System for Cross-domain Identity Management
Enterprise SCIM, simplified
Automatically sync user and role changes across Okta, Microsoft Entra, and all major corporate directory providers—no custom code required.
Directory sync made easy
One integration, one sprint
Stytch SCIM fits into your app and existing auth infrastructure with simple API calls and webhooks for real-time updates
Change one, change all
All changes made in your customer's HRIS or corporate directory provider are automatically propagated to your app and services
Enterprise-grade security
Compliance your customers expect, built in — SOC 2, ISO 27001, HIPAA, GDPR, and more
Synchronize member and group actions
Automatically sync the actions from your customer's HRIS to the rest of your services.
Syncs provisioning, updating and removal of members and creation, deletion and management of groups
Reduces the busywork for your IT admins, automating all changes across multiple platforms
Eliminates edge-cases of missed changes with programatic actions
Self-serve UI for SCIM configuration
Free up engineering resources by letting your customers handle their own SCIM onboarding and ongoing configuration. They can create and modify their SCIM connection, as well as rotate tokens — all from a dashboard right inside your app.
Automated actions, no middleware required
Unlike other SCIM solutions, Stytch can automatically manage the creation, updates, and deletion of members and groups when used with the broader Stytch auth platform.
Provides database record updates and webhook payloads
Handles session revocation, RBAC changes and more
No extra logic to build or maintain
User data that's always up-to-date
Instant sync with customer IdPs: Changes to users and groups are immediately reflected through automated syncing
Built-in reliability: Database records, sessions, and tokens update automatically, with webhook retries and exponential backoff handling
Ordering-safe updates: Poll Stytch anytime to guarantee up-to-date data even if webhook delivery is delayed or out of order
Before, we either had to build every admin component from scratch or delegate admin access to our auth vendor's dashboard for each customer. Stytch's Admin Portal has been a god send. Customers can self-serve everything from member invites to features like SSO and SCIM.
Before, we either had to build every admin component from scratch or delegate admin access to our auth vendor's dashboard for each customer. Stytch's Admin Portal has been a god send. Customers can self-serve everything from member invites to features like SSO and SCIM.
Transparent pricing
No price hikes, feature gating, or hidden fees. Pricing scales predictably with each additional SCIM connection added.
SCIM/SSO connections
5 connections: free
6-10 connections: $125 per connection / month
FAQ
SCIM libraries simplify parsing requests. However, you still need to develop the APIs to specification and manage the core provisioning, deprovisioning, and role assignment logic – which constitutes the majority of the work required for SCIM integration.
Stytch handles all of this for you, delivering the following capabilities out-of-the-box:
1. Built-in IdP compatibility: Handles SCIM nuances for Okta, Azure AD, OneLogin, and more so that you don't need to write custom logic for each IdP.
2. Pre-validated schema + filtering support: Automatically supports SCIM filtering, PATCH ops, and schema extensions that many libraries don’t fully implement.
3. Webhooks for downstream syncing: Sends webhook events after SCIM updates you can use to keep your entire platform in sync, not just those with direct access.
4. Full CRUD support with automation: Stytch executes SCIM actions (create/update/delete) directly, instead of requiring middleware built to act upon the signals.
5. Drop-in admin UI: Stytch’s Admin Portal offers a fully managed frontend for your customers to configure SCIM themselves, saving you engineering time on a UI and customer support energy configuring it in the backend.
6. Production-hardened edge cases: Handles race conditions, stale tokens, and SCIM pagination/polling issues that happen in real-world enterprise IdPs.