Summary and recommendation
Better Uptime user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Better Uptime offers three fixed account-level roles - Admin, On-call, and Read-only - with no custom roles or per-monitor permission scoping. Like every app with a flat role model, access control is coarse-grained by design, and teams needing resource-level isolation will hit this ceiling quickly.
All user management lives under Settings → Team. Invitations are sent one at a time via email; there is no CSV bulk import path without an identity provider integration. Automated provisioning is available, but only on the Enterprise plan with SSO (SAML) already active.
Quick facts
| Admin console path | Settings → Team |
| Admin console URL | Official docs |
| SCIM available | Yes |
| SCIM tier required | Enterprise |
| SSO prerequisite | Yes |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Admin | Full access to all monitors, incidents, on-call schedules, integrations, billing, and team settings. Can invite and remove team members, assign roles, and configure SSO/SCIM. | Any paid plan | Counted as a billable team member seat | At least one Admin must remain on the account; the last Admin cannot be demoted or removed. | |
| On-call | Can view monitors, acknowledge and resolve incidents, and participate in on-call schedules. Can manage their own notification preferences. | Cannot access billing, team settings, SSO/SCIM configuration, or invite/remove other members. | Any paid plan | Counted as a billable team member seat | On-call members still consume a paid seat even if they only receive alerts and do not log in regularly. |
| Read-only | Can view monitors, status pages, and incident history. No ability to acknowledge incidents or modify any settings. | Cannot acknowledge or resolve incidents, modify monitors, access billing, or manage team settings. | Any paid plan | Counted as a billable team member seat on most plans; verify current pricing page for any free read-only allowance. | Read-only users still occupy a seat on the account, which may affect plan limits. |
Permission model
- Model type: role-based
- Description: Better Uptime uses a fixed set of predefined roles (Admin, On-call, Read-only). There are no custom roles or granular permission sets. Role assignment is per-account, not per-monitor or per-team-group.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Account-level roles only; no resource-level or monitor-level permission scoping.
How to add users
- Log in as an Admin and navigate to Settings → Team.
- Click 'Invite team member'.
- Enter the invitee's email address.
- Select the role to assign (Admin, On-call, or Read-only).
- Click 'Send invitation'. The invitee receives an email to accept and set up their account.
Required fields: Email address, Role selection
Watch out for:
- Invitations expire if not accepted; a new invitation must be sent if the link lapses.
- The invitee must create or log in to a Better Stack account using the invited email address.
- Adding members beyond the plan's included seat count may trigger a billing upgrade prompt.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | No | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Enterprise |
How to remove or deactivate users
- Can delete users: Yes
- Delete/deactivate behavior: Admins can remove (delete) a team member from the account via Settings → Team. Removal is immediate and revokes all access. There is no separate 'deactivate' or 'suspend' state distinct from full removal in the standard UI; SCIM provisioning can deprovision users automatically on Enterprise plans.
- Log in as an Admin and navigate to Settings → Team.
- Locate the team member to remove.
- Click the options menu (three dots or 'Remove') next to their name.
- Confirm the removal. The user's access is revoked immediately.
| Data impact | Behavior |
|---|---|
| Owned records | Monitors, on-call schedules, and incidents created by the removed user remain in the account and are not deleted. |
| Shared content | Status pages and integrations configured by the removed user persist and continue to function. |
| Integrations | Notification integrations (e.g., PagerDuty, Slack) tied to the removed user's personal settings are removed; account-level integrations are unaffected. |
| License freed | The seat is freed immediately upon removal, which may reduce the billable seat count at the next billing cycle depending on plan terms. |
Watch out for:
- Removing the only Admin on an account is blocked; another Admin must be assigned first.
- On-call schedules referencing the removed user may have gaps; schedules should be reviewed and updated after removal.
- SCIM-managed users deprovisioned via IdP are removed automatically on Enterprise plans, but manual removal is still available.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Team member seat | Covers Admin, On-call, and Read-only roles. All active team members consume one seat regardless of role. | Included up to plan limit; additional seats billed per plan pricing. Starter plan includes a limited number of seats; higher tiers include more. Enterprise pricing is custom. |
- Where to check usage: Settings → Team (shows current member count and roles); Settings → Billing (shows plan limits and seat usage).
- How to identify unused seats: Review Settings → Team for members who have never logged in or have not acknowledged any incidents. No built-in 'last login' report is surfaced in the UI per available documentation; admins must manually audit the member list.
- Billing notes: Plans are billed annually or monthly. Seat limits vary by plan tier. Exceeding the included seat count requires a plan upgrade or purchasing additional seats. Enterprise plans have custom seat pricing negotiated directly with Better Stack sales.
The cost of manual management
There is no built-in last-login or activity report in the UI, so identifying inactive seats requires manually reviewing the Settings → Team member list against incident acknowledgment history.
Read-only users consume paid seats even if they only view dashboards, and On-call members are billed regardless of login frequency. Seat overages trigger a plan upgrade prompt, so unreviewed rosters translate directly into avoidable spend.
Invitations expire if not accepted, requiring admins to re-send manually. On-call schedules are not automatically updated when a member is removed, so departing-user offboarding requires a two-step process: remove the member, then audit and patch every affected rotation.
What IT admins are saying
The most consistent friction point reported by practitioners is the Enterprise-only gate on SCIM provisioning - teams that want automated user lifecycle management face a significant cost jump even if SCIM is their only Enterprise-tier need.
The additional requirement that SSO (SAML) must be fully configured before SCIM can be enabled adds setup sequencing complexity.
The flat, account-wide role model draws criticism from larger organizations that need to scope access by monitor group or team segment. The absence of granular permissions is a hard architectural limit, not a configuration gap.
Smaller operational complaints include the one-at-a-time invitation flow, the lack of a last-login report for license auditing, and the surprise that Read-only stakeholders still occupy billable seats.
Common complaints:
- Enterprise pricing required for SCIM provisioning, which is a significant cost jump for teams that only need automated user management.
- SSO (SAML) must be configured before SCIM can be enabled, adding setup complexity.
- No granular, per-monitor or per-team-group permissions; role model is account-wide only, which limits access control for larger organizations.
- No CSV bulk import for users; invitations must be sent one at a time through the UI without IdP provisioning.
- No built-in last-login or activity report to identify inactive seats, making license auditing a manual process.
- Read-only users consume paid seats, which some users find unexpected for stakeholders who only need dashboard visibility.
The decision
Every app in your stack carries an access governance cost, and Better Uptime's manual model is straightforward for small, stable teams - three roles, one settings page, email invitations - but breaks down as headcount or compliance requirements grow.
Teams that need automated provisioning should budget for the Enterprise tier and plan SSO configuration as a prerequisite, not an afterthought. Teams that need per-monitor or per-group access control should evaluate whether the flat role model is a workable constraint before committing.
License hygiene requires proactive manual audits given the absence of activity reporting. Factor in the seat cost of Read-only and On-call members who may not log in regularly when sizing the plan.
Bottom line
Better Uptime's user management is functional and low-friction for small teams operating within its three-role model, but it scales poorly without investment in the Enterprise tier.
Automated provisioning requires both an Enterprise plan and active SSO - a two-step prerequisite that raises the entry cost for teams whose primary need is lifecycle automation.
The absence of last-login reporting, per-resource permissions, and bulk invite tooling means that as team size grows, administrative overhead grows with it.
Teams should audit seat assignments regularly and account for the billable cost of Read-only and infrequently active On-call members when evaluating total plan cost.
Automate Better Uptime workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
