Summary and recommendation
Outreach user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Outreach user management lives at Settings → Users (https://app.outreach.io/settings/users) and is accessible only to Admins. The platform uses a hybrid permission model: three system roles (Admin, Manager, User) set the baseline, and configurable permission profiles layer feature-level controls on top.
Custom permission profiles are available on higher-tier plans; the exact tier threshold is not publicly confirmed and should be verified with Outreach sales.
Quick facts
| Admin console path | Settings → Users (accessible via the gear/settings icon in the left navigation bar) |
| Admin console URL | Official docs |
| SCIM available | Yes |
| SCIM tier required | Enterprise |
| SSO prerequisite | Yes |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Admin | Full access to all settings, user management, billing, integrations, team configuration, and all data within the org. Can create/edit/deactivate users, manage roles, configure SSO/SCIM, and access all sequences and prospects. | Any paid plan | Counts as a full licensed seat | Admin role grants access to all prospect and sequence data org-wide, including data owned by other reps. Assigning Admin carelessly can expose sensitive pipeline data. | |
| Manager | Can view and manage team members' sequences, prospects, and activity. Access to team-level reporting. Cannot access org-wide billing or SSO/SCIM settings. | Cannot manage billing, configure SSO/SCIM, or create/deactivate users. | Any paid plan | Counts as a full licensed seat | Manager visibility scope is limited to users within their assigned team; cross-team visibility requires Admin role. |
| User (Standard Rep) | Access to own sequences, prospects, tasks, calls, and email. Can create and run sequences on prospects they own or have access to. | Cannot access other users' data unless explicitly shared. Cannot access admin settings, billing, or user management. | Any paid plan | Counts as a full licensed seat | Default role assigned on invite. Permissions can be further restricted via custom permission profiles on higher-tier plans. |
| Read-Only / Restricted User | View-only access to specified data sets. Cannot send emails, create sequences, or make calls. | Cannot take any action that consumes engagement credits or sends communications. | Availability and exact configuration depend on plan tier; confirm with Outreach account team. | May count as a reduced-cost or full seat depending on contract; confirm with Outreach account team. | Read-only access configuration is not prominently documented in the public help center; may require custom role setup or contract negotiation. |
Permission model
- Model type: hybrid
- Description: Outreach uses a combination of predefined system roles (Admin, Manager, User) and configurable permission profiles. On higher-tier plans, admins can create custom permission profiles that control granular access to features such as sequence creation, prospect import, reporting, and data export. Role assignment determines baseline access; permission profiles layer additional restrictions or grants on top.
- Custom roles: Yes
- Custom roles plan: Professional or Enterprise (exact tier for custom permission profiles not publicly confirmed; verify with Outreach sales)
- Granularity: Feature-level: sequence management, prospect ownership, reporting access, call recording, data import/export, and integration access can each be toggled per permission profile.
How to add users
- Log in as an Admin and navigate to Settings (gear icon in left nav).
- Select 'Users' from the Settings menu.
- Click 'Invite User' or 'Add User' button.
- Enter the new user's first name, last name, and work email address.
- Select the appropriate Role (Admin, Manager, or User).
- Optionally assign the user to a Team and apply a Permission Profile.
- Click 'Send Invite'. The user receives an email invitation to set up their account.
- User accepts the invite and sets a password (or authenticates via SSO if configured).
Required fields: First name, Last name, Work email address, Role
Watch out for:
- Inviting a user immediately consumes a licensed seat; seat count is reflected in billing at next cycle.
- If SSO is enforced, users must authenticate via the configured IdP; password-based login may be disabled.
- Email domain must match the org's configured domain if domain restrictions are enabled.
- Users do not have access until they accept the invitation; pending invites still occupy a seat in some contract configurations-verify with your Outreach account team.
- SCIM provisioning (Enterprise) bypasses manual invite flow; mixing manual and SCIM provisioning in the same org can cause duplicate or conflicting user states.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Yes | Settings → Users → Import Users (CSV upload option; availability may depend on plan tier) |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Enterprise |
How to remove or deactivate users
- Can delete users: No
- Delete/deactivate behavior: Outreach does not permanently delete user accounts. Admins can deactivate (disable) a user, which revokes login access and removes the user from active seat counts. The user's historical data, sequences, prospects, and activity logs are retained and remain accessible to admins. Deactivated users cannot be fully purged from the system through the UI.
- Log in as an Admin and navigate to Settings → Users.
- Locate the user to be deactivated using search or the user list.
- Click on the user's name or the action menu (three dots / ellipsis) next to their record.
- Select 'Deactivate User' (or 'Disable User' depending on UI version).
- Confirm the deactivation in the dialog prompt.
- The user's session is terminated and they can no longer log in. Their seat is freed for reassignment.
| Data impact | Behavior |
|---|---|
| Owned records | Prospects, sequences, and tasks owned by the deactivated user remain in the system and are accessible to Admins. Ownership can be reassigned to active users after deactivation. |
| Shared content | Shared sequences, templates, and snippets created by the deactivated user remain available to the org. They are not automatically removed. |
| Integrations | CRM sync (e.g., Salesforce) tied to the deactivated user's credentials may stop functioning for that user's records. Admins should reassign or reconfigure CRM mappings to avoid sync gaps. |
| License freed | Deactivating a user frees the seat for reassignment. Billing adjustment timing depends on contract terms; annual contracts may not reduce the invoice until renewal. |
Watch out for:
- Deactivation does not automatically reassign owned prospects or active sequences; admins must manually reassign to prevent orphaned records.
- Active sequences running under a deactivated user's account may pause or stop sending; review and reassign before deactivating.
- CRM integrations (Salesforce, HubSpot) connected under the departing user's OAuth token will break; re-authenticate under an active admin account.
- On annual contracts, deactivating a user mid-term typically does not reduce the billed seat count until renewal; confirm with your Outreach account team.
- SCIM-provisioned users deactivated via the IdP are deactivated in Outreach automatically, but data reassignment still requires manual admin action in Outreach.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Full User Seat (Engage) | Access to sequences, email, calling, reporting, and integrations based on role and permission profile. Core sales engagement functionality. | Approximately $100–$160/user/month on annual contract; exact pricing varies by plan (Standard vs. Professional) and negotiated terms. |
| Call Add-On | Enhanced calling features, call recording, and voice intelligence capabilities layered on top of a base seat. | Sold as an add-on; pricing not publicly listed. |
| AI Agents / Kaia Add-On | AI-powered meeting assistant, real-time call guidance, and conversation intelligence features. | Sold as a separate add-on; pricing not publicly listed. |
- Where to check usage: Settings → Users (shows active vs. deactivated users and total seat count); billing seat totals visible in Settings → Billing or via your Outreach account team.
- How to identify unused seats: Filter the Users list by 'Last Active' date in Settings → Users to identify users who have not logged in recently. No native automated unused-seat report is publicly documented; admins must manually review last-login data.
- Billing notes: Outreach sells on annual contracts. Seat counts are typically locked for the contract term; adding seats mid-term is prorated, but removing seats generally does not reduce billing until renewal. Enterprise contracts (200+ users, multi-year) have been reported with significant list-to-actual price variance. SCIM provisioning and SSO are available on Enterprise tier and must be configured as separate applications in the IdP.
The cost of manual management
Outreach sells on annual contracts, so seat costs are locked for the term. Adding a seat mid-contract is prorated; removing one does not reduce billing until renewal.
Inviting a user consumes a licensed seat immediately, and pending invites may still occupy a seat in some contract configurations - confirm this with your Outreach account team before bulk-inviting.
For large deployments, the gap between list and actual contract price can be substantial, but no specific discount rates can be stated here beyond what is publicly reported.
Every app in your stack carries offboarding risk, and Outreach compounds it: deactivating a user does not automatically reassign their active sequences or owned prospects. Admins must manually clean up orphaned records before or after deactivation to avoid pipeline gaps.
What IT admins are saying
The most consistent admin complaint is post-offboarding cleanup: deactivated users leave behind active sequences and owned prospects that must be manually reassigned.
A second recurring issue is silent CRM breakage - when the user whose OAuth token authenticated the Salesforce integration is deactivated, sync fails without an obvious alert, causing data gaps that surface later.
Admins also flag the non-standard IdP setup: SSO and SCIM must be configured as two separate applications in the identity provider, which differs from most SaaS tools and causes confusion during initial rollout.
There is no native report for identifying inactive seats; last-login data must be manually reviewed in the Users list.
Common complaints:
- Admins report that deactivating a user does not automatically reassign their active sequences or owned prospects, requiring significant manual cleanup after offboarding.
- Users and admins note that mid-contract seat reductions are not honored; billing continues for deactivated seats until annual renewal.
- Community members report confusion around the requirement to configure SSO and SCIM as two separate IdP applications, which is non-standard compared to other SaaS tools.
- Admins have noted that there is no built-in report or dashboard for identifying inactive or unused seats; last-login data must be manually reviewed in the Users list.
- Some admins report that CRM (Salesforce) sync breaks silently when the user whose OAuth token was used for the integration is deactivated, causing data sync gaps that are not immediately obvious.
- Community feedback indicates that custom permission profiles and granular role configuration are not well-documented in the public help center, requiring support tickets or CSM involvement to configure correctly.
The decision
SCIM provisioning is gated behind the Enterprise plan and requires SSO to already be active. If your org is on Standard or Professional, every app lifecycle event - onboarding, role changes, offboarding - is a manual admin task. For orgs with high rep turnover or frequent territory changes, that overhead compounds quickly.
The Admin role grants org-wide access to all prospect and sequence data, including records owned by other reps. Assign it narrowly. Manager visibility is scoped to their assigned team only; cross-team oversight requires Admin elevation.
Bottom line
Outreach's manual user management is functional but carries meaningful operational risk at scale. Deactivation does not cascade - sequences pause, prospects orphan, and CRM sync can break silently - so every offboarding requires a checklist, not just a click.
Seat costs are locked annually, so unused licenses bleed budget until renewal.
Orgs that can reach Enterprise tier and invest in the dual-app IdP setup will recover most of that overhead through SCIM automation; those below that tier should build explicit offboarding runbooks to avoid recurring cleanup debt.
Automate Outreach workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
