Summary and recommendation
Planful user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Planful is an FP&A and financial planning platform built for mid-market and enterprise finance teams. User administration is handled entirely through the admin console at Administration > User Management, accessible only to Administrators.
There is no self-service registration and no publicly documented SCIM provisioning, so every app access event - onboarding or offboarding - runs through a manual admin workflow.
Quick facts
| Admin console path | Administration > User Management (accessible via the top-right gear/admin menu after logging in as an Administrator) |
| Admin console URL | Official docs |
| SCIM available | No |
| SCIM tier required | Enterprise (custom pricing) |
| SSO prerequisite | Yes |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Administrator | Full system access: manage users, configure security settings, set up SSO, manage application settings, access all modules. | Only Administrators can access the User Management section; there is typically only a small number of Admins per tenant. | |||
| Power User | Can build reports, manage budgets and forecasts, access most planning modules, and configure certain module-level settings. | Cannot manage system-level settings, SSO configuration, or add/remove users. | Seat count for Power Users is typically governed by contract; adding beyond contracted count may trigger billing discussion. | ||
| Standard User | Can view and enter data in assigned modules and reports; limited to areas explicitly granted by an Administrator. | Cannot create or modify reports, manage other users, or access administration settings. | Access is tightly scoped by dimension-level security (e.g., specific cost centers, entities); misconfigured dimension security can silently block data access. | ||
| Read-Only User | View-only access to reports and dashboards assigned by an Administrator. | Cannot enter, edit, or submit data; cannot create reports. | Read-only seats may be priced differently under contract; confirm with Planful account team. |
Permission model
- Model type: hybrid
- Description: Planful uses a combination of predefined role-based access (Administrator, Power User, Standard User, Read-Only) and granular dimension-level security. Dimension security restricts which financial entities, cost centers, accounts, or scenarios a user can see or edit, layered on top of the role assignment.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Role level (coarse) plus dimension-level security (fine-grained: entity, cost center, account, scenario, and budget template access can each be individually scoped per user).
How to add users
- Log in as an Administrator.
- Navigate to Administration > User Management.
- Click 'Add User' or 'New User'.
- Enter required fields: First Name, Last Name, Email Address, and assign a User Role.
- Configure dimension-level security (entities, cost centers, scenarios) as needed.
- Set the user's default landing page if desired.
- Click 'Save'. The user receives an email invitation to set their password (if SSO is not enforced).
Required fields: First Name, Last Name, Email Address, User Role
Watch out for:
- If SSO is enforced, the user must exist in the IdP before they can log in; creating the user in Planful alone is insufficient.
- Dimension-level security must be explicitly configured after role assignment; a new user with no dimension access will see no data even with a valid role.
- Email address must match the IdP identity exactly when SSO is in use; mismatches cause login failures.
- There is no self-service user registration; all users must be created by an Administrator.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Yes | Administration > User Management > Import Users (CSV upload option available for bulk user creation) |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Enterprise (custom pricing); requires SAML SSO to be configured; SCIM is not publicly documented - contact Planful for availability. |
How to remove or deactivate users
- Can delete users: No
- Delete/deactivate behavior: Planful does not permanently delete user accounts. Users can only be deactivated (disabled), which prevents login but retains the user record and all associated audit history, data entries, and report ownership in the system.
- Log in as an Administrator.
- Navigate to Administration > User Management.
- Locate the user by searching or browsing the user list.
- Open the user record.
- Change the user's status to 'Inactive' or toggle the active/inactive control.
- Save the change. The user is immediately prevented from logging in.
| Data impact | Behavior |
|---|---|
| Owned records | Retained in the system; reports, budget templates, and data entries created by the deactivated user remain accessible to Administrators and other users with appropriate access. |
| Shared content | Shared reports and dashboards remain available to other users who had access; ownership is not automatically transferred. |
| Integrations | Any API tokens or SSO sessions associated with the user are invalidated upon deactivation. |
| License freed | Deactivating a user frees the seat for reassignment; confirm with Planful account team whether the license count adjusts immediately or at next billing cycle. |
Watch out for:
- Deactivated users still appear in user lists and historical audit logs; they are not removed from the system.
- If the deactivated user owned scheduled reports or automated exports, those schedules may stop running and must be reassigned manually.
- There is no bulk deactivation UI documented; deactivation must be done one user at a time through the admin console.
- Reactivating a previously deactivated user restores their prior role and dimension security settings, which may be undesirable if their access scope has changed.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Named User License | Full access per contracted role type (Power User, Standard User, Read-Only); licenses are named/assigned, not concurrent. | Custom enterprise pricing; contact Planful sales. |
- Where to check usage: Administration > User Management (review Active user count against contracted seat total; no built-in license utilization dashboard is publicly documented).
- How to identify unused seats: Administrators can review the 'Last Login' date column in User Management to identify users who have not logged in recently. No automated idle-user report is publicly documented.
- Billing notes: Planful uses custom enterprise contracts with named-user licensing. Seat counts and role-type allocations are defined at contract time. Adding users beyond contracted counts requires a contract amendment. Pricing is not publicly listed.
The cost of manual management
Planful's permission model is a two-layer system: a coarse role assignment (Administrator, Power User, Standard User, Read-Only) combined with granular dimension-level security scoped to entities, cost centers, accounts, and scenarios.
This means provisioning a single user correctly requires both a role assignment and an explicit dimension configuration - a new user with no dimension access sees no data even with a valid role.
Bulk permission updates are not well-supported in the UI, so organizations with frequent role changes or large user populations absorb that overhead entirely in admin time. License hygiene adds another layer: identifying unused seats requires manually reviewing the Last Login column in User Management, as no automated idle-user report is publicly documented.
What IT admins are saying
G2 reviewers flag the user administration interface as unintuitive, with meaningful onboarding time required for new admins. Dimension-level security configuration draws consistent criticism for complexity, particularly in organizations with many cost centers or entities.
The absence of bulk user management tools - for both provisioning and permission updates - is a recurring theme in community feedback.
Common complaints:
- Users report that dimension-level security configuration is complex and time-consuming, especially for organizations with many cost centers or entities.
- Reviewers on G2 note that the user administration interface is not intuitive and requires significant onboarding time for new admins.
- Some users report that there is no automated notification when a user's last-login date indicates inactivity, making license hygiene a manual process.
- Community feedback indicates that bulk user management capabilities are limited compared to enterprise expectations, particularly around bulk permission updates.
- Users note that SCIM provisioning is not clearly documented or readily available, making automated lifecycle management dependent on manual admin steps or custom IdP workflows.
The decision
Every app in a finance team's stack carries some provisioning overhead, but Planful's combination of manual-only workflows, two-layer permissions, and unconfirmed SCIM availability places it at the higher end of that cost. Teams with stable, small user populations and a dedicated Planful admin will find the manual process manageable.
Teams running frequent onboarding cycles, managing large numbers of dimension-scoped users, or operating without a dedicated admin should factor the recurring manual effort into their operational planning.
If automated provisioning is a hard requirement, direct engagement with the Planful account team to confirm SCIM availability under your contract is a necessary first step before committing to an IdP integration strategy.
Bottom line
Planful's manual user management is functional but operationally expensive at scale. The two-layer permission model - role plus dimension security - means every provisioning action requires deliberate configuration, and there is no shortcut for bulk updates or automated lifecycle management through publicly documented tooling.
For finance teams where Planful is a core system with regular user turnover, the administrative burden is real and should be staffed accordingly. SCIM availability is unconfirmed in public documentation; until that changes, manual admin steps remain the only documented path for user lifecycle management.
Automate Planful workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
