Summary and recommendation
Sage user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Sage Intacct manages users through a named-user licensing model, meaning every app access seat you provision directly affects your annual subscription cost.
Administrators work inside Company > Admin > Users within the Sage Intacct web application to create, configure, and deactivate accounts.
There is no native SCIM provisioning endpoint, so all lifecycle management is manual or API-driven.
Quick facts
| Admin console path | Company > Admin > Users (within the Sage Intacct web application) |
| Admin console URL | Official docs |
| SCIM available | No |
| SCIM tier required | Enterprise |
| SSO prerequisite | Yes |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Business User | Full access to licensed modules and functions as configured by an administrator; can perform day-to-day accounting and financial tasks. | Cannot manage other users, configure system settings, or access modules not licensed or assigned. | Counted as a named, licensed seat; pricing is quote-based per user. | Each Business User consumes a paid named-user license. Seat count directly affects subscription cost. | |
| Employee User | Limited self-service access; typically used for expense reporting and time entry only. | Cannot access financial modules, run reports, or perform accounting functions beyond assigned self-service tasks. | Typically lower cost than a Business User seat; exact pricing is quote-based. | Employee Users are intended for non-accountant staff; granting broader access requires upgrading to a Business User license. | |
| Project User | Access limited to project and time-tracking functions. | Cannot access general ledger, AP, AR, or other core financial modules. | Separate seat type; pricing is quote-based. | Only available when the Projects module is licensed. | |
| Platform Services User | Access to Sage Intacct Platform Services for customization and development tasks. | Not intended for standard accounting workflows. | Separate license type; pricing is quote-based. | Requires Platform Services module to be licensed. | |
| Administrator | Full system access including user management, role and permission configuration, module setup, and company-wide settings. | Consumes a Business User license seat. | Administrator access should be tightly controlled; all admin actions are logged in the audit trail. |
Permission model
- Model type: role-based
- Description: Sage Intacct uses a role-based access control model. Administrators create Roles that bundle specific module-level and function-level permissions (view, add, edit, delete). Roles are then assigned to users. Permissions can also be set at the entity level in multi-entity environments, allowing granular control over which companies a user can access.
- Custom roles: Yes
- Custom roles plan: Not documented
- Granularity: Module-level and function-level (view, add, edit, delete) per role; entity-level restrictions available in multi-entity configurations.
How to add users
- Log in as an Administrator.
- Navigate to Company > Admin > Users.
- Click the '+' or 'Add' button to create a new user.
- Enter the required user details: User ID, Last name, First name, Email address, User type.
- Assign one or more Roles to the user to grant permissions.
- If operating in a multi-entity environment, configure entity-level access.
- Set the user's status to Active.
- Save the user record. The system sends an email invitation to the specified email address.
Required fields: User ID (login name), Last name, First name, Email address, User type
Watch out for:
- User ID must be unique across the Sage Intacct company and cannot be changed after creation.
- The user receives an activation email; if it is not received, check spam filters or resend from the user record.
- Roles must be created before they can be assigned; a user with no role assigned will have no module access.
- In multi-entity companies, entity-level access must be explicitly granted; users do not inherit access to all entities by default.
- Adding a user increases the named-user seat count, which may affect billing at the next renewal.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | No | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Enterprise (requires SSO configuration; SCIM provisioning noted as available at Enterprise tier) |
How to remove or deactivate users
- Can delete users: No
- Delete/deactivate behavior: Sage Intacct does not allow permanent deletion of user records because users may be associated with historical transactions and audit trail entries. Instead, administrators deactivate users, which prevents login while preserving all historical data and associations.
- Log in as an Administrator.
- Navigate to Company > Admin > Users.
- Locate and open the user record to be deactivated.
- Change the user's Status field from 'Active' to 'Inactive'.
- Save the record.
| Data impact | Behavior |
|---|---|
| Owned records | All records created or owned by the deactivated user are retained and remain accessible to other users with appropriate permissions. |
| Shared content | Shared reports, dashboards, and other content created by the deactivated user remain in the system. |
| Integrations | API sessions or tokens associated with the deactivated user will no longer authenticate; any integrations using that user's credentials must be reconfigured to use an active user. |
| License freed | Deactivating a user frees the named-user seat, which can be reassigned to a new user. Seat count reduction may be reflected at the next billing cycle or renewal depending on contract terms. |
Watch out for:
- Deactivated users cannot log in but their historical transaction data and audit trail entries are fully preserved.
- If an integration or scheduled report runs under the deactivated user's credentials, it will fail immediately upon deactivation.
- Reactivating a user restores their previous role assignments and access; verify role assignments are still appropriate before reactivating.
- Seat release timing at billing depends on contract terms; confirm with Sage or your reseller whether mid-term deactivation reduces the invoice.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Business User | Full access to licensed accounting and financial modules as configured by roles. | Quote-based; included in the annual subscription price which ranges approximately $12,000–$35,000+/year depending on user count and modules. |
| Employee User | Self-service expense and time entry access only. | Quote-based; typically lower per-seat cost than Business User. |
| Project User | Project and time-tracking module access. | Quote-based; requires Projects module license. |
- Where to check usage: Company > Admin > Users - filter by Status = Active to view current active (licensed) users.
- How to identify unused seats: Review the Last Login date column on the Users list (Company > Admin > Users) to identify users who have not logged in recently. No built-in automated unused-seat report is documented in official help.
- Billing notes: Sage Intacct uses named-user licensing. Pricing is quote-based and negotiated annually. Adding users mid-term may result in a prorated charge; removing users (deactivating) may not reduce the invoice until the next renewal depending on contract terms. Confirm seat-change billing terms with Sage or your authorized reseller.
The cost of manual management
Sage Intacct does not support bulk CSV user import natively, so onboarding multiple users requires creating each record individually. Every active Business User consumes a paid named-user license; seat counts are negotiated annually, and mid-term additions may trigger prorated charges depending on contract terms.
Deactivating a user frees the seat in principle, but billing relief typically does not apply until the next renewal - confirm the exact terms with Sage or your reseller.
What IT admins are saying
Community evidence is not specific enough to quote or summarize yet for this app.
The decision
Use the Business User type for anyone who needs access to financial modules (GL, AP, AR, Cash Management). Reserve Employee User for non-accountant staff who only need expense or time-entry self-service. Project User is only available when the Projects module is licensed.
Administrator access should be tightly scoped - every admin action is logged in the audit trail, and there is no documented limit on the number of admins, so governance is a manual discipline.
Bottom line
Sage Intacct's user management is functional but entirely manual at scale: every app requires individual provisioning, role assignment must be done before a user can access any module, and seat costs are tied directly to active named users.
Teams managing more than a handful of users should audit the Last Login column in Company > Admin > Users regularly to identify inactive seats before the next renewal cycle, and should document integration credentials separately so deactivations do not silently break automated workflows.
Automate Sage workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
