Summary and recommendation
athenaOne user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
athenaOne is a cloud-based EHR and practice management platform built for ambulatory healthcare.
User administration is scoped inside each practice's athenaOne instance and is not publicly documented outside a customer login portal.
Role-based access control governs what every app user can see and do, with roles such as physician, nurse, front desk, and billing determining access to clinical and administrative functions.
Provider seats carry a reported cost of $140/provider/month plus 4–7% of collections;
non-provider staff seat costs are not publicly documented.
Enterprise pricing is custom.
All pricing should be verified directly with athenahealth sales before budgeting.
Quick facts
| Admin console path | Settings / Administration > Users and Roles (exact labels vary by tenant) |
| SCIM available | No |
| SCIM tier required | Unknown |
| SSO prerequisite | No |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Admin | Can manage tenant settings, integrations, and user access. | Cannot grant capabilities outside the features enabled for the tenant. | Detailed built-in role names are not fully documented publicly. | ||
| Standard User | Can use the core product features exposed to their assigned role. | May not be able to manage tenant settings, integrations, or other users. | Exact privileges can vary by tenant configuration and contract scope. |
Permission model
- Model type: role-based
- Description: athenaOne uses a role-based access control model where staff are assigned roles (e.g., physician, nurse, front desk, billing) that determine access to clinical and administrative functions. Specific role names, permission boundaries, and customization options are not publicly documented in official help docs accessible without a customer login.
- Custom roles: Unknown
- Custom roles plan: Not documented
- Granularity: Expect administrative access to be separated from standard user access, with exact scopes configured per tenant.
How to add users
- Log in as an administrator.
- Open settings or administration and navigate to users.
- Choose the add or invite user action.
- Enter the user's work email and assign the appropriate role.
- Save the user and complete any activation or SSO steps required by the tenant.
Required fields: Work email address, Role
Watch out for:
- athenaOne user management is performed within the practice's athenaOne instance; the admin console requires an active customer login and is not publicly documented.
- New user setup typically requires coordination with athenahealth implementation or support teams, particularly for provider credentialing and NPI association.
- Providers must be credentialed and linked to the correct practice department before they can access clinical workflows.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Unknown | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | No | Not documented |
How to remove or deactivate users
- Can delete users: Unknown
- Delete/deactivate behavior: Official public documentation does not explicitly describe whether user accounts can be deleted or only deactivated. No verified source confirms either behavior.
- Open the users area as an administrator.
- Locate the user to offboard.
- Disable, revoke, or remove the account using the controls available in that tenant.
- Review any integrations, service accounts, or credentials associated with the departing user.
| Data impact | Behavior |
|---|---|
| Owned records | Tenant data remains in the workspace; public docs do not describe user-owned content semantics in detail. |
| Shared content | Shared content and workspace records typically remain available unless separately removed or reassigned. |
| Integrations | Review service credentials, workflow ownership, and integrations separately during admin offboarding. |
| License freed | Seat reuse behavior is contract-dependent and not publicly documented in detail. |
Watch out for:
- HIPAA audit trail requirements in healthcare EHRs typically mean user activity logs are retained even after account deactivation; however, this is not explicitly confirmed in publicly available athenaOne documentation.
- Deactivating a provider who is the ordering or supervising provider on open orders or encounters may require reassignment before deactivation can proceed; this is inferred from general EHR practice and not confirmed in official docs.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Provider | Full clinical and billing access tied to a licensed provider (MD, DO, NP, PA, etc.); pricing is per-provider per month plus a percentage of collections. | $140/provider/mo + 4–7% of collections (per pricing seed data; not confirmed against a current official pricing page) |
| Staff/Non-Provider | Administrative, clinical support, and billing staff access; specific seat cost not publicly documented. |
- Where to check usage: Settings / Administration > Users and Roles
- How to identify unused seats: Review the tenant user list and any visible login or activity metadata. No public unused-seat report was verified.
- Billing notes: Pricing is reported as per-provider per month plus a percentage of collections. Non-provider staff seat costs are not publicly documented. Enterprise pricing is custom. All pricing details should be verified directly with athenahealth sales.
The cost of manual management
New provider setup requires coordination with athenahealth implementation or support teams, particularly for credentialing and NPI association-this is not a self-service step. Providers must also be linked to the correct practice department before they can access clinical workflows, adding a sequencing dependency to every onboarding.
Deactivating a departing user carries its own overhead: if the user is an ordering or supervising provider on open encounters, those must be reassigned before deactivation can proceed. There is no confirmed DELETE endpoint; deactivation is the supported offboarding path, and HIPAA audit trail requirements mean activity logs are typically retained regardless.
Practice managers unfamiliar with the system consistently report that the admin interface is not intuitive and that documentation is gated behind a customer portal, which means every app access change tends to require either internal tribal knowledge or a support ticket.
The decision
athenaOne is appropriate for ambulatory practices that are already committed to the athenahealth ecosystem and can absorb the support-dependent onboarding model. The per-provider pricing structure means license costs scale directly with clinical headcount, so practices should audit provider seat assignments regularly.
If your team expects fully self-service user management or needs to sync every app account from a central HR or identity system without manual steps, the absence of SCIM and the support-gated admin model will create ongoing operational friction.
The API path (detailed separately) is the most viable route to automation, but it requires a Marketplace partner agreement for production access.
Bottom line
athenaOne's user management is functional but support-dependent: new provider setup requires athenahealth involvement, the admin interface is not self-service for all changes, and documentation is gated behind a customer login.
Practices that need to keep every app account in sync with HR records will find the manual process labor-intensive at scale.
The proprietary REST API offers a path to automation, but it requires completing the athenahealth Marketplace partner program before production credentials are available-plan for that lead time before committing to an automated provisioning workflow.
Automate athenaOne workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
