Summary and recommendation
Material Security user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Material Security is an enterprise-focused email security platform.
No public admin documentation portal or help center was found during research, which means the steps required to add, remove, or manage users cannot be independently verified without direct vendor engagement.
Organizations evaluating this tool should plan to work through their account team to confirm any user lifecycle workflows before rollout.
Quick facts
| Admin console path | Settings / Administration > Team or Users (exact labels vary by tenant) |
| SCIM available | No |
| SCIM tier required | N/A |
| SSO prerequisite | No |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Administrator | Can manage tenant settings, integrations, and portal user access. | Cannot change the underlying Google Workspace or Microsoft 365 identities that Material Security reads from connected systems. | Public docs do not fully enumerate all built-in role names. |
Permission model
- Model type: role-based
- Description: Material Security appears to use a role-based model for administrative access, but the detailed permission matrix is not documented publicly in full.
- Custom roles: Unknown
- Custom roles plan: Not documented
- Granularity: Expect separation between tenant administration and operational review access, with exact scopes defined in the tenant.
How to add users
- Log in to Material Security as an administrator.
- Open the settings or administration area and go to users or team management.
- Choose the add or invite user action.
- Enter the user's work email and assign the appropriate role.
- Send the invitation and complete any SSO or identity-assignment steps required by the tenant.
Required fields: Work email address, Role
Watch out for:
- Portal access is separate from the directory identities Material Security syncs from Google Workspace or Microsoft 365.
- Public documentation is limited, so exact navigation labels may vary by tenant version.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Unknown | Not documented |
| Domain whitelisting | Unknown | Automatic domain-based user add |
| IdP provisioning | Unknown | Not documented |
How to remove or deactivate users
- Can delete users: Unknown
- Delete/deactivate behavior: Public docs do not clearly document whether Material Security portal users are disabled, deleted, or both. Treat lifecycle behavior as tenant-specific unless verified in-product.
- Open the tenant users area as an administrator.
- Locate the user to offboard.
- Disable, revoke, or remove the account using the controls exposed in the tenant.
- Review any API credentials or integration ownership associated with that admin.
| Data impact | Behavior |
|---|---|
| Owned records | Security findings and configuration state are tenant data; public docs do not describe user-owned record semantics in detail. |
| Shared content | Shared dashboards, policies, and findings remain tenant assets unless separately changed. |
| Integrations | Review API tokens and connected-system ownership separately when offboarding administrators. |
| License freed | Seat reuse behavior is contract-dependent and not publicly documented in detail. |
Watch out for:
- Offboarding an admin should include token and integration review, not just interactive access removal.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Named portal user | Administrative access to the Material Security tenant. |
- Where to check usage: Settings / Administration > Team or Users
- How to identify unused seats: Review the current user list and any last-login details visible in the tenant. No public unused-seat report was verified.
- Billing notes: Material Security uses contract pricing. Public seat costs and self-serve license details are not documented.
The cost of manual management
Because Material Security lacks published SCIM provisioning support, user onboarding and offboarding must be handled manually for every app integration that relies on automated provisioning. Without a documented admin console path or permission model, IT teams have no self-serve reference for auditing access or reclaiming seats.
Licensing is custom and enterprise-only, so there is no public seat pricing to benchmark against usage.
The decision
Material Security is best suited for organizations that already have a direct enterprise relationship with the vendor and can negotiate provisioning workflows through that channel. Teams expecting self-serve admin controls or out-of-the-box IdP provisioning for every app in their stack will find this tool underdocumented for that purpose.
Confirm user lifecycle management capabilities explicitly with the vendor before committing.
Bottom line
Material Security's user management story is opaque by design: no public admin docs, no SCIM, and custom-only pricing. For organizations that can work within an enterprise engagement model, that may be acceptable.
For teams that need transparent, self-serve provisioning controls, the current lack of public documentation is a meaningful operational risk that warrants direct clarification with the vendor before deployment.
Automate Material Security workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
