Summary and recommendation
Balsamiq Cloud has no publicly documented REST API for user management, no SCIM endpoint on any plan, and no webhook system. The Enterprise plan ($599/month for up to 400 projects) includes SAML SSO via Okta or Entra ID, but that integration is scoped to authentication only - no provisioning or deprovisioning sync is supported natively.
There is no programmatic way to invite, list, or remove users outside the web UI.
API quick reference
| Has user API | No |
| SCIM available | No |
| SCIM plan required | Not available on any plan |
Authentication
Auth method: Not documented
User object / data model
User object field mapping is not yet verified for this app.
Core endpoints
Endpoint coverage is not yet verified for this app.
Rate limits, pagination, and events
Rate limits: Not documented
Rate-limit headers: No
Retry-After header: No
Rate-limit notes: Not documented
Pagination method: none
Default page size: 0
Max page size: 0
Pagination pointer: Not documented
Webhooks available: No
Webhook notes: No webhook system is documented in official Balsamiq sources.
Alternative event strategy: No programmatic alternative documented; user management is performed manually through the Balsamiq Cloud web UI.
SCIM API status
- SCIM available: No
- SCIM version: Not documented
- Plan required: Not available on any plan
- Endpoint: Not documented
Limitations:
- Balsamiq does not offer a native SCIM endpoint on any current plan.
- Enterprise plan includes SAML SSO (via Okta or Entra ID) but no SCIM provisioning.
- User provisioning and deprovisioning must be done manually through the web UI.
Common scenarios
Because Balsamiq exposes no user management API, there are no supported automation scenarios for provisioning or deprovisioning.
Okta and Entra ID can be configured as SAML identity providers for SSO, enabling JIT user creation on first login, but neither integration supports lifecycle management beyond that initial authentication event.
Any tooling that needs to enumerate Space members, enforce access policies, or trigger removals must do so through the web UI manually.
Scenario implementations are not yet verified for this app.
Why building this yourself is a trap
Teams evaluating API-based identity automation should treat Balsamiq as a fully manual integration target. An MCP server with ~100 deep IT/identity integrations can orchestrate provisioning across your broader app stack, but Balsamiq cannot participate in that automation layer - it has no inbound API surface to target.
The practical implication: Balsamiq user lifecycle must be handled as an out-of-band manual process, tracked separately from any automated joiner-mover-leaver workflows, with explicit runbook steps for Space Owner succession to avoid permanent access loss.
Automate Balsamiq workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
