Summary and recommendation
Atlassian Trello user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Trello's user lifecycle management is split across three layers: Enterprise-level, Workspace-level, and Board-level. Each layer has its own admin role with fixed, non-customizable permissions. Enterprise Admins govern organization-wide policies from the Enterprise Admin Dashboard at trello.com/enterprise, while Workspace Admins are scoped strictly to their own Workspace.
SCIM provisioning and SSO are available exclusively on Trello Enterprise, which requires Atlassian Guard Standard (included with Enterprise). Without that tier, every app in your stack-including Trello-requires manual, per-Workspace access management with no centralized deactivation.
Quick facts
| Admin console path | trello.com → Select Workspace → Workspace Settings → Members (for Workspace-level); Enterprise admins use the Enterprise Admin Dashboard at trello.com/enterprise |
| Admin console URL | Official docs |
| SCIM available | Yes |
| SCIM tier required | Trello Enterprise + Atlassian Guard |
| SSO prerequisite | Yes |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Enterprise Admin | Full control over the Enterprise: can manage all Workspaces, deactivate/reactivate members, enforce SSO and 2FA policies, view audit logs, manage Power-Ups, and configure organization-wide settings. | Cannot directly edit card content on boards they are not a member of without joining the board. | Trello Enterprise | Billable seat | Enterprise Admin role is separate from Workspace Admin. An Enterprise Admin is not automatically an Admin on every Workspace within the Enterprise. |
| Workspace Admin | Can invite/remove members from the Workspace, change member roles within the Workspace, manage Workspace-level settings, and create/delete boards within the Workspace. | Cannot manage Enterprise-level settings, SSO, or deactivate users across the Enterprise. | All plans (Free, Standard, Premium, Enterprise) | Billable seat | On Free plan, Workspaces are limited to 10 collaborators per board. Workspace Admin permissions are scoped to their Workspace only. |
| Workspace Member (Normal) | Can create boards, join boards within the Workspace, and collaborate on cards. Default member role. | Cannot change Workspace settings, invite members to the Workspace (unless granted permission by Admin), or access admin dashboard. | All plans | Billable seat | Workspace-level invite permissions can be restricted by Workspace Admins so only Admins can invite new members. |
| Observer (Board-level) | Read-only access to boards. Can view cards, checklists, attachments, and comments but cannot create or edit content. | Cannot create cards, move cards, add comments, or edit any board content. | Trello Enterprise only | Billable seat at Enterprise pricing | Observer role is only available on Enterprise plan. Observers still consume a licensed seat. |
| Board Guest | Access to a single board only. Not a full Workspace member. Can interact with cards on that specific board per the board's permissions. | Cannot see other boards in the Workspace, access Workspace settings, or view Workspace member lists. | Standard, Premium, Enterprise (not available on Free) | Billable seat on the Workspace plan | Guests count toward billing. On Enterprise, Enterprise Admins can restrict guest invitations across all Workspaces. |
| Multi-Board Guest | Access to more than one board in a Workspace without being a full Workspace member. | Cannot access Workspace-level settings or all boards by default. | Standard, Premium, Enterprise | Billable seat; counted as a full member for billing purposes once added to a second board | Adding a guest to a second board automatically upgrades them to a full billable member on Standard/Premium plans. |
Permission model
- Model type: role-based
- Description: Trello uses a layered role-based permission model. At the Enterprise level, Enterprise Admins govern organization-wide policies. At the Workspace level, Workspace Admins and Normal members have defined capabilities. At the board level, board Admins and Members have distinct permissions. Observer is an Enterprise-only read-only board role. There are no custom roles; permissions are fixed per role type.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Three layers: Enterprise-level, Workspace-level, and Board-level. Within each layer, roles are predefined with fixed permission sets. No granular permission toggling per user.
How to add users
- Navigate to your Workspace at trello.com.
- Click on the Workspace name in the left sidebar to open Workspace settings.
- Select 'Members' from the Workspace menu.
- Click 'Invite Workspace Members'.
- Enter the email address(es) of the user(s) to invite.
- Select the role (Admin or Normal member) for the invitee.
- Click 'Send Invitation'. The invitee receives an email and must accept to join.
- For Enterprise: Enterprise Admins can also add members via the Enterprise Admin Dashboard at trello.com/enterprise under the 'Members' tab.
Required fields: Email address of the invitee
Watch out for:
- Invited users must accept the email invitation before they appear as active members; pending invitations still count toward billing on some plans.
- On the Free plan, Workspaces are limited to 10 collaborators per board.
- Enterprise Admins can restrict who can invite members (Admins only vs. all members) at the Workspace level.
- If SSO is enforced on Enterprise, new users must authenticate via the configured IdP before accessing Trello.
- Adding a guest to a second board on Standard/Premium automatically converts them to a full billable member.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | No | Not documented |
| Domain whitelisting | Yes | Automatic domain-based user add |
| IdP provisioning | Yes | Trello Enterprise + Atlassian Guard (Enterprise plan required for SCIM provisioning) |
How to remove or deactivate users
- Can delete users: No
- Delete/deactivate behavior: Trello does not offer a permanent account deletion option for Enterprise admins. Enterprise Admins can deactivate a member, which revokes their access to all Enterprise Workspaces and boards and frees the license seat. The user's account and their created content (cards, boards, comments) are retained. Deactivated users can be reactivated. Full account deletion must be initiated by the user themselves through Atlassian account settings.
- Navigate to the Enterprise Admin Dashboard at trello.com/enterprise.
- Click 'Members' in the left navigation.
- Search for the member to deactivate.
- Click on the member's name to open their profile.
- Click 'Deactivate Member'.
- Confirm the deactivation in the dialog. The member is immediately removed from all Enterprise Workspaces and boards and loses access.
| Data impact | Behavior |
|---|---|
| Owned records | Cards, boards, and checklists created by the deactivated user remain intact and visible to other members. Boards owned by the deactivated user persist and are accessible to other board members. |
| Shared content | All content the deactivated user contributed (comments, attachments, card assignments) remains on the boards and is visible to remaining members. |
| Integrations | Power-Up connections and integrations configured by the deactivated user may stop functioning if they relied on that user's authentication tokens. Admins should audit and reconfigure affected integrations. |
| License freed | Yes. Deactivating a member frees their billable seat immediately, reducing the licensed user count for the next billing cycle. |
Watch out for:
- Deactivation is Enterprise-only as a centralized admin action. On Standard/Premium, Workspace Admins can only remove members from their specific Workspace, not deactivate them organization-wide.
- Removing a member from a Workspace on non-Enterprise plans does not prevent them from being re-invited or accessing other Workspaces.
- Boards set to 'Public' visibility remain accessible to deactivated users if they have the direct URL, since public boards do not require authentication.
- If the deactivated user was the sole Admin of a board, another Enterprise Admin must manually assign a new board Admin.
- SCIM-based deactivation via Atlassian Guard will deactivate the user's entire Atlassian account, not just Trello access.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Free | Up to 10 collaborators per board, unlimited cards, 10 boards per Workspace, 10 MB file attachments, limited Power-Ups (1 per board). | $0/user/month |
| Standard | Unlimited boards, unlimited Power-Ups, custom fields, advanced checklists, 250 MB file attachments, saved searches, guest access. | $5/user/month (billed annually) |
| Premium | All Standard features plus Timeline, Calendar, Dashboard, Map, and Table views, Workspace-level templates, admin and security features, unlimited Workspace command runs. | $10/user/month (billed annually) |
| Enterprise | All Premium features plus Enterprise Admin Dashboard, organization-wide permissions, SSO, SCIM provisioning (via Atlassian Guard Standard, included), Observer role, Power-Up administration, attachment permissions, public board restrictions, 50-user minimum. | From $17.50/user/month (billed annually, 50-user minimum); price per user decreases at higher user counts |
- Where to check usage: Enterprise Admin Dashboard (trello.com/enterprise) → Members tab shows all active, deactivated, and pending members with last activity data. Workspace Admins can view member counts under Workspace Settings → Members.
- How to identify unused seats: Enterprise Admin Dashboard provides last activity timestamps per member. Admins can filter or sort by last active date to identify inactive users. No automated idle-user report; manual review of last activity column is required.
- Billing notes: All active Workspace members (including guests added to multiple boards) consume a billable seat. Pending invitations may count toward billing depending on plan. Enterprise plan requires a 50-user minimum and is billed annually. Trello Enterprise includes Atlassian Guard Standard (required for SCIM). Nonprofits and educational institutions qualify for 75% discount on Standard/Premium and 50% on Enterprise. Billing is managed through Atlassian's billing portal, not within Trello directly.
The cost of manual management
Without automated provisioning, every app in your stack demands individual admin attention for onboarding and offboarding. In Trello specifically, removing a departing user requires a Workspace Admin to manually remove them from each Workspace they belong to-and on non-Enterprise plans, that action does not prevent the user from being re-invited or accessing other Workspaces.
Board-level access compounds the problem: removing a member from a Workspace does not automatically remove them from boards they were added to directly. Each board requires a separate removal step. On Standard and Premium plans there is no centralized deactivation; only Enterprise provides a single action that revokes access across all Workspaces simultaneously.
Identifying unused seats also requires manual effort. The Enterprise Admin Dashboard surfaces last-activity timestamps per member, but there is no automated idle-user report-admins must sort and review the last-activity column by hand.
What IT admins are saying
Admins consistently flag that SCIM provisioning is not intuitive because it lives inside Atlassian Guard rather than Trello itself, making the dependency non-obvious during initial Enterprise setup.
The lack of native IdP group-to-Workspace sync is a recurring friction point: group membership must be managed manually or through Guard's limited mapping capabilities.
A frequently cited surprise is the blast radius of SCIM deactivation-disabling a user via Guard deactivates their entire Atlassian account across every Atlassian product, not just Trello. Organizations running Jira, Confluence, or other Atlassian tools alongside Trello need to account for this before automating offboarding.
The Observer role-read-only board access-is Enterprise-only, which admins on Standard or Premium plans flag as a meaningful gap when they need to grant stakeholder visibility without edit rights.
Common complaints:
- SCIM API transition and deprecation of older provisioning endpoints causes disruption for existing IdP integrations.
- No native group sync between IdP groups and Trello Workspaces; group membership must be managed manually or via Atlassian Guard with limited mapping.
- SCIM provisioning requires Atlassian Guard (additional product), which is not intuitive for admins expecting provisioning to be native to Trello Enterprise.
- Deactivating a user via SCIM deactivates their entire Atlassian account across all Atlassian products, not just Trello, which is unexpected for organizations using multiple Atlassian tools.
- No CSV bulk import for users; bulk provisioning requires IdP/SCIM setup which has a high configuration overhead.
- Observer role is only available on Enterprise, making read-only access expensive for organizations on lower tiers.
- Removing a member from a Workspace on Standard/Premium does not prevent them from retaining access to public boards or being re-invited.
- Lack of granular permission controls at the board or card level beyond the fixed role types.
- Enterprise pricing requires a 50-user minimum, making it inaccessible for smaller teams that need Enterprise features like SSO or Observer roles.
The decision
Trello Enterprise is the minimum tier required for centralized user lifecycle management, and it is the only plan where every app and Workspace in the organization falls under a single deactivation action. It unlocks the Enterprise Admin Dashboard, SCIM provisioning via Atlassian Guard Standard (included), SSO enforcement, and the Observer role.
Standard and Premium plans lack centralized deactivation and SCIM, making them unsuitable for organizations with compliance or audit requirements around access control.
The 50-user minimum and annual billing commitment on Enterprise are hard constraints to evaluate before committing. Nonprofits and educational institutions qualify for a 50% discount on Enterprise.
Guard Standard is bundled with Trello Enterprise, so no separate Guard purchase is needed at that tier-but Guard is a prerequisite for SCIM regardless of how it is obtained.
Organizations already running other Atlassian products should validate their offboarding workflows carefully: SCIM deactivation is Atlassian-account-wide, not Trello-scoped.
Bottom line
Trello Enterprise provides the only viable path to centralized, auditable user lifecycle management, bundling SSO, SCIM via Atlassian Guard Standard, and a single-action deactivation that covers every app and Workspace in the organization.
Below Enterprise, admins face manual, per-Workspace removal with no organization-wide deactivation and no automated provisioning.
The layered permission model-Enterprise, Workspace, and Board-means offboarding is never a single step without SCIM in place, and the cross-product scope of Atlassian account deactivation requires deliberate coordination for organizations running multiple Atlassian tools.
Automate Atlassian Trello workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
