Summary and recommendation
Laika user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Laika - now fully rebranded as Thoropass - is a compliance automation platform covering SOC 2, ISO 27001, HIPAA, HITRUST, and related frameworks. It pairs software with in-house auditors, positioning itself as an end-to-end solution rather than a standalone tool.
User management inside the platform is not automated: there is no native SCIM provisioning on any plan tier, so every app in your joiner/mover/leaver workflow that touches Thoropass must be handled manually or delegated to an upstream identity provider.
Quick facts
| Admin console path | Thoropass / Laika workspace settings and team-management area inside the customer portal; exact public navigation is help-center gated |
| Admin console URL | Official docs |
| SCIM available | No |
| SCIM tier required | Enterprise |
| SSO prerequisite | No |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Admin | Administrative users manage compliance program settings, team access, evidence requests, integrations, and auditor coordination inside the Thoropass workspace. | Customer platform access | No public admin-seat price documented. | The Thoropass rebrand means some legacy Laika references may not match current admin labels. | |
| Contributor / team member | Contributors upload evidence, respond to requests, and participate in compliance workflows assigned to them. | Granular admin and account-wide configuration permissions are not publicly documented for non-admin users. | Customer platform access | No public admin-seat price documented. | Exact role names and permission boundaries are not publicly accessible without a customer login. |
Permission model
- Model type: role-based
- Description: Thoropass / Laika uses a role-based workspace model for admins and contributing team members, but the public help center does not expose a complete role matrix.
- Custom roles: Unknown
- Custom roles plan: Not documented
- Granularity: Role-level access to compliance workflows and evidence tasks; finer permission detail is not publicly documented.
How to add users
- Sign in to the Thoropass workspace with administrative access.
- Open the team or user-management area in the customer portal.
- Invite the new user with their work email address and assign the appropriate access level for the compliance program.
- If SSO is enabled with Okta or Entra ID, confirm the user is also assigned in the IdP before first login.
- Verify the user can access only the evidence requests, tasks, and frameworks required for their role.
Required fields: Work email address, Role or access level
Watch out for:
- No SCIM provisioning is documented, so user lifecycle management remains manual even when SSO is enabled.
- Public admin help articles are login-gated, which limits pre-purchase verification of the exact invite flow.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Unknown | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Enterprise |
How to remove or deactivate users
- Can delete users: Unknown
- Delete/deactivate behavior: Not documented
- Open the departing user's record from the Thoropass team-management area.
- Deactivate the user or revoke their access to the workspace.
- If SSO is enabled, remove the user from the Okta or Entra ID assignment as part of the same offboarding workflow.
- Review any open evidence requests or compliance tasks assigned to the user and reassign them before final removal.
| Data impact | Behavior |
|---|---|
| Owned records | Not documented |
| Shared content | Not documented |
| Integrations | Not documented |
| License freed | Not documented |
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Standard platform access | Core compliance workspace access, evidence collection, and control-management workflows. | Custom pricing; public estimates start around $8,700/year. |
| Platform access with audit package | Compliance workspace plus bundled SOC 2 audit or broader compliance services depending on contract. | Custom pricing; public estimates around $14,500/year and up. |
- Where to check usage: Not documented
- How to identify unused seats: Not documented
- Billing notes: Custom pricing; approximate base ~$8,700/year (Standard), ~$14,500/year (with SOC 2 audit), Enterprise tier custom. Rebranded to Thoropass. Seat-level billing details not publicly documented.
The cost of manual management
Without SCIM, onboarding and offboarding Thoropass users requires direct admin action inside the platform for every personnel change. Thoropass supports just-in-time provisioning via SSO (Okta and Microsoft Entra ID are both documented), meaning a user account is created on first authenticated login - but deprovisioning is not mirrored automatically back from the IdP.
Seat-level billing details are not publicly documented, so the cost of stale or over-provisioned accounts cannot be estimated without a vendor conversation. Admins should treat Thoropass as a manually-managed seat until SCIM support is confirmed in writing from the vendor.
What IT admins are saying
Public documentation on user roles, permissions, and admin workflows sits behind a Thoropass account login, making pre-purchase evaluation of user management capabilities difficult.
The platform rebrand from Laika to Thoropass has produced fragmented third-party documentation; any non-official source referencing "Laika" admin workflows should be treated as potentially outdated.
Community reviewers note the UI can feel cluttered when managing many controls or contributors, which compounds the friction of manual user administration at scale.
Common complaints:
- Public documentation on user roles, permissions, and admin workflows is not accessible without a Thoropass account login, making pre-purchase evaluation of user management capabilities difficult.
- No SCIM provisioning is available regardless of plan tier, meaning user lifecycle management must be handled manually or via SSO-only integrations (Okta, Entra ID supported).
- The platform rebrand from Laika to Thoropass has resulted in fragmented or outdated third-party documentation, reducing the reliability of any non-official sources.
The decision
Thoropass is a strong fit for teams that need bundled compliance automation and audit services across multiple frameworks and are comfortable managing user lifecycle through their IdP (Okta or Entra ID) rather than via SCIM.
It is a poor fit for IT or security ops teams that require automated provisioning and deprovisioning as a hard requirement - no roadmap for native SCIM has been publicly disclosed.
If your organization already runs Okta or Entra ID, configuring SSO with just-in-time provisioning is the most practical path to reducing manual overhead, with the explicit caveat that offboarding still requires a manual step inside Thoropass or IdP-side session termination.
Bottom line
Thoropass (formerly Laika) delivers genuine value as a compliance automation and audit platform, but its user lifecycle story is underdeveloped relative to peers: no SCIM, no public API for provisioning, and admin documentation locked behind a login wall.
Every app in a mature IT environment benefits from automated provisioning; Thoropass currently cannot participate in that automation natively. Teams should plan for manual offboarding steps and validate seat-level billing exposure directly with the vendor before scaling headcount on the platform.
Automate Laika workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
