Summary and recommendation
Renovate user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Renovate is an open-source dependency-update bot, not a multi-user SaaS platform. It runs as an automated bot on GitHub, GitLab, Bitbucket, and Azure DevOps, opening pull requests to keep dependencies current.
Because it has no internal user model, standard IT onboarding and offboarding concepts do not apply in the usual sense.
Quick facts
| Admin console path | No Renovate-native user admin console exists. Access is controlled in the host platform where Renovate runs, such as GitHub, GitLab, or Bitbucket. |
| Admin console URL | Official docs |
| SCIM available | No |
| SCIM tier required | N/A |
| SSO prerequisite | No |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
Permission model
- Model type: delegated
- Description: Renovate does not implement its own user permission model. Access control is delegated to the source-code platform and the bot installation scope on GitHub, GitLab, Bitbucket, or the self-hosted runtime.
- Custom roles: No
- Custom roles plan: Not applicable
- Granularity: Host platform repository/org permissions
How to add users
- Grant the person access on the host platform (for example GitHub org/repo access or GitLab group/project access).
- Ensure the repository or organization is within the Renovate installation scope or self-hosted runner configuration.
- If the user needs to change Renovate behavior, grant access to the repository configuration files such as renovate.json.
Required fields: Host platform account, Repository or organization access on the host platform
Watch out for:
- Adding a user to GitHub or GitLab does not create a Renovate-side account because Renovate has no native user directory.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Unknown | Not documented |
| Domain whitelisting | Unknown | Automatic domain-based user add |
| IdP provisioning | Unknown | Not documented |
How to remove or deactivate users
- Can delete users: Unknown
- Delete/deactivate behavior: Renovate does not maintain its own user records. Removing a user's access is handled entirely on the host platform (e.g., removing them from the GitHub organization or GitLab group). No Renovate-specific deactivation or deletion flow is documented.
- Remove the person from the repository, project, or organization on the host platform.
- If self-hosted, rotate any shared tokens or secrets the person could access through runner infrastructure.
- Review renovate.json ownership and CI secrets because Renovate stores control in code and platform settings rather than a native admin console.
| Data impact | Behavior |
|---|---|
| Owned records | Not documented |
| Shared content | Not documented |
| Integrations | Not documented |
| License freed | Not documented |
Watch out for:
- Because Renovate has no internal user model, there is no Renovate-side offboarding step. All access revocation occurs on the host VCS platform.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Open Source (self-hosted) | Full Renovate bot functionality; no seat licensing. Requires self-hosting infrastructure. | $0 |
| Mend Renovate App (hosted, free tier) | Hosted bot for public and private repositories on GitHub/GitLab. No per-seat cost documented publicly. | $0 (publicly documented free tier) |
| Mend Enterprise | Self-hosted or cloud-managed Renovate with enterprise support, compliance features, and Mend platform integration. Seat/pricing details not publicly published. | Custom (contact Mend) |
- Where to check usage: Not documented
- How to identify unused seats: Not documented
- Billing notes: Renovate open-source has no licensing mechanism. Mend Enterprise pricing is not publicly documented; seat counts and billing terms require direct engagement with Mend sales.
The cost of manual management
There is no per-seat licensing for the open-source or free hosted tier. The Mend Renovate hosted app is publicly documented as free for public and private repositories. Mend Enterprise pricing is not publicly published; seat counts and billing terms require direct engagement with Mend sales.
The decision
If your goal is to audit or revoke a person's ability to interact with Renovate, the action happens entirely on the host platform. Removing someone from the GitHub organization or GitLab group is the complete offboarding step - there is no Renovate-side record to clear.
For every app in your stack that delegates access to a VCS platform, this pattern holds: Renovate inherits whatever permissions the host platform grants.
Bottom line
Renovate is a bot, not a user directory. Access governance lives entirely in your VCS platform (GitHub, GitLab, Bitbucket, or Azure DevOps), and Renovate-specific offboarding is a non-event by design.
Teams evaluating Mend Enterprise for fleet management or compliance features should expect a sales-gated process, as no public documentation covers seat counts, admin roles, or provisioning workflows for that tier.
Automate Renovate workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
