Summary and recommendation
Harvest user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Harvest is a time-tracking app with a straightforward two-role permission model: Administrator and Member. There are no custom roles and no native SCIM provisioning on any plan.
Every app in a modern stack that handles user lifecycle needs some provisioning path - in Harvest's case, every user must be manually invited or provisioned through a third-party IdP connector such as OneLogin. SAML SSO is available, but only on the Premium plan.
Quick facts
| Admin console path | Settings → Team |
| Admin console URL | Official docs |
| SCIM available | No |
| SCIM tier required | Premium |
| SSO prerequisite | No |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Administrator | Full account access: manage all team members, projects, clients, invoices, expenses, reports, and account settings. Can view all time entries across the account. | Cannot exceed plan seat limits without upgrading. Cannot assign custom roles (no custom role feature exists). | Any paid plan (Free plan allows 1 seat total) | $10.80/seat/mo (annual) on Pro; $14.00/seat/mo (annual) on Premium | The account owner is always an Administrator; ownership cannot be transferred via UI-requires contacting Harvest support. |
| Member | Can track time and expenses on projects they are assigned to. Can view their own time entries and reports. Project Managers (a sub-permission of Member) can additionally manage assigned projects, team assignments on those projects, and view project reports. | Cannot access account settings, billing, or other users' time entries unless granted Project Manager access on specific projects. Cannot manage clients or invoices. | Any paid plan | $10.80/seat/mo (annual) on Pro; $14.00/seat/mo (annual) on Premium | Project Manager is not a separate role-it is a per-project toggle on a Member's profile. A Member can be Project Manager on some projects but not others. |
Permission model
- Model type: role-based
- Description: Harvest uses two fixed account-level roles (Administrator and Member). Members can be elevated to Project Manager on a per-project basis via a toggle, but there are no custom roles or granular permission sets. All permissions are predefined.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Coarse: account-level role (Admin vs. Member) plus per-project Project Manager flag. No field-level or resource-level permission customization.
How to add users
- Log in as an Administrator.
- Navigate to Settings → Team (https://app.getharvest.com/settings/team).
- Click 'Add a Team Member'.
- Enter the new user's first name, last name, and email address.
- Select role: Administrator or Member.
- Optionally set weekly capacity, cost rate, billable rate, and department.
- Click 'Send Invitation'. The user receives an email to set their password and activate their account.
- Assign the user to projects via the Projects section or from the user's profile.
Required fields: First name, Last name, Email address
Watch out for:
- Adding a user immediately increases the seat count and triggers a prorated billing charge for the current billing period.
- The Free plan is limited to 1 seat (the account owner); any additional user requires upgrading to a paid plan.
- Invited users must accept the email invitation before they can log in; pending invitations still consume a seat.
- There is no domain-based auto-provisioning; every user must be manually invited or provisioned via an IdP connector.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | No | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Premium (SAML SSO required; provisioning available via Okta, OneLogin, or Entra ID connectors) |
How to remove or deactivate users
- Can delete users: Verify in tenant
- Delete/deactivate behavior: This app exposes delete operations in its API documentation, but the admin-console path may present removal as deactivation, archiving, or deletion depending on tenant configuration. Confirm whether the UI action is reversible before treating removal as recoverable.
- Log in as an Administrator.
- Navigate to Settings → Team (https://app.getharvest.com/settings/team).
- Locate the team member to deactivate.
- Click the user's name to open their profile.
- Click 'Archive' (or the archive/deactivate option).
- Confirm the action. The user is immediately deactivated and loses login access.
| Data impact | Behavior |
|---|---|
| Owned records | All time entries and expenses logged by the deactivated user are retained in full and remain visible in reports and project records. |
| Shared content | Projects the user was assigned to remain intact; their logged hours continue to count toward project totals. |
| Integrations | Any API tokens or OAuth connections associated with the deactivated user are invalidated. SSO sessions are terminated. |
| License freed | The seat is freed immediately upon deactivation; billing adjusts at the next billing cycle (prorated credit may apply depending on billing terms). |
Watch out for:
- Deactivated users can be reactivated at any time, which will re-consume a seat and may trigger a prorated charge.
- There is no bulk deactivation UI; each user must be archived individually.
- Deactivating a user does not reassign their open tasks or project manager responsibilities-Administrators must manually reassign these.
- If the account owner needs to be changed, Harvest support must be contacted directly as there is no self-serve ownership transfer.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Free | 1 seat (account owner only), up to 2 active projects, unlimited clients | $0/mo |
| Pro | Unlimited seats, unlimited projects, invoicing, expense tracking, integrations | $10.80/seat/mo (annual) or $12.00/seat/mo (monthly) |
| Premium | Everything in Pro plus SAML SSO, timesheet approval workflows, and advanced user management features | $14.00/seat/mo (annual) or $17.50/seat/mo (monthly) |
- Where to check usage: Settings → Team (https://app.getharvest.com/settings/team) shows all active and archived members. Settings → Billing shows current seat count and cost.
- How to identify unused seats: Administrators can review the Team list and filter by last activity or check Reports → Time to identify members with no recent time entries. There is no built-in 'inactive user' report; manual review of time entry data is required.
- Billing notes: Billing is per active (non-archived) seat. Adding a user mid-cycle incurs a prorated charge. Deactivating a user mid-cycle may result in a prorated credit applied to the next invoice. Annual plans are billed upfront for the full year based on seat count at time of purchase; seat additions during the year are charged prorated for the remainder of the annual term.
The cost of manual management
There is no bulk CSV import, so each team member must be invited individually - a real drag at scale. Pending invitations count against your seat limit immediately, meaning billing starts before a user has even logged in. Identifying unused seats requires manually cross-referencing time entry reports, since Harvest has no built-in inactive user report.
What IT admins are saying
The most consistent friction points reported by Harvest admins center on provisioning and offboarding gaps. Bulk user import via CSV does not exist, making large-team onboarding tedious.
Permanent user deletion is not supported - only archiving - which leaves some teams feeling account cleanup is never truly complete.
The binary Admin/Member model is frequently flagged as too coarse for organizations that need intermediate access levels, and ownership transfer requires contacting Harvest support rather than a self-serve UI action.
Common complaints:
- No bulk user import via CSV; each user must be invited individually, which is time-consuming for large teams.
- No permanent user deletion; only archiving is available, which can make account cleanup feel incomplete.
- No built-in inactive user report to identify unused seats; admins must manually cross-reference time entry reports.
- Adding a user immediately triggers billing even if the invitation has not yet been accepted.
- No custom roles or granular permissions; the binary Admin/Member model is considered too coarse for organizations needing intermediate access levels.
- Ownership transfer requires contacting Harvest support rather than being self-serve.
- No domain-based auto-provisioning without a third-party IdP connector on the Premium plan.
The decision
Every app your team evaluates for time tracking should be weighed against the provisioning overhead it introduces - and Harvest's overhead is entirely manual without a third-party connector.
Teams on the Pro plan get unlimited seats and projects but no SSO; upgrading to Premium unlocks SAML SSO and timesheet approval workflows, though SCIM provisioning remains unavailable at any tier.
If your organization needs automated user lifecycle management, you will need to either build against the REST API or rely on a supported IdP connector.
Bottom line
Harvest is a capable time-tracking tool, but its user management is deliberately minimal. Every app your team relies on for access control will need more than Harvest can offer natively - no SCIM, no custom roles, no bulk import, and no self-serve ownership transfer.
For small teams with stable headcount, the manual workflow is manageable. For organizations with frequent onboarding and offboarding cycles, the per-seat billing-on-invite model and absence of automated provisioning will create compounding overhead that is worth factoring into your tooling decisions.
Automate Harvest workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
