Summary and recommendation
One Medical user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
One Medical does not offer a native SCIM integration or a self-serve admin dashboard for IT or HR teams.
Employer-sponsored memberships are managed through One Medical's employer partnerships team, benefits brokers, or HR platforms such as Justworks or Sequoia - not through a direct admin console.
There is no publicly documented admin UI path for adding or removing individual employee seats.
Quick facts
| Admin console path | Settings / Administration > Users and Roles (exact labels vary by tenant) |
| SCIM available | No |
| SCIM tier required | N/A (membership or employer-sponsored) |
| SSO prerequisite | No |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Admin | Can manage tenant settings, integrations, and user access. | Cannot grant functionality outside the modules licensed for the tenant. | Detailed built-in role names are not fully documented publicly. | ||
| Standard User | Can use the core product features exposed to their role. | May not be able to manage tenant settings or other users. | Exact privileges can vary by tenant configuration. |
Permission model
- Model type: role-based
- Description: One Medical appears to use role-based access for tenant administration and general product use, but the detailed permission matrix is not publicly documented in full.
- Custom roles: Unknown
- Custom roles plan: Not documented
- Granularity: Expect administrative access to be separated from standard user access, with exact scopes configured per tenant.
How to add users
- Log in as an administrator.
- Open settings or administration and navigate to users.
- Choose the add or invite user action.
- Enter the user's work email and assign the appropriate role.
- Save the user and complete any activation or SSO steps required by the tenant.
Required fields: Work email address, Role
Watch out for:
- Public documentation for user administration is limited, so exact labels may vary by tenant.
- If SSO is enabled, upstream IdP assignment may still be required.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Unknown | Not documented |
| Domain whitelisting | Unknown | Automatic domain-based user add |
| IdP provisioning | No | Not documented |
How to remove or deactivate users
- Can delete users: Unknown
- Delete/deactivate behavior: Public docs do not clearly document whether users are disabled, deleted, or both. Treat lifecycle behavior as tenant-specific unless confirmed in-product.
- Open the users area as an administrator.
- Locate the user to offboard.
- Disable, revoke, or remove the account using the controls available in that tenant.
- Review any integrations or service credentials associated with the departing user.
| Data impact | Behavior |
|---|---|
| Owned records | Tenant data remains in the workspace; public docs do not describe user-owned content semantics in detail. |
| Shared content | Shared dashboards, configurations, and records remain available unless separately removed. |
| Integrations | Review service credentials and integration ownership separately during admin offboarding. |
| License freed | Seat reuse behavior is contract-dependent and not publicly documented in detail. |
Watch out for:
- Offboarding should include token and integration review, not just interactive login removal.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Individual membership | Unlimited primary care visits, 24/7 virtual care, app access | $199/person/year (individual direct purchase) |
| Employer-sponsored membership | Same member benefits as individual; employer manages enrollment via benefits administration | Custom pricing negotiated with employer; example rate ~$149/person/year via Justworks integration |
- Where to check usage: Settings / Administration > Users and Roles
- How to identify unused seats: Review the tenant user list and any visible login or activity metadata. No public unused-seat report was verified.
- Billing notes: Employer-sponsored plans are managed through One Medical's employer partnerships team and may be administered via benefits platforms (e.g., Justworks). No publicly documented self-serve admin dashboard for seat tracking has been found.
The cost of manual management
Because there is no admin portal, every app lifecycle event - onboarding a new hire, offboarding a departed employee, or auditing active seats - requires a manual touchpoint with either a benefits broker, an HR platform connector, or a One Medical account representative.
This creates compounding overhead for HR and IT teams managing frequent headcount changes. Real-time seat utilization data is not accessible without going through an account rep, making it difficult to identify and reclaim unused memberships promptly.
The decision
One Medical is a healthcare membership benefit, not a SaaS tool with a conventional IT admin surface. If your organization sponsors memberships, expect enrollment and offboarding workflows to live inside your benefits administration platform rather than your identity provider or MDM stack.
Every app in your portfolio that lacks a direct admin API or SCIM endpoint adds manual reconciliation work; One Medical is firmly in that category. Teams with high employee turnover or strict access-review requirements should factor in the overhead of broker-mediated offboarding before expanding enrollment.
Bottom line
One Medical has no native SCIM, no public admin console, and no self-serve seat management for employer-sponsored plans. All provisioning and deprovisioning flows through benefits brokers or HR platform integrations, meaning IT and HR teams carry the full manual burden of keeping membership rosters accurate.
Until One Medical exposes a programmatic management surface, this app requires a defined manual offboarding SOP to avoid paying for memberships belonging to employees who have already left.
Automate One Medical workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
