Summary and recommendation
Elastic Path user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Elastic Path Commerce Manager uses a fixed, role-based permission model with six predefined roles: Owner, Admin, Developer, IT, Marketing, and Support. Roles are assigned per team member at the store level, and there is no option to create custom roles or apply per-resource permission overrides.
For teams managing every app in a composable commerce stack, this means access governance in Elastic Path is handled entirely through these six fixed roles with no programmatic provisioning path documented. User management lives under Commerce Manager > Team Management at https://euwest.cm.elasticpath.com.
Quick facts
| Admin console path | Commerce Manager > Team Management |
| Admin console URL | Official docs |
| SCIM available | No |
| SCIM tier required | Enterprise |
| SSO prerequisite | No |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Owner | Full access to all Commerce Manager features including billing, store settings, and team management. Cannot be removed by other roles. | Cannot be demoted or deleted by other team members; only one Owner per store. | Owner role is assigned to the account creator and cannot be transferred via the UI; contact Elastic Path support to transfer ownership. | ||
| Admin | Full access to Commerce Manager features including team management, catalog, orders, promotions, and settings. Can invite and remove other team members except Owner. | Cannot manage billing or transfer ownership. | |||
| Developer | Access to store settings, API keys, logs, and technical configuration. Can manage catalogs and products. | Cannot manage team members or billing. | |||
| IT | Access to store settings and infrastructure-related configuration. | Cannot manage team members, billing, or catalog content. | |||
| Marketing | Access to catalog management, promotions, and content-related features. | Cannot access store settings, API keys, team management, or billing. | |||
| Support | Read-only or limited access to orders and customer data for support purposes. | Cannot modify catalog, settings, team members, or billing. |
Permission model
- Model type: role-based
- Description: Elastic Path Commerce Manager uses a fixed set of predefined roles (Owner, Admin, Developer, IT, Marketing, Support). Each role maps to a defined set of feature access permissions within Commerce Manager. Roles are assigned per team member at the store level.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Role-level only; no per-resource or per-field permission customization available within Commerce Manager. API-level access is controlled separately via client credentials and implicit tokens.
How to add users
- Log in to Commerce Manager at https://euwest.cm.elasticpath.com.
- Navigate to Team Management in the left sidebar.
- Click 'Invite Team Member'.
- Enter the invitee's email address.
- Select the appropriate role (Admin, Developer, IT, Marketing, or Support).
- Click 'Send Invite'.
- The invitee receives an email invitation and must accept it to gain access.
Required fields: Email address, Role
Watch out for:
- Invitations expire if not accepted within a set period; a new invite must be sent if expired.
- The invitee must not already have an Elastic Path account under a different organization to avoid conflicts.
- SSO must be configured separately via OIDC profiles; team member invites do not automatically enforce SSO.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | No | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Enterprise (SSO via OIDC; Okta and Entra ID supported; SCIM provisioning not documented) |
How to remove or deactivate users
- Can delete users: Yes
- Delete/deactivate behavior: Elastic Path Commerce Manager supports deleting team members directly. There is no documented 'deactivate' or 'suspend' state; removal is a permanent delete action that revokes access immediately.
- Log in to Commerce Manager.
- Navigate to Team Management.
- Locate the team member to remove.
- Click the delete or remove option next to the team member's name.
- Confirm the deletion.
| Data impact | Behavior |
|---|---|
| Owned records | No official documentation specifies what happens to records owned by a deleted team member. Catalog entries, orders, and other data created by the user remain in the store. |
| Shared content | Shared catalog and product data persists after team member deletion. |
| Integrations | API credentials (client credentials) are separate from team member accounts; deleting a team member does not automatically revoke associated API keys if they were created under a store-level credential. |
| License freed | No per-seat licensing model is publicly documented; deletion does not have a documented effect on billing. |
Watch out for:
- The Owner account cannot be deleted by other team members.
- Deleting a team member is immediate and irreversible via the UI; the user must be re-invited to restore access.
- No deactivation or temporary suspension option is documented; the only option is full deletion.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Team Member (Commerce Manager user) | Access to Commerce Manager based on assigned role. Not billed per seat under publicly documented pricing. | Included in platform subscription; no per-seat fee publicly documented. |
- Where to check usage: Not documented
- How to identify unused seats: No documented method for identifying inactive team members within Commerce Manager. Admins must manually review the Team Management list.
- Billing notes: Elastic Path uses custom enterprise pricing based on % of GMV or order volume, not per-seat licensing. Team member counts do not appear to directly affect subscription cost based on publicly available documentation. Contact Elastic Path sales for specifics.
The cost of manual management
Elastic Path uses custom enterprise pricing tied to GMV or order volume, not per-seat licensing, so team member counts do not appear to directly affect subscription cost based on publicly available documentation. There is no documented method for identifying inactive team members within Commerce Manager - admins must manually audit the Team Management list.
Because there is no deactivation or suspension state, the only way to remove access is a permanent deletion; re-access requires a fresh invite.
What IT admins are saying
Practitioners consistently flag the same friction points with Elastic Path's team management. SCIM provisioning is not documented, meaning automated lifecycle management through an identity provider is not a confirmed option.
Ownership transfer is not self-serve and requires contacting Elastic Path support directly. There is also no bulk user import via CSV, and the fixed role set limits teams that need granular access control beyond the six predefined options.
Common complaints:
- Limited public documentation on identity and access management features, particularly around SCIM provisioning.
- No documented deactivation or suspension state for team members; only full deletion is available.
- No bulk user import (CSV) option documented for Commerce Manager team management.
- Role set is fixed with no custom role creation available, limiting granular access control.
- Ownership transfer process is not self-serve and requires contacting Elastic Path support.
The decision
When auditing every app in a composable commerce stack, Elastic Path stands out for its minimal access management tooling relative to peers. Teams that need automated provisioning, role granularity beyond six fixed options, or a self-serve ownership transfer should factor in those gaps before committing.
SSO for Commerce Manager admin users is supported via OIDC but must be configured separately; team member invites do not automatically enforce SSO.
Bottom line
Elastic Path Commerce Manager enforces clear role boundaries across every app touchpoint in a composable stack, but its access management tooling is intentionally minimal - no SCIM, no custom roles, no deactivation state, and no bulk import.
Teams with straightforward role needs and low admin-user churn will find the manual workflow manageable. Teams with stricter identity governance requirements should plan for API-based lifecycle management or escalate SCIM availability directly with Elastic Path sales.
Automate Elastic Path workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
