System for Cross-domain Identity Management

Enterprise SCIM, simplified

Automatically sync user and role changes across Okta, Microsoft Entra, and all major corporate directory providers—no custom code required.

Stytch SCIM
Stytch SCIM

Directory sync made easy

SCIM Flow
SCIM Flow

One integration, one sprint

Stytch SCIM fits into your app and existing auth infrastructure with simple API calls and webhooks for real-time updates

Change one, change all

All changes made in your customer's HRIS or corporate directory provider are automatically propagated to your app and services

Enterprise-grade security

Compliance your customers expect, built in — SOC 2, ISO 27001, HIPAA, GDPR, and more

Synchronize member and group actions

Automatically sync the actions from your customer's HRIS to the rest of your services.

Syncs provisioning, updating and removal of members and creation, deletion and management of groups

Reduces the busywork for your IT admins, automating all changes across multiple platforms

Eliminates edge-cases of missed changes with programatic actions

SCIM actions
SCIM self serve UI

Self-serve UI for SCIM configuration

Free up engineering resources by letting your customers handle their own SCIM onboarding and ongoing configuration. They can create and modify their SCIM connection, as well as rotate tokens — all from a dashboard right inside your app.

Automated actions, no middleware required

Unlike other SCIM solutions, Stytch can automatically manage the creation, updates, and deletion of members and groups when used with the broader Stytch auth platform.

Provides database record updates and webhook payloads

Handles session revocation, RBAC changes and more

No extra logic to build or maintain

SCIM process
SCIM user data diagram

User data that's always up-to-date

Instant sync with customer IdPs: Changes to users and groups are immediately reflected through automated syncing

Built-in reliability: Database records, sessions, and tokens update automatically, with webhook retries and exponential backoff handling

Ordering-safe updates: Poll Stytch anytime to guarantee up-to-date data even if webhook delivery is delayed or out of order

Before, we either had to build every admin component from scratch or delegate admin access to our auth vendor's dashboard for each customer. Stytch's Admin Portal has been a god send. Customers can self-serve everything from member invites to features like SSO and SCIM.

Descript

Before, we either had to build every admin component from scratch or delegate admin access to our auth vendor's dashboard for each customer. Stytch's Admin Portal has been a god send. Customers can self-serve everything from member invites to features like SSO and SCIM.

Descript
Sarah Moliner-Roy
Engineering Manager

Transparent pricing

No price hikes, feature gating, or hidden fees. Pricing scales predictably with each additional SCIM connection added.

SCIM/SSO connections

5 connections: free

6-10 connections: $125 per connection / month

FAQ

SCIM libraries simplify parsing requests. However, you still need to develop the APIs to specification and manage the core provisioning, deprovisioning, and role assignment logic – which constitutes the majority of the work required for SCIM integration.

Stytch handles all of this for you, delivering the following capabilities out-of-the-box:

1. Built-in IdP compatibility: Handles SCIM nuances for Okta, Azure AD, OneLogin, and more so that you don't need to write custom logic for each IdP.

2. Pre-validated schema + filtering support: Automatically supports SCIM filtering, PATCH ops, and schema extensions that many libraries don’t fully implement.

3. Webhooks for downstream syncing: Sends webhook events after SCIM updates you can use to keep your entire platform in sync, not just those with direct access.

4. Full CRUD support with automation: Stytch executes SCIM actions (create/update/delete) directly, instead of requiring middleware built to act upon the signals.

5. Drop-in admin UI: Stytch’s Admin Portal offers a fully managed frontend for your customers to configure SCIM themselves, saving you engineering time on a UI and customer support energy configuring it in the backend.

6. Production-hardened edge cases: Handles race conditions, stale tokens, and SCIM pagination/polling issues that happen in real-world enterprise IdPs.