Summary and recommendation
Arctic Wolf user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Arctic Wolf is a managed detection and response (MDR) platform with custom enterprise pricing.
Based on available research, Arctic Wolf does not support SCIM provisioning, and no public documentation exists for automated user lifecycle management via an IdP connector.
Like every app that lacks a provisioning integration, all user and access management appears to be handled through the Arctic Wolf Portal UI.
Quick facts
| Admin console path | Portal / Administration > Users (exact labels vary by Arctic Wolf portal module) |
| SCIM available | No |
| SCIM tier required | N/A |
| SSO prerequisite | No |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Administrator | Can manage portal settings, integrations, and user access. | Cannot extend access beyond the portal modules and services licensed for the customer tenant. | Public docs do not fully enumerate all portal role variants. | ||
| Portal User | Can access incidents, reports, and workflows made available to their role. | May not be able to change tenant settings or manage other users. | Permissions can vary across Arctic Wolf services and modules. |
Permission model
- Model type: role-based
- Description: Arctic Wolf appears to use role-based access for its customer portal, but the detailed permission matrix is not publicly documented in full.
- Custom roles: Unknown
- Custom roles plan: Not documented
- Granularity: Expect tenant administration to be separated from general portal user access, with service-specific differences.
How to add users
- Log in to the Arctic Wolf portal as an administrator.
- Open the administration area and navigate to users.
- Choose the add or invite user action.
- Enter the user's email or login details and assign the appropriate role.
- Save the user and complete any SSO or activation steps required by the portal.
Required fields: Email address or username, Role
Watch out for:
- Exact menu labels and invite flow can differ by Arctic Wolf service module.
- If the portal is federated through SSO, IdP-side assignment may still be required.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Unknown | Not documented |
| Domain whitelisting | Unknown | Automatic domain-based user add |
| IdP provisioning | Unknown | Not documented |
How to remove or deactivate users
- Can delete users: Unknown
- Delete/deactivate behavior: Public docs do not clearly state whether Arctic Wolf portal users are disabled, deleted, or both. Treat user removal behavior as tenant-specific unless confirmed in the product.
- Open the Arctic Wolf portal users area as an administrator.
- Locate the user to offboard.
- Disable, revoke, or remove the account using the controls available in the tenant.
- Review any integrations, alert-routing ownership, or service access tied to that user.
| Data impact | Behavior |
|---|---|
| Owned records | Incidents, reports, and service data remain tenant assets; public docs do not describe user-owned content semantics in detail. |
| Shared content | Shared reports and investigations remain available to other authorized users unless separately removed. |
| Integrations | Review integrations, API access, and notification routing separately when offboarding administrators. |
| License freed | Seat reuse behavior is contract-dependent and not publicly documented in detail. |
Watch out for:
- User offboarding should include review of service notifications and integrations, not only interactive portal access.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Named portal user | Administrative or standard access to the Arctic Wolf portal. |
- Where to check usage: Portal / Administration > Users
- How to identify unused seats: Review the current portal user list and any visible last-login metadata. No public unused-seat report was verified.
- Billing notes: Arctic Wolf pricing is contract-based. Public seat costs and self-serve licensing details are not documented.
The cost of manual management
Without SCIM or a public provisioning API, every app in your stack that lacks automation creates a manual touchpoint - and Arctic Wolf is one of them.
Onboarding and offboarding users requires direct action inside the Portal, meaning IT or security ops teams must remember to provision and deprovision access separately from your core identity workflows. Missed deprovisioning in a security platform carries elevated risk, since stale accounts retain visibility into sensitive detection and response data.
The decision
Every app without a provisioning integration adds manual overhead to your identity operations, and Arctic Wolf currently sits in that category. Teams running a zero-standing-access or automated joiner-mover-leaver model should flag this gap during procurement.
Pricing is enterprise and custom - no self-serve tier data was available to assess whether provisioning features are gated by plan.
Bottom line
Arctic Wolf has no documented SCIM support, no public provisioning API, and no IdP connector integrations as of this research. Every app without automated provisioning adds manual overhead to your identity operations, and Arctic Wolf currently sits in that category.
Until Arctic Wolf exposes a programmatic user management surface, access lifecycle for this platform must be managed directly in the Portal and tracked outside your standard IGA tooling.
Automate Arctic Wolf workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
