Gusto User Management Guide

• Model type: role-based
• Description: Gusto uses a predefined role-based model with three admin tiers (Full Access, Limited Access, View Only). Limited Access admins can have module-level scopes toggled on or off (Payroll, Benefits, Hiring & Onboarding, Time & Attendance, Reports, Company Settings). There are no fully custom roles or field-level permission controls.
• Custom roles: No
• Custom roles plan: Not documented
• Granularity: Module-level (per functional area). Within a module, access is binary (on/off), not action-level. No row-level or field-level permission controls are available.

1. Log in to Gusto as a Full Access Admin.
2. Navigate to Settings → Admins.
3. Click 'Add an admin'.
4. Enter the new admin's first name, last name, and work email address.
5. Select the permission level: Full Access, Limited Access (then toggle desired module scopes), or View Only.
6. Click 'Send invite'. The invitee receives an email to set up or link their Gusto account.
7. For adding employees (not admins): navigate to People → Employees → Add Employee and complete the onboarding flow including personal info, compensation, and tax withholding details.

Required fields: First name, Last name, Work email address, Permission level selection

Watch out for:

• Admin invitations expire; if the invitee does not accept within the expiration window, the invite must be resent.
• An admin who is also an employee of the company will appear in both the Admins list and the Employees list; their admin role and employee record are managed separately.
• Gusto does not support bulk admin import via CSV; admins must be added one at a time.
• New employees added manually trigger an onboarding checklist email to the employee; there is no silent/background add option.
• If the invitee already has a Gusto account (e.g., from a previous employer), they link the new company to their existing account rather than creating a new one.

• Can delete users: No
• Delete/deactivate behavior: Gusto does not permanently delete employee or admin records. Employees are 'terminated' (deactivated), which removes their active access while preserving all historical payroll, tax, and HR records for compliance purposes. Admin access can be revoked, which removes their admin permissions but does not delete their Gusto user account if they are also an employee.

1. To remove an admin: Navigate to Settings → Admins → locate the admin → click the three-dot menu or 'Edit' → select 'Remove admin access'. This revokes their admin permissions immediately.
2. To terminate an employee: Navigate to People → Employees → select the employee → click 'Terminate employee'.
3. Enter the termination date and reason.
4. Confirm whether a final paycheck needs to be processed (Gusto will prompt for this).
5. Complete any required state-specific termination notices (Gusto surfaces these based on the employee's work state).
6. Click 'Terminate'. The employee's self-service portal access is revoked after their termination date.

Watch out for:

• Terminating an employee in Gusto does not automatically revoke their admin access if they were also an admin; admin access must be removed separately via Settings → Admins.
• Rehiring a terminated employee reactivates their record rather than creating a new one; historical data is preserved.
• State-specific final paycheck timing laws are surfaced by Gusto but compliance is the employer's responsibility.
• If the terminated employee is the sole Full Access Admin, another admin must be promoted before removal is possible.
• Contractor termination follows a different flow (People → Contractors) and does not trigger the same final paycheck prompts as employee termination.

• Where to check usage: Settings → Billing & Plan → view current active employee count and monthly cost breakdown. Also visible in People → Employees (filter by 'Active' status to see billable headcount).
• How to identify unused seats: Gusto does not provide a native 'last login' report for employee self-service accounts. Admins can review the employee list filtered by status (Active/Terminated) to identify active seats. There is no automated unused-seat detection feature.
• Billing notes: Billing is per active employee per month on top of a flat monthly base fee. The base fee and per-person rate vary by plan (Simple, Plus, Premium). Terminated employees are removed from billing; the timing of billing relief (immediate vs. next cycle) should be confirmed with Gusto support. Gusto bills monthly; annual billing options may be available for some plans. Contractors on the Contractor Only plan are billed separately from employees.

Every app in your stack that depends on Gusto employee data requires a manual handoff today. When a new hire is added in Gusto, access to every app - Slack, Zoom, your project tools - must be provisioned separately unless you are on Plus or Premium and have configured Gusto's outbound integrations.

Admin access and employee records are managed in separate flows, and terminating an employee does not automatically revoke admin permissions if that person held both roles. Missing that second step leaves access open after an employee's last day.

The most consistent complaint from Gusto admins is that the permission model is binary at the module level: granting Payroll access means full payroll run capability, with no read-only option for managers who only need visibility.

There is also no way to scope an HR admin to only their direct reports' data without granting broader module access. A recurring operational gap is the absence of any last-login or inactive-account report, which makes access audits manual and error-prone.

Common complaints:

• Users report that Gusto's admin permission model lacks granularity - granting 'Payroll' access gives full payroll run capability with no read-only payroll option for non-payroll admins who need visibility.
• Multiple users note that there is no way to give a manager access to only their direct reports' time-off or compensation data without granting broader HR module access.
• Users report confusion when an employee who is also an admin is terminated - the admin access is not automatically revoked, leading to continued portal access post-termination if the admin step is missed.
• Community feedback indicates that mid-cycle employee terminations can still result in a full month's per-person charge, which surprises smaller employers.
• Users note the absence of a 'last login' or 'inactive user' report, making it difficult to audit which employees have never activated their self-service accounts.
• Some users report that admin invitation emails are not always received due to spam filtering, and there is no in-app resend confirmation that the email was delivered.

Gusto fits teams that need payroll and HR in one place and are comfortable managing access to other tools separately or through its outbound provisioning integrations. It is not a fit if your identity governance requirement is inbound automated provisioning from an IdP - that capability does not exist yet.

Teams on Simple plan get no outbound provisioning at all; Plus or Premium is required to push employee lifecycle events to connected apps. If your compliance posture requires automated deprovisioning across every app at offboarding, Gusto alone will not close that gap.

Bottom line

Gusto handles payroll and HR records well, but its access management story has meaningful gaps for IT and security teams. There is no inbound SCIM, no last-login visibility, and no granular permission scoping below the module level.

Outbound provisioning to connected apps is available but plan-gated, and the admin-versus-employee record split means offboarding requires two separate actions to fully remove access. Teams that need automated, auditable lifecycle management across every app will need to layer additional tooling on top of Gusto.