Summary and recommendation
Insightly user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Insightly's user management is built around three fixed roles - Administrator, Standard User, and Read-Only - with no custom role builder available at any plan tier. Without automated provisioning, every app in your stack that touches employee identity requires its own manual admin session, and Insightly is no exception.
Record visibility is layered on top of roles via object-level sharing rules (Everyone, Owner Only, or specific Teams), and field-level security is available on Professional and Enterprise plans. All user management lives under System Settings → Users, accessible from the top-right avatar menu.
Quick facts
| Admin console path | System Settings → Users (top-right avatar menu → System Settings → Users) |
| Admin console URL | Official docs |
| SCIM available | Yes |
| SCIM tier required | Enterprise |
| SSO prerequisite | Yes |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Administrator | Full access to all records, system settings, user management, billing, integrations, and customization. Can invite/deactivate users, configure roles, manage pipelines, and access all data regardless of sharing rules. | Cannot be demoted below Administrator if they are the sole admin on the account. | All paid plans (Plus, Professional, Enterprise) | Counts as a paid seat; same per-user price as Standard User on the same plan. | At least one Administrator must remain active; Insightly will block deactivation of the last admin. |
| Standard User | Can create, edit, and delete records they own or that are shared with them. Access to reports, tasks, projects, and integrations as permitted by sharing rules and field-level security. | Cannot access System Settings, manage other users, change billing, or view records outside their sharing scope. | All paid plans (Plus, Professional, Enterprise) | $29/user/month (Plus), $49/user/month (Professional), $99/user/month (Enterprise), billed annually. | Record visibility is controlled by sharing rules set at the object level; Standard Users may inadvertently lose access to records if sharing rules are misconfigured. |
| Read-Only User | Can view records shared with them. Cannot create, edit, or delete any records. Can export data if export permission is granted by an Administrator. | Cannot create or modify any CRM records, tasks, projects, or system settings. | Professional and Enterprise plans only | Counts as a paid seat at the same per-user rate as Standard User on the same plan. | Read-Only seats are not discounted relative to Standard seats; organizations expecting a lower cost for view-only users may be surprised. |
Permission model
- Model type: role-based
- Description: Insightly uses a fixed set of built-in roles (Administrator, Standard User, Read-Only). There are no custom role definitions. Record-level visibility is further controlled by object-level sharing rules (Everyone, Owner Only, or specific Teams). Field-level security (field permissions) is available on Professional and Enterprise plans to restrict which fields a user can view or edit.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Role level (3 fixed roles) plus object-level sharing rules and field-level security on Professional/Enterprise. No custom role builder is available.
How to add users
- Log in as an Administrator.
- Click the avatar/profile icon in the top-right corner and select 'System Settings'.
- Navigate to the 'Users' section.
- Click 'Invite User' (or 'Add User').
- Enter the new user's email address.
- Select the user's Role (Administrator, Standard User, or Read-Only).
- Optionally assign the user to one or more Teams.
- Click 'Send Invitation'. The user receives an email to set their password and activate their account.
- The seat is consumed and billed immediately upon invitation acceptance (or upon sending, depending on plan billing cycle).
Required fields: Email address, Role (Administrator, Standard User, or Read-Only)
Watch out for:
- Inviting a user immediately counts against the seat limit; if the plan seat cap is reached, the invitation will be blocked until a seat is freed or the plan is upgraded.
- Users must accept the email invitation to activate their account; pending invitations still consume a seat on some plan configurations.
- The free plan was discontinued in October 2024; all new users must be on a paid plan.
- SSO-enforced accounts (Enterprise) require the user's email domain to match the configured IdP; mismatched domains will prevent login.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | No | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Enterprise |
How to remove or deactivate users
- Can delete users: Verify in tenant
- Delete/deactivate behavior: This app exposes delete operations in its API documentation, but the admin-console path may present removal as deactivation, archiving, or deletion depending on tenant configuration. Confirm whether the UI action is reversible before treating removal as recoverable.
- Log in as an Administrator.
- Navigate to System Settings → Users.
- Locate the user to be deactivated.
- Click on the user's name to open their profile.
- Click 'Deactivate User' (or toggle the Active status to inactive).
- Confirm the deactivation in the prompt.
- The user is immediately blocked from logging in and the seat is freed.
| Data impact | Behavior |
|---|---|
| Owned records | Records owned by the deactivated user remain in the system and retain the deactivated user as the record owner. Administrators must manually reassign ownership to active users if needed. |
| Shared content | Shared records, notes, emails, and tasks created by the deactivated user remain visible to users with appropriate sharing access. No content is deleted. |
| Integrations | API keys and OAuth tokens associated with the deactivated user may stop functioning. Administrators should rotate or reassign any integration credentials tied to that user before deactivation. |
| License freed | The seat is freed immediately upon deactivation and is available for reassignment to a new user without a billing cycle delay. |
Watch out for:
- Deactivated users' owned records are not automatically reassigned; orphaned ownership can cause records to fall outside active users' sharing scope.
- The last Administrator on the account cannot be deactivated; a second Administrator must be promoted first.
- Deactivated users still appear in historical activity logs and audit trails, which is intentional for compliance but can cause confusion.
- If the deactivated user was the sole member of a Team, records shared only with that Team may become inaccessible to other users until the Team is updated.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Plus User Seat | Standard User or Administrator role access on the Plus plan. Includes core CRM features, limited automation, and basic integrations. | $29/user/month, billed annually |
| Professional User Seat | Standard User, Administrator, or Read-Only role access on the Professional plan. Adds advanced reporting, field-level security, and more automation. | $49/user/month, billed annually |
| Enterprise User Seat | Standard User, Administrator, or Read-Only role access on the Enterprise plan. Adds SSO, SCIM provisioning, sandbox, and dedicated support. | $99/user/month, billed annually |
- Where to check usage: System Settings → Users → view the list of Active users and compare against the plan's seat count shown in System Settings → Subscription.
- How to identify unused seats: Administrators can review the 'Last Login' date column in System Settings → Users to identify users who have not logged in recently. No automated idle-user report is available natively.
- Billing notes: All plans are billed annually only; monthly billing is not available. Seats added mid-cycle are prorated for the remainder of the annual term. All-in-One bundles (Plus $349/mo, Professional $899/mo, Enterprise $2,599/mo) include a fixed user count and additional Insightly products (Marketing, Service). The free plan was discontinued in October 2024.
The cost of manual management
Without SCIM (available only on Enterprise at $99/user/month, billed annually), every onboarding and offboarding event requires a manual admin session in Insightly. Inviting a user consumes a seat immediately - even before the invitation is accepted - so seat overages can appear before a single login occurs.
Deactivated users' owned records are not automatically reassigned, meaning offboarding a departing employee typically requires a separate manual cleanup pass to prevent orphaned records from falling outside active users' sharing scope.
What IT admins are saying
Administrators consistently flag three friction points in community discussions. First, the inability to permanently delete user accounts means deactivated users accumulate in the user list over time, with no native cleanup tool available.
Second, Read-Only seats carry the same per-user price as Standard seats, which surprises organizations expecting a lower cost for view-only stakeholders. Third, the three-role fixed model draws recurring complaints from teams that need more granular permission control but are not on Enterprise.
Common complaints:
- Users report that there is no way to permanently delete a user account, only deactivate, which can clutter the user list over time.
- Administrators note that deactivated users' owned records are not automatically reassigned, requiring manual cleanup that can be time-consuming for large teams.
- Community members have expressed frustration that Read-Only seats cost the same per-user price as Standard seats, making them poor value for view-only stakeholders.
- Users on Plus and Professional plans report that the absence of SCIM provisioning makes onboarding and offboarding at scale operationally burdensome.
- Some administrators report confusion about pending invitations consuming seats before the invited user has accepted, leading to unexpected seat overages.
- The lack of custom roles (only three fixed roles) is a recurring complaint from organizations that need more granular permission control without upgrading to Enterprise.
- Users have noted that the 'Last Login' field is the only native tool for identifying inactive users, and there is no built-in automated report or alert for unused seats.
The decision
When evaluating whether to stay on a lower tier, consider that every app requiring SSO or automated provisioning will surface the same gap - Insightly's SCIM is gated behind Enterprise and also requires an active SSO configuration as a hard prerequisite.
Organizations on Plus or Professional must manage every user lifecycle event manually through the admin console. All plans are billed annually only; there is no monthly billing option, and the free plan was discontinued in October 2024. All-in-One bundles (Plus $349/mo, Professional $899/mo, Enterprise $2,599/mo) include a fixed user count alongside additional Insightly products.
Bottom line
Insightly's manual user management is straightforward for small teams but becomes operationally burdensome at scale without Enterprise-tier SCIM.
The fixed three-role model, absence of automatic record reassignment on deactivation, and seat consumption on pending invitations are the three operational risks most likely to create real administrative overhead.
Teams evaluating the platform should factor in whether the Enterprise plan's SCIM and SSO capabilities justify the per-seat cost increase relative to the manual effort required on lower tiers.
Automate Insightly workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
