Summary and recommendation
Paddle user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Paddle is a Merchant of Record billing platform, and unlike every app that ships with IdP-friendly provisioning, it offers no SSO or SCIM for dashboard team access. Team members are managed through a fixed role-based system - Owner, Admin, Developer, and Read Only - with no custom role creation documented.
All team management lives at Dashboard → Account Settings → Team (vendors.paddle.com/account/team).
Quick facts
| Admin console path | Dashboard → Account Settings → Team |
| Admin console URL | Official docs |
| SCIM available | No |
| SCIM tier required | Unknown |
| SSO prerequisite | No |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Owner | Full access to all dashboard features, billing, team management, API keys, and account settings. Can invite, edit, and remove team members. | Cannot be removed or have role changed by other team members; only one Owner per account. | All plans | No per-seat fee; Paddle charges per transaction (5% + $0.50). | Owner role cannot be transferred via the UI; requires contacting Paddle support. |
| Admin | Access to most dashboard areas including transactions, customers, products, and reports. Can manage team members below their permission level. | Cannot access or modify billing/payment details for the Paddle account itself; cannot remove the Owner. | All plans | No per-seat fee. | Exact scope of Admin vs. other roles is not fully documented publicly; verify in dashboard. |
| Developer | Access to API keys, webhooks, and developer-oriented settings. Limited access to financial/transaction data. | Cannot manage team members or access billing settings. | All plans | No per-seat fee. | Role name and exact permissions may differ from what is listed here; Paddle's help docs do not publish a full role-permission matrix publicly. |
| Read Only | View-only access to dashboard data including transactions and reports. | Cannot make any changes to account settings, products, team, or API keys. | All plans | No per-seat fee. | Availability of this role tier is not explicitly confirmed in public documentation; treat as unverified. |
Permission model
- Model type: role-based
- Description: Paddle uses a fixed set of predefined roles assigned per team member. No custom role creation is documented. Role scope covers dashboard access areas such as transactions, products, developer tools, and account settings.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Coarse - roles grant broad area access rather than per-feature or per-resource permissions.
How to add users
- Log in to the Paddle dashboard as Owner or Admin.
- Navigate to Account Settings → Team (vendors.paddle.com/account/team).
- Click 'Invite team member'.
- Enter the invitee's email address.
- Select the appropriate role from the available options.
- Click 'Send invite'. The invitee receives an email to accept and set up their account.
Required fields: Email address, Role selection
Watch out for:
- Invitee must accept the email invitation before they can access the dashboard.
- Pending invitations occupy a team member slot until accepted or cancelled.
- No bulk invite option is documented; invitations must be sent one at a time.
- The inviting user must have Owner or Admin privileges.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | No | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | No | Not documented |
How to remove or deactivate users
- Can delete users: Yes
- Delete/deactivate behavior: Team members can be removed from the account via the Team settings page. Removal revokes dashboard access immediately. There is no documented 'deactivate' (suspend without removal) state for team members; removal is the only access-revocation mechanism documented.
- Log in to the Paddle dashboard as Owner or Admin.
- Navigate to Account Settings → Team (vendors.paddle.com/account/team).
- Locate the team member to remove.
- Click the options menu or 'Remove' action next to their name.
- Confirm removal. The user loses dashboard access immediately.
| Data impact | Behavior |
|---|---|
| Owned records | Transactions, customers, products, and other business records created by the removed user remain in the account and are not deleted. |
| Shared content | No shared content model documented; all data is account-level, not user-level. |
| Integrations | API keys are account-scoped, not user-scoped; removing a team member does not revoke API keys they may have viewed. |
| License freed | No per-seat licensing; removal has no billing impact. Paddle charges per transaction regardless of team size. |
Watch out for:
- API keys are account-level, not tied to individual users. A removed team member who copied API keys retains the ability to use them until keys are rotated.
- The Owner cannot be removed through the dashboard; contact Paddle support for ownership changes.
- No audit log of actions taken by removed users is surfaced in the standard dashboard UI (audit log availability is unconfirmed).
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Team member seat | Dashboard access under an assigned role. No functional differentiation by seat type. | No per-seat cost. Paddle's pricing is transaction-based: 5% + $0.50 per transaction. |
- Where to check usage: Account Settings → Team (vendors.paddle.com/account/team) - lists all active team members and pending invitations.
- How to identify unused seats: No built-in last-login or activity reporting for team members is documented. Unused seats must be identified manually by reviewing the team list and following up with members.
- Billing notes: Paddle does not charge per seat or per user. All billing is transaction-based. Adding or removing team members has no direct billing impact.
The cost of manual management
Paddle does not charge per seat. Its pricing is transaction-based (5% + $0.50 per transaction), so adding or removing team members has no direct billing impact. There is no documented free-vs-paid tier gate on team features, and no public SSO or SCIM provisioning is available for any plan.
What IT admins are saying
The most consistent friction point reported is opaque role documentation - Paddle does not publish a full role-permission matrix, so teams often resort to trial-and-error or support tickets to verify what each role can actually do.
Offboarding is a recurring concern: API keys are account-scoped rather than user-scoped, meaning a removed team member who copied a key retains API access until that key is manually rotated. Ownership transfer is not self-serve and requires contacting Paddle support directly.
Common complaints:
- Users report that Paddle's role/permission system is opaque - the exact capabilities of each role are not clearly documented, requiring trial-and-error or support contact to verify.
- No SSO or SCIM provisioning is available for dashboard team members, which is a friction point for larger teams using identity providers.
- No bulk invite or CSV import for team members forces manual one-by-one invitations.
- API keys are account-scoped rather than user-scoped, creating a security concern when offboarding team members who had key access.
- Ownership transfer requires contacting Paddle support rather than being self-serve in the dashboard.
The decision
Unlike every app that supports bulk provisioning, Paddle requires invitations to be sent one at a time with no CSV import option. Pending invitations occupy a team member slot until accepted or cancelled, and there is no documented last-login or activity reporting, so identifying unused access requires manually reviewing the team list.
Teams that rely on an identity provider for centralized access control will find no native path here - no SSO, no SCIM, no automated deprovisioning.
Bottom line
Paddle's team management is functional but minimal: a small set of coarse roles, one-at-a-time invitations, and no automated provisioning or deprovisioning. The absence of SCIM and user-scoped API keys makes offboarding a manual, security-sensitive process.
Teams that need audit trails, granular permissions, or IdP-driven access control will find the current tooling insufficient and should plan for manual compensating controls.
Automate Paddle workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
