Summary and recommendation
Medallia user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Medallia is an enterprise experience management platform priced on Experience Data Record (EDR) volume, not named seats. User management lives inside the Administration console, though the exact navigation path is not publicly documented and may vary by implementation.
Because there is no native SCIM provisioning, every app account - onboarding, role changes, offboarding - requires manual action by an administrator.
Three primary user types exist: Administrator, Analyst/Report Viewer, and Frontline User. Each role controls both feature access and data visibility through a layered role-based access control model tied to organizational hierarchy units such as region or location.
Quick facts
| Admin console path | Administration > Users (path inferred from community references; exact navigation not publicly documented) |
| SCIM available | No |
| SCIM tier required | Enterprise |
| SSO prerequisite | No |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Administrator | Full platform access including user management, role assignment, survey configuration, data access controls, and integrations. | Administrator role details are not publicly documented; configuration may vary by implementation. | |||
| Analyst / Report Viewer | Access to dashboards, reports, and feedback data scoped by role-based data access rules. | Cannot manage users, configure surveys, or modify role assignments. | Data visibility is controlled by role-based access rules tied to organizational hierarchy; misconfigured roles can expose or hide data unintentionally. | ||
| Frontline User | Access to case management, customer feedback alerts, and action workflows relevant to their assigned scope. | Cannot access platform administration or cross-unit reporting. | Seat type and access scope are typically defined during implementation; changes may require vendor involvement. |
Permission model
- Model type: role-based
- Description: Medallia uses a role-based access control model where roles define both feature access and data visibility. Data access is further scoped by organizational hierarchy units (e.g., region, location). Roles are assigned per user and can be combined with data access rules to restrict what feedback records a user can view.
- Custom roles: Yes
- Custom roles plan: Not documented
- Granularity: Role-level feature permissions combined with hierarchical data-access scoping. Granularity of custom role configuration is not publicly documented.
How to add users
- Log in to the Medallia platform as an Administrator.
- Navigate to the Administration section (exact path not publicly documented; typically Administration > Users or similar).
- Select the option to create or invite a new user.
- Enter required user fields (see required_fields).
- Assign one or more roles to define feature access.
- Assign data access rules or organizational unit scope.
- Save or send invitation to the user.
Required fields: First name, Last name, Email address, Role assignment
Watch out for:
- Medallia's admin UI is behind a customer-authenticated portal; exact steps may differ by implementation version or contracted modules.
- Role and data-access configuration complexity often requires involvement from a Medallia implementation consultant, especially for large organizations.
- SSO-provisioned users may still require manual role assignment within Medallia if SCIM is not configured.
- No native SCIM provisioning is documented publicly; user lifecycle management via IdP is limited to SAML SSO authentication, not automated provisioning/deprovisioning.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Unknown | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Enterprise (SAML SSO with Okta or Microsoft Entra ID documented; SCIM not confirmed) |
How to remove or deactivate users
- Can delete users: Unknown
- Delete/deactivate behavior: Medallia's public documentation does not confirm whether users can be permanently deleted. Deactivation (disabling account access) is the commonly referenced approach. Permanent deletion behavior is not publicly documented.
- Log in as an Administrator.
- Navigate to the user management section of the Administration console.
- Locate the target user account.
- Disable or deactivate the account to revoke platform access.
- Confirm the action.
| Data impact | Behavior |
|---|---|
| Owned records | Not publicly documented. Historical feedback data and reports associated with a deactivated user are expected to persist in the platform. |
| Shared content | Not publicly documented. |
| Integrations | Not publicly documented. If the user was associated with API credentials or integration configurations, those may need to be reassigned manually. |
| License freed | Not publicly documented. Medallia pricing is EDR-based (Experience Data Records), not per-seat, so deactivating a user may not directly reduce billing. |
Watch out for:
- Because Medallia pricing is based on data record volume rather than named seats, deactivating a user does not automatically reduce costs.
- Without SCIM, deprovisioning is not automated via IdP; administrators must manually deactivate users when employees leave.
- No public documentation confirms whether deactivated users can be reactivated or if their historical data access is preserved.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Experience Data Record (EDR) | Platform access is priced on volume of feedback/experience data records processed, not on number of users. | Custom pricing; estimated starting ~$20,000/year based on EDR volume. |
- Where to check usage: Not documented
- How to identify unused seats: No publicly documented method for identifying inactive or unused user accounts within the admin console. Admins would need to review last-login data if exposed in the UI.
- Billing notes: Medallia does not use a per-seat licensing model. Costs are driven by EDR volume. Adding or removing users does not directly affect the contract cost. Pricing is negotiated with Medallia sales and is not publicly listed.
The cost of manual management
Because Medallia's pricing is based on EDR volume rather than seats, adding or removing users does not directly change contract costs. However, the operational cost of manual user management is real: without SCIM, IT teams must manually provision and deprovision accounts when employees join, move, or leave.
Role and data-access configuration is complex enough that large organizations frequently require involvement from a Medallia implementation consultant. Changes to role assignments or data access rules can take time to propagate, and some changes may require opening a support ticket with Medallia directly.
What IT admins are saying
Reviewers on G2 and Gartner Peer Insights consistently flag that Medallia's user management and permissions setup carries a steep learning curve, particularly for enterprise deployments with complex organizational hierarchies.
The admin interface is described as complex, and role plus data-access configuration is frequently cited as requiring professional services involvement.
The absence of native SCIM provisioning is a recurring pain point: IT teams report that offboarding must be handled manually, increasing the risk of orphaned accounts. Some users also note that role assignment changes can be slow to take effect.
Common complaints:
- Users report that the Medallia admin interface is complex and that role and data-access configuration often requires professional services or implementation consultant involvement.
- Reviewers on G2 and Gartner Peer Insights note that user management and permissions setup has a steep learning curve, particularly for large enterprise deployments with complex organizational hierarchies.
- The lack of native SCIM provisioning means IT teams must manually manage user lifecycle events (onboarding/offboarding) rather than automating them through an IdP.
- Some users report that changes to role assignments or data access rules can take time to propagate or require admin-level support tickets to Medallia.
The decision
Medallia is appropriate for enterprise organizations that need deep experience data management and can absorb the operational overhead of manual user lifecycle management. Teams with a dedicated Medallia administrator or an implementation partner will be better positioned to manage the role and data-access complexity across every app account in their environment.
Organizations that require automated provisioning and deprovisioning through an IdP should confirm SCIM availability directly with Medallia before contracting, as no public documentation confirms a SCIM 2.0 endpoint exists. SSO via SAML (Azure AD, Okta) is documented, but it handles authentication only - not provisioning.
Bottom line
Medallia delivers robust experience management capabilities at the enterprise tier, but its user administration demands hands-on effort: every app account must be created, role-assigned, and deactivated manually without SCIM automation.
The EDR-based pricing model means seat counts don't drive cost, but the absence of automated provisioning creates real IT overhead at scale.
Organizations should factor in consultant involvement for initial role and hierarchy configuration, and should validate SCIM support directly with their Medallia account team before assuming IdP-driven automation is possible.
Automate Medallia workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
