Summary and recommendation
Craft.io user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Craft.io is a product management platform covering roadmapping, backlog management, prioritization, and capacity planning. It offers SAML 2.0 SSO on higher-tier plans, but no SCIM provisioning is documented at any tier.
Like every app in this category that lacks automated provisioning, user lifecycle management - adding, role-changing, and removing people - must be handled manually through the admin console at app.craft.io.
Three roles govern access: Admin (full account control), Member (create and edit within assigned workspaces), and Viewer/Stakeholder (read-only on shared roadmaps). Custom roles are not supported, and the granular permission matrix between roles is not publicly documented - verify boundaries with Craft.io directly before rolling out to a large team.
Quick facts
| Admin console path | Settings → Members (inferred from standard SaaS patterns; not explicitly confirmed in public documentation) |
| Admin console URL | Official docs |
| SCIM available | No |
| SCIM tier required | Enterprise ($19-79+/user/month) |
| SSO prerequisite | No |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Admin | Full account management including billing, member management, workspace settings, and all product data. | All plans | Counts as a paid seat | Exact permission boundaries between Admin and other roles are not publicly documented in granular detail. | |
| Member | Access to assigned workspaces and product areas; can create and edit product artifacts based on workspace permissions. | Cannot manage billing, invite members (plan-dependent), or access account-level settings. | All plans | Counts as a paid seat | |
| Viewer / Stakeholder | Read-only access to shared roadmaps and product data; intended for stakeholders who do not need to edit. | Cannot create or edit any product artifacts. | Availability and seat cost for viewer roles not explicitly confirmed in public documentation. | Whether viewer seats are free or reduced-cost is not publicly confirmed; verify with Craft.io sales. |
Permission model
- Model type: role-based
- Description: Craft.io uses role-based access control at the account and workspace level. Roles govern what users can view, create, and manage. Granular custom-role configuration is not publicly documented.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Role-level (Admin, Member, Viewer); workspace-level access scoping referenced but detailed permission matrix not publicly available.
How to add users
- Log in to app.craft.io as an Admin.
- Navigate to account Settings.
- Select the Members or Team section.
- Enter the invitee's email address.
- Assign a role (Admin, Member, or Viewer).
- Send the invitation; invitee receives an email to accept and set up their account.
Required fields: Email address, Role assignment
Watch out for:
- Exact navigation path (Settings → Members) is inferred from standard SaaS patterns and not confirmed verbatim in public help docs.
- Seat limits per plan are not publicly detailed; adding members beyond plan limits may trigger an upsell or billing change.
- SSO-provisioned users (SAML 2.0) may follow a different onboarding flow on Enterprise plans.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Unknown | Not documented |
| Domain whitelisting | Unknown | Automatic domain-based user add |
| IdP provisioning | Yes | Enterprise (SAML 2.0 SSO with Okta and Entra ID confirmed; SCIM automated provisioning not documented) |
How to remove or deactivate users
- Can delete users: Unknown
- Delete/deactivate behavior: Whether Craft.io supports permanent user deletion versus deactivation/removal from the account is not confirmed in publicly available documentation. Standard behavior for SaaS PM tools is to remove the user from the account while retaining their contributed data.
- Log in to app.craft.io as an Admin.
- Navigate to account Settings → Members.
- Locate the target user.
- Select the option to remove or deactivate the user.
- Confirm the action.
| Data impact | Behavior |
|---|---|
| Owned records | Not publicly documented; items created by the removed user are expected to remain in the workspace but reassignment behavior is unconfirmed. |
| Shared content | Not publicly documented. |
| Integrations | Not publicly documented; any personal integration tokens or connections tied to the user may be affected. |
| License freed | Seat is expected to become available for reassignment upon removal, but billing cycle impact is not publicly confirmed. |
Watch out for:
- No SCIM support means user removal must be performed manually in the Craft.io admin console even if SSO is configured.
- Deprovisioning from Okta or Entra ID via SCIM is not available; SSO deactivation alone may not revoke Craft.io access.
- Data ownership and reassignment behavior upon user removal is not documented publicly.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Full Member Seat | Full create/edit access across assigned workspaces; applies to Essential, Pro, and Enterprise plans. | Essential $19/user/mo (annual), Pro $79/user/mo (annual), Enterprise custom |
| Viewer/Stakeholder Seat | Read-only access to shared roadmaps and product data. | Not publicly confirmed; may be included or at reduced cost depending on plan. |
- Where to check usage: Settings → Members (inferred; exact path not confirmed in public documentation)
- How to identify unused seats: No publicly documented automated tool for identifying inactive or unused seats; admins would need to manually review last-login data if exposed in the Members list.
- Billing notes: Pricing is per-user per-month billed annually. Enterprise pricing is custom. No publicly documented grace period or proration policy for mid-cycle seat changes. Free trial available without credit card.
The cost of manual management
Without SCIM, each joiner, mover, or leaver requires an admin to log in, locate the user, and take action by hand. There is no publicly documented automated tool for identifying inactive seats, so unused licenses accumulate silently until an admin manually audits the Members list.
Seat costs compound the risk: Essential seats run $19/user/month (annual) and Pro seats $79/user/month (annual), with Enterprise on custom pricing. SSO via SAML 2.0 handles authentication federation but does not revoke Craft.io access on its own - deactivating a user in Okta or Entra ID without a corresponding manual removal in Craft.io leaves access open.
What IT admins are saying
Recurring friction points reported by Craft.io admins center on the absence of SCIM and sparse role documentation. The lack of SCIM means deprovisioning is a manual step even when SSO is fully configured - a gap that creates audit risk at scale.
Admins also flag that Viewer/Stakeholder seat pricing is not clearly communicated on public pricing pages, making license planning difficult before an Enterprise conversation. Role boundaries between Admin and Member are similarly underdocumented, requiring direct support contact to confirm exact permissions.
Common complaints:
- SCIM not explicitly supported, requiring manual user deprovisioning even when SSO is configured.
- Granular permission documentation is sparse; users report difficulty understanding exact role boundaries.
- No automated way to identify and reclaim unused seats.
- Viewer/stakeholder seat pricing and availability not clearly communicated on public pricing pages.
The decision
Every app that lacks SCIM adds a manual provisioning step to your joiner/mover/leaver workflows, and Craft.io is no exception. If your organization requires automated lifecycle management tied to an identity provider, the absence of SCIM is a hard constraint - not a workaround-able gap.
SAML 2.0 SSO is available and covers authentication, but it does not substitute for lifecycle automation. Teams on Essential or Pro plans should confirm seat limits and Viewer seat costs with sales before committing, as neither is publicly detailed.
Enterprise buyers should explicitly ask about any undocumented API or provisioning capabilities during the sales process, as public documentation does not confirm any programmatic user management options.
Bottom line
Craft.io is a capable product management platform, but its identity and access management story is manual by design - no SCIM, no public user API, and role documentation that requires direct vendor contact to fully interpret.
Every app without automated provisioning adds admin burden at every org change event, and Craft.io is no exception. Teams with strict deprovisioning SLAs or large, frequently changing rosters should weigh that overhead explicitly before standardizing on this tool.
Automate Craft.io workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
