Mailchimp User Management Guide

• Model type: role-based
• Description: Mailchimp uses a fixed set of five predefined roles (Owner, Admin, Manager, Author, Viewer). Permissions are bundled per role and cannot be individually customized. There are no custom roles or granular permission toggles available on any plan.
• Custom roles: No
• Custom roles plan: Not documented
• Granularity: Role-level only; no per-audience, per-campaign, or per-feature permission scoping available within a role.

1. Log in as Owner or Admin.
2. Click the account avatar/name in the top-right corner.
3. Select 'Account & billing' from the dropdown.
4. Navigate to the 'Settings' tab, then click 'Users'.
5. Click the 'Invite A User' button.
6. Enter the invitee's email address.
7. Select the desired role (Admin, Manager, Author, or Viewer) from the role dropdown.
8. Click 'Send Invite'.
9. The invitee receives an email invitation and must accept it to gain access. If they do not have a Mailchimp account, they will be prompted to create one.

Required fields: Email address of the invitee, Role selection

Watch out for:

• Free plan accounts are single-user only; multi-user access requires upgrading to Essentials or higher.
• The invitee must accept the email invitation before they appear as an active user; pending invites are shown separately.
• Invitations expire if not accepted; a new invite must be sent if the original expires.
• Each additional user seat on paid plans may increase the monthly cost depending on the plan tier and seat count.
• The invited user's Mailchimp account (if they already have one) will be linked; they will see this account in their account switcher.

• Can delete users: Yes
• Delete/deactivate behavior: Mailchimp allows Owners and Admins to remove (revoke access for) other users from the account. Removal is immediate and revokes all access to the account. The removed user's Mailchimp account itself is not deleted-only their access to this specific account is revoked. There is no 'deactivate/suspend' state; the only options are active access or full removal.

1. Log in as Owner or Admin.
2. Click the account avatar/name in the top-right corner.
3. Select 'Account & billing'.
4. Go to 'Settings' → 'Users'.
5. Locate the user to remove in the active users list.
6. Click the trash/remove icon or 'Remove' option next to that user.
7. Confirm the removal in the confirmation dialog.

Watch out for:

• The Owner cannot be removed by anyone other than themselves (via ownership transfer). If an Owner leaves without transferring, account recovery requires Mailchimp support intervention.
• API keys created by a removed user are NOT automatically revoked. Admins must manually review and delete orphaned API keys under Account → Extras → API keys.
• There is no audit log of user actions available on lower-tier plans, making it difficult to review what a removed user did before removal.
• Pending invitations for a removed user should also be cancelled manually if the invite was sent in error.
• Admins cannot remove other Admins on some account configurations; only the Owner can remove Admin-level users in certain scenarios-verify current behavior in the Users settings panel.

• Where to check usage: Account avatar → Account & billing → Settings → Users (shows all active users and pending invitations)
• How to identify unused seats: No built-in last-login or activity timestamp is displayed in the Users panel. Admins must manually review the user list and cross-reference with known team members to identify potentially unused seats. No automated idle-user detection is available.
• Billing notes: Mailchimp's pricing is primarily contact-count-based, not seat-based. Additional user seats on Essentials and Standard plans may add incremental cost; Premium includes unlimited seats. Removing a user frees the seat but billing adjustments depend on the plan's seat tier thresholds. Always verify current seat pricing on the Mailchimp pricing page as it changes with contact tier.

Without automated provisioning, offboarding requires manual invite-and-remove cycles through the Users settings panel. API keys created by a removed user are not automatically revoked, requiring a separate manual audit under Account → Extras → API Keys.

There is no last-login or activity timestamp in the Users panel, so identifying stale seats means cross-referencing the user list against known team members by hand.

The most consistent friction reported by Mailchimp administrators centers on three gaps. First, no native SCIM endpoint exists - automated provisioning depends entirely on third-party IdP connectors (Okta, OneLogin, miniOrange), which add integration cost and maintenance overhead.

Second, the absence of audit logs on Essentials and Standard plans makes it difficult to reconstruct what a removed user accessed or changed.

Third, the five-role model is widely considered too coarse for larger teams: there is no way to restrict a Manager from exporting contact lists, which is a data-governance concern on plans below Premium.

Common complaints:

• No native SCIM support; automated provisioning requires third-party integrations (Okta, OneLogin, miniOrange) which add cost and complexity.
• No last-login or activity data visible in the Users panel, making it impossible to identify inactive users without manual tracking.
• API keys created by removed users are not automatically revoked, creating a security gap that requires manual cleanup.
• No custom roles or granular permissions; the fixed five-role model is considered too coarse for larger teams with complex access requirements.
• Free plan restricts accounts to a single user, forcing upgrades even for small teams needing basic collaboration.
• No audit log of user actions on Essentials or Standard plans, limiting accountability and compliance capabilities.
• Ownership transfer process is cumbersome and requires the departing Owner to be available; no admin-override path without contacting support.
• Pending invitations do not auto-expire with a clear notification, leading to forgotten open invitations.
• Limited native enterprise identity features despite Intuit acquisition; SSO is only available via third-party providers.

Every app in a compliance-conscious stack should support automated deprovisioning; Mailchimp currently requires third-party tooling to reach that baseline. Teams that need audit trails or scoped audience-level permissions will hit hard limits on every plan below Premium, and even Premium does not offer native SCIM.

If your organization already runs an IdP like Okta or OneLogin, evaluate whether the connector overhead is justified before committing to a provisioning workflow.

Bottom line

Mailchimp's user management is straightforward for small teams but shows meaningful gaps at scale: no native SCIM, no last-login visibility, no audit logs below Premium, and orphaned API keys on offboarding that require manual cleanup.

Every app in a well-governed stack should have automated deprovisioning; Mailchimp currently requires third-party tooling to get there. Teams with strict compliance or access-control requirements should weigh those gaps against the platform's marketing capabilities before expanding seat count.