Summary and recommendation
CloudTalk user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
CloudTalk is a cloud call center platform with a two-role permission model: Administrator and Agent. Administrators hold full account access - billing, routing, IVR, integrations, and agent management - while Agents are scoped to their own call activity and softphone. There are no department-scoped admin roles or granular permission toggles documented for standard plans.
No native SCIM provisioning is documented. Every app in a modern identity stack that relies on automated lifecycle management will require a workaround here - either REST API calls or manual dashboard operations.
SSO via SAML (Okta, Entra ID, OneLogin) is available on Expert and Custom plans, but it does not trigger automatic deprovisioning in CloudTalk.
Quick facts
| Admin console path | Dashboard → Settings → Agents |
| Admin console URL | Official docs |
| SCIM available | No |
| SCIM tier required | Unknown |
| SSO prerequisite | No |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Administrator | Full access to dashboard settings, billing, call routing, IVR configuration, integrations, reporting, and agent management. Can add, edit, and deactivate agents. | Cannot self-demote without another Administrator present; cannot access call recordings beyond retention window. | All plans (Lite, Starter, Essential, Expert, Custom) | Counts as a billable seat at the same per-user rate as the plan tier | Administrator role is account-wide; there are no department-scoped admin roles documented in standard plans. |
| Agent | Can make and receive calls, access personal call history, use the softphone/mobile app, and view own statistics. | Cannot access account settings, billing, other agents' configurations, IVR/routing rules, or integrations. | All plans | Billable seat at plan rate (Lite $19, Starter $25–$34, Essential $29–$35, Expert $49/user/month) | Each Agent consumes one paid seat regardless of activity level; there is no documented free viewer or read-only seat type. |
Permission model
- Model type: role-based
- Description: CloudTalk uses a two-role model: Administrator and Agent. Administrators have full platform access; Agents have access limited to their own call activity and softphone. No custom roles or granular permission sets are documented in the help center for standard plans.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Coarse – two fixed roles only; no field-level or feature-level permission toggles documented for standard plans.
How to add users
- Log in to the CloudTalk Dashboard at my.cloudtalk.io as an Administrator.
- Navigate to Settings → Agents.
- Click 'Add Agent' (or the '+' button).
- Enter the agent's first name, last name, and email address.
- Assign a role (Administrator or Agent).
- Optionally assign the agent to one or more Groups (queues/teams).
- Optionally set an extension number.
- Click 'Save'. An invitation email is sent to the new user to set their password.
Required fields: First name, Last name, Email address, Role (Administrator or Agent)
Watch out for:
- Adding an agent immediately creates a billable seat; billing adjusts at the next cycle.
- The invitation email may land in spam; users must accept the invite before they can log in.
- Phone number assignment is optional at creation but required before the agent can make outbound calls on some configurations.
- No documented grace period – seat cost begins on the day the agent is added.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | No | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Expert or Custom (SSO required; JIT provisioning via SAML supported with Okta, Microsoft Entra ID, and OneLogin) |
How to remove or deactivate users
- Can delete users: No
- Delete/deactivate behavior: CloudTalk does not expose a hard-delete option for agents in the standard dashboard UI. Agents can be deactivated (set to inactive), which prevents login and call handling while preserving their historical call data and recordings associated with that agent account.
- Log in to the CloudTalk Dashboard as an Administrator.
- Navigate to Settings → Agents.
- Locate the agent to be removed.
- Click the agent's name or the edit (pencil) icon to open their profile.
- Toggle the agent's status to 'Inactive' or use the deactivate option.
- Confirm the action. The agent loses dashboard and softphone access immediately.
| Data impact | Behavior |
|---|---|
| Owned records | Call recordings and call logs associated with the deactivated agent are retained and remain accessible to Administrators in reporting and the call history section. |
| Shared content | Groups (queues) the agent belonged to continue to function; the agent is simply removed from routing. Shared voicemail boxes and IVR assignments are unaffected. |
| Integrations | CRM integration records (e.g., HubSpot, Salesforce contact associations) tied to the agent's calls are preserved in the CRM; the CloudTalk-side mapping may need manual cleanup. |
| License freed | Deactivating an agent frees the seat for the next billing cycle. CloudTalk bills per active agent; inactive agents should not count toward the seat total, but timing of credit depends on billing cycle. |
Watch out for:
- No hard-delete means former employee data persists in the account indefinitely; verify data retention policies for compliance.
- If the deactivated agent was the sole Administrator, the account may become unmanageable – ensure at least one other Administrator exists before deactivating.
- Seat credit for a deactivated agent is not necessarily immediate; confirm with CloudTalk billing support for mid-cycle deactivations.
- SSO-provisioned users deactivated in the IdP are not automatically deactivated in CloudTalk (no SCIM); manual deactivation in the CloudTalk dashboard is still required.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Agent seat (all roles) | One named user (Administrator or Agent role), softphone access, mobile app access, call history, and plan-tier features. | Lite $19/user/month; Starter $25/user/month (annual) or $34/month; Essential $29/user/month (annual) or $35/month; Expert $49/user/month (annual); Custom – quote-based |
| AI Add-on | AI-powered features (e.g., call transcription, sentiment analysis) layered on top of a standard seat. | $9/agent/month (add-on, not a standalone seat type) |
- Where to check usage: Dashboard → Settings → Agents (shows list of all active/inactive agents and their status)
- How to identify unused seats: Review the Agents list for agents with no recent call activity by cross-referencing Dashboard → Analytics → Agent Statistics, filtering by date range to identify zero-activity agents.
- Billing notes: CloudTalk charges per active named user per month. Annual plans are billed upfront at the discounted rate. Monthly plans are billed at the higher month-to-month rate. Minimum 5 users on Custom plans. Adding agents mid-cycle may result in prorated charges; removing agents mid-cycle credit timing should be confirmed with CloudTalk support. 14-day free trial available; no credit card required for trial per marketing materials.
The cost of manual management
Adding an agent creates a billable seat immediately, with no documented grace period. Billing adjusts at the next cycle for additions, but mid-cycle credit timing for deactivations is unconfirmed - teams should verify directly with CloudTalk support.
There is no bulk CSV import for agents. At scale, every new hire requires a separate manual entry through Dashboard → Settings → Agents. Invitation emails frequently land in spam, which can delay onboarding and require follow-up.
Deactivating an agent in your IdP does not deactivate them in CloudTalk. Without a SCIM bridge, offboarding requires a separate manual step in the CloudTalk dashboard - a gap that creates real access-control risk for departing employees.
What IT admins are saying
Practitioners consistently flag three friction points with CloudTalk's identity management. First, the absence of SCIM documentation leaves teams without a supported path for automated provisioning.
Second, the two-role model (Administrator and Agent only) makes it impossible to grant team leads limited admin access without full account privileges. Third, mid-cycle deactivation credits are opaque, and multiple users report uncertainty about when billing actually adjusts.
Invitation email deliverability is a recurring operational complaint. New agents must accept the invite before they can log in, and spam filtering delays are common enough to warrant a proactive heads-up during onboarding.
Common complaints:
- Lack of public documentation on identity management and SCIM provisioning.
- No bulk CSV import for agents forces manual one-by-one user creation at scale.
- Deactivating SSO users in the IdP does not automatically deactivate them in CloudTalk, creating a security gap for offboarding.
- Only two fixed roles (Administrator and Agent) with no granular permissions, making it difficult to give team leads limited admin access.
- Mid-cycle seat credit timing is unclear; users report uncertainty about when billing adjusts after deactivating an agent.
- Invitation emails to new agents frequently reported as landing in spam folders, delaying onboarding.
The decision
CloudTalk fits teams that manage a modest, stable agent roster and can absorb manual provisioning overhead. If your organization has frequent headcount changes, strict offboarding SLAs, or a requirement that every app deprovision automatically on IdP deactivation, the lack of SCIM is a meaningful operational gap.
The coarse role model is a hard constraint for orgs that need tiered access - for example, team leads who can view reporting but cannot touch billing or routing. No workaround exists within standard plans.
Teams on Expert or Custom plans get SSO, which reduces login friction but does not solve lifecycle automation. Factor in the manual deprovisioning step as a standing process cost before committing at scale.
Bottom line
CloudTalk's manual user management is straightforward for small, stable teams but does not scale cleanly. No SCIM means every app that expects automated provisioning will need a compensating process - either REST API automation or a manual dashboard workflow.
The two fixed roles, opaque mid-cycle billing, and IdP-deactivation gap are the three constraints most likely to create operational debt as headcount grows. Teams with strict offboarding requirements or complex access-tier needs should weigh those gaps explicitly before expanding seat count.
Automate CloudTalk workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
