident management platforms like xMatters, provisioning accuracy is critical—outdated contact information or missing user accounts can delay incident response when every minute counts. The Enterprise pricing requirement means most teams face a significant cost barrier to access automated provisioning, leaving them with manual user management that's both time-intensive and error-prone during critical incidents.
The strategic alternative
xMatters gates SCIM behind Enterprise. Skip the Enterprise plan upgrade and automate complete outcomes across your stack. We maintain the integration layer underneath. You focus on judgment, not plumbing.
Quick SCIM facts
| SCIM available? | Yes |
| SCIM tier required | Enterprise |
| SSO required first? | Yes |
| SSO available? | Yes |
| SSO protocol | SAML 2.0 |
| Documentation | Official docs |
Supported identity providers
| IdP | SSO | SCIM | Notes |
|---|---|---|---|
| Okta | ✓ | ✓ | OIN app with full provisioning |
| Microsoft Entra ID | ✓ | ✓ | Gallery app with SCIM |
| Google Workspace | ✓ | JIT only | SAML SSO with just-in-time provisioning |
| OneLogin | ✓ | ✓ | Supported |
The cost of not automating
Without SCIM (or an alternative like Stitchflow), your IT team manages xMatters accounts manually. Here's what that costs:
The xMatters pricing problem
xMatters gates SCIM provisioning behind premium plans, forcing significant cost increases for basic user management.
Tier comparison
| Plan | Price | SSO | SCIM |
|---|---|---|---|
| Starter | $16/user/mo | ||
| Base | $39/user/mo | ||
| Advanced | $59/user/mo | ||
| Enterprise | Custom pricing |
Plan Structure
| Plan | Price | SCIM |
|---|---|---|
| Starter | $16/user/mo | ❌ |
| Base | $39/user/mo | ❌ |
| Advanced | $59/user/mo | ❌ |
| Enterprise | Custom pricing | ✓ |
Note: xMatters provides full SCIM 2.0 support in Enterprise, including user lifecycle management and group provisioning with OAuth authentication.
What this means in practice
Without published Enterprise pricing, organizations must:
For incident management platforms, this pricing model is particularly problematic because accurate user provisioning directly impacts service reliability - you can't afford to have outdated on-call rosters during critical incidents.
Additional constraints
Summary of challenges
- xMatters supports SCIM but only at Enterprise tier (custom pricing)
- Google Workspace users get JIT provisioning only, not full SCIM
- Our research shows teams manually provisioning this app spend significant hidden costs annually
What the upgrade actually includes
xMatters doesn't sell SCIM standalone. It requires their Enterprise plan, which bundles SCIM with incident management features:
The pricing jump is significant—from $59/user/month (Advanced) to custom Enterprise pricing that typically starts around $100+/user/month for full SCIM access.
Stitchflow Insight
If you're already using xMatters for incident response, the Enterprise upgrade makes sense. But if you just need SCIM for basic user provisioning, you're paying enterprise prices for incident management capabilities you may not need. We estimate ~80% of Enterprise features are specific to on-call operations and service reliability workflows.
What IT admins are saying
Community sentiment on xMatters's SCIM implementation reveals specific technical frustrations despite strong feature support. Common complaints:
- Non-refreshable SCIM tokens in Entra ID requiring manual rotation
- Confusing endpoint naming requirements (must end with 'tokens' plural)
- Enterprise-only pricing barrier for smaller DevOps teams
- Complex role requirements just to configure SSO and provisioning
The SCIM token issue with Azure AD is a real pain point - you have to manually regenerate tokens instead of them refreshing automatically like other apps.
Love the incident management features, but why do I need Company Supervisor role just to set up SSO? Makes delegation impossible.
The recurring theme
xMatters delivers robust SCIM functionality but creates operational overhead through token management issues and restrictive role requirements that complicate enterprise deployments.
The decision
| Your Situation | Recommendation |
|---|---|
| On Starter ($16/user), need SCIM | Use Stitchflow: avoid the Enterprise upgrade entirely |
| Evaluating xMatters but Enterprise pricing is prohibitive | Use Stitchflow: get provisioning automation at any tier |
| Already on Enterprise with SCIM | Use native SCIM: you're paying for it |
| Using Entra ID and need reliable token management | Use Stitchflow: avoid the non-refreshable token limitation |
| Small on-call team, infrequent user changes | Manual may work: but monitor for stale contact data during incidents |
The bottom line
xMatters requires Enterprise pricing for SCIM, creating a significant cost barrier from their $16/user Starter plan. For teams that need reliable user provisioning for incident response without the Enterprise upgrade, Stitchflow delivers the automation at a fraction of the cost.
Make xMatters workflows AI-native
xMatters gates SCIM behind Enterprise. We build complete offboarding, user access reviews, and license workflows without that SCIM Tax upgrade.
Technical specifications
SCIM Version
2.0
Supported Operations
Create, Update, Deactivate, Groups
Supported Attributes
Not specifiedPlan requirement
Enterprise
Prerequisites
SSO must be configured first
Key limitations
- SCIM tokens for Entra are not refreshable
- SCIM endpoint must end in 'tokens' (with s)
- Native login requires special role after SSO enabled
Configuration for Okta
Integration type
Okta Integration Network (OIN) app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
SCIM endpoint URL and bearer token (generated in app admin console).
Configuration steps
Enable Create Users, Update User Attributes, and Deactivate Users.
Provisioning trigger
Okta provisions based on app assignments (users or groups).
Full SCIM 2.0 support. Uses SCIM 2.0 Test App (Basic Auth) template. Supports user and group sync.
xMatters gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Configuration for Entra ID
Integration type
Microsoft Entra Gallery app with SCIM provisioning
Prerequisite
SSO must be configured before enabling SCIM.
Where to enable
Required credentials
Tenant URL (SCIM endpoint) and Secret token (bearer token from app admin console).
Configuration steps
Set Provisioning Mode = Automatic, configure SCIM connection.
Provisioning trigger
Entra provisions based on user/group assignments to the enterprise app.
Sync behavior
Entra provisioning runs on a scheduled cycle (typically every 40 minutes).
Non-gallery app setup required. Sync every 40 minutes. Some attributes need manual creation.
xMatters gates SCIM behind Enterprise. Stitchflow automates complete workflows without that SCIM Tax upgrade.
Unlock SCIM for
xMatters
xMatters gates SCIM behind Enterprise plan. We automate complete offboarding and access reviews across your stack without that SCIM Tax upgrade.
See how it works
