Summary and recommendation
Certinia user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Certinia runs entirely on the Salesforce platform, so there is no separate Certinia admin console.
All user management happens in Salesforce Setup > Administration > Users, with Certinia access controlled through a second layer of Certinia-specific permission sets assigned on top of standard Salesforce profiles.
Every app that sits on Salesforce inherits this two-layer model: a Salesforce license and profile grant platform access, while Certinia permission sets (e.g., PSA User, ERP User) gate access to specific Certinia modules.
Both layers must be in place before a user can do anything meaningful in Certinia.
Quick facts
| Admin console path | Certinia runs entirely on the Salesforce platform. User management is performed via Salesforce Setup > Administration > Users, combined with Certinia-specific permission set assignments. |
| Admin console URL | Official docs |
| SCIM available | Yes |
| SCIM tier required | Enterprise |
| SSO prerequisite | No |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Certinia Full User (Licensed) | Full access to Certinia modules (PSA, ERP, etc.) as permitted by assigned Certinia permission sets and Salesforce profile. | Cannot access modules for which no Certinia permission set license has been assigned. | Requires a Certinia named-user license assigned in the Salesforce org. | Custom (~$175/user/mo, $35K minimum per pricing seed data; not publicly listed). | Certinia licenses are layered on top of Salesforce platform licenses. Both a Salesforce license and a Certinia permission set license must be assigned for a user to function. |
| Salesforce System Administrator | Full Salesforce org administration including user creation, deactivation, profile and permission set assignment, and Certinia configuration. | Cannot access Certinia-specific features without also holding a Certinia license and appropriate permission sets. | Salesforce System Administrator profile; Certinia admin permission sets required for Certinia configuration. | Consumes a Salesforce and Certinia named-user license seat. | Certinia-specific admin tasks (e.g., rate card setup, billing configuration) require Certinia-specific permission sets in addition to the Salesforce System Administrator profile. |
| Read-Only / Chatter Free User | Limited Salesforce platform access; can view records shared with them depending on org sharing rules. | Cannot use Certinia transactional features; cannot be assigned Certinia permission set licenses. | Salesforce Chatter Free or equivalent low-cost license. | Typically no additional Certinia license cost, but Certinia functionality is unavailable. | Certinia permission set licenses cannot be assigned to Chatter Free or equivalent non-full-platform Salesforce licenses. |
Permission model
- Model type: hybrid
- Description: Certinia uses Salesforce's native permission model: Profiles define baseline object and field access; Certinia-specific Permission Sets and Permission Set Groups grant access to Certinia features and modules. Certinia ships pre-built permission sets (e.g., PSA User, PSA Resource, ERP User) that must be assigned to users. Administrators can clone and customize these permission sets within Salesforce Setup.
- Custom roles: Yes
- Custom roles plan: Not documented
- Granularity: Object-level, field-level, and record-level (via Salesforce sharing rules and OWD). Certinia permission sets further restrict or grant access to specific Certinia tabs, objects, and Apex classes.
How to add users
- Log in to Salesforce as a System Administrator.
- Navigate to Setup > Administration > Users > Users.
- Click 'New User'.
- Enter required fields: First Name, Last Name, Email, Username (must be email-format and globally unique in Salesforce), Alias, Nickname, Role, User License, and Profile.
- Select the appropriate Salesforce User License (e.g., Salesforce) and Profile.
- Save the user record; Salesforce sends an activation email to the user.
- Navigate to the user record and assign the relevant Certinia Permission Sets (e.g., 'FinancialForce PSA User', 'Certinia ERP User') under 'Permission Set Assignments'.
- Assign any Certinia Permission Set Licenses via Setup > Users > Permission Set Licenses if required by your org configuration.
Required fields: First Name, Last Name, Email, Username (globally unique, email format), Alias, User License, Profile
Watch out for:
- Certinia is built on Salesforce; every Certinia user must first be a valid Salesforce user with an appropriate Salesforce license.
- Assigning a Salesforce profile alone does not grant Certinia access; Certinia-specific permission sets must be assigned separately.
- Usernames must be globally unique across all Salesforce orgs, not just your own.
- If your org uses Certinia Permission Set Licenses (PSLs), the PSL must be assigned before the corresponding permission set can be granted.
- SSO configuration (if used) is managed at the Salesforce org level via Connected Apps and Identity Providers, not within Certinia directly.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Yes | Salesforce Setup > Data Import Wizard or Data Loader can be used to bulk-create user records; Certinia does not provide a separate bulk user import tool. |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | SCIM provisioning is available at the Enterprise tier per Certinia's documented SCIM support; requires Salesforce Identity or compatible SSO/SCIM configuration. |
How to remove or deactivate users
- Can delete users: No
- Delete/deactivate behavior: Salesforce (and therefore Certinia) does not allow deletion of user records that own data. Users can only be deactivated. Deactivated users cannot log in and do not consume an active license seat, but their user record and all associated data remain in the org.
- Log in to Salesforce as a System Administrator.
- Navigate to Setup > Administration > Users > Users.
- Locate the user record and click their name.
- Click 'Edit'.
- Uncheck the 'Active' checkbox.
- Click 'Save'.
| Data impact | Behavior |
|---|---|
| Owned records | All records owned by the deactivated user remain in the org and retain the deactivated user as owner. Ownership must be manually transferred if required for business continuity. |
| Shared content | Sharing rules and manual shares involving the deactivated user remain in place on existing records but the user can no longer access the system. |
| Integrations | Any API integrations or connected apps authenticated as the deactivated user will stop functioning. Integration user credentials should be migrated before deactivation. |
| License freed | Deactivating a user frees the Salesforce and Certinia license seat for reassignment to another user. |
Watch out for:
- Deactivating a user does not automatically reassign their owned records; open tasks, opportunities, or Certinia project assignments remain attributed to them.
- If the user is a Certinia project resource with active assignments, those assignments must be reassigned or closed before or after deactivation.
- Deactivated users still appear in historical reports and audit logs.
- Salesforce prevents deactivation of users who are the sole member of certain system roles or who are referenced in active workflow/approval processes; these dependencies must be resolved first.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Certinia PSA (Professional Services Automation) License | Access to Certinia PSA modules: project management, resource management, time and expense, billing. | Custom pricing; approximately $175/user/mo based on available market data; $35K minimum contract. |
| Certinia ERP License | Access to Certinia ERP modules: general ledger, accounts payable, accounts receivable, cash management. | Custom pricing; bundled or separate from PSA depending on contract. |
| Salesforce Platform License (required base) | Base Salesforce platform access required for all Certinia users. | Included in Certinia contract or licensed separately from Salesforce. |
- Where to check usage: Salesforce Setup > Company Settings > Company Information shows total licenses purchased and in use. Setup > Users > Permission Set Licenses shows Certinia PSL usage. Setup > Users > Users filtered by Active status shows active named users.
- How to identify unused seats: Filter the Users list in Salesforce Setup by 'Last Login' date to identify users who have not logged in recently. Certinia does not provide a native unused-license report; Salesforce's Login History report (Setup > Users > Login History) can be used to identify inactive users.
- Billing notes: Certinia is sold on annual contracts with named-user licensing. License counts are typically reconciled at renewal. Deactivating users frees seats for reassignment within the contract term but may not reduce the contracted minimum until renewal. Pricing is not publicly listed; all changes require engagement with Certinia sales or account management.
The cost of manual management
Certinia is sold on annual named-user contracts. Based on available market data, pricing runs approximately $175/user/month with a $35K contract minimum, though all changes require direct engagement with Certinia account management - there is no self-serve license reduction capability.
Deactivating a user frees the seat for reassignment within the current contract term but does not reduce the contracted minimum until renewal.
License usage can be checked via Salesforce Setup > Company Information and Setup > Users > Permission Set Licenses, but there is no native Certinia report for unused seats - administrators must rely on Salesforce Login History to identify inactive users.
What IT admins are saying
Community evidence is not specific enough to quote or summarize yet for this app.
The decision
Manual administration is viable for organizations with low user churn and a Salesforce admin already managing the underlying org. The process is well-defined but involves multiple discrete steps: create the Salesforce user, assign the Salesforce profile, then separately assign each required Certinia permission set and, where applicable, the corresponding permission set license.
For every app in a growing SaaS stack, the compounding overhead of multi-step provisioning and manual deprovisioning cleanup is where manual management breaks down at scale. Teams with frequent onboarding cycles or strict access-review requirements should weigh that operational cost against the effort of configuring automated provisioning.
Bottom line
Certinia user management is Salesforce user management with an added permission layer - straightforward in concept but operationally dense in practice.
Every user requires both a valid Salesforce license and correctly assigned Certinia permission sets before they can access any module, and deprovisioning requires manual cleanup of project assignments that the platform does not handle automatically.
For low-volume, stable teams with an experienced Salesforce admin, the manual workflow is manageable; for organizations running frequent access reviews or onboarding across every app in their stack, the multi-step process and lack of self-serve license controls create meaningful administrative overhead.
Automate Certinia workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
