Summary and recommendation
Shopify user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Shopify splits access into three account types: Store Owner (one per store, unrestricted), Staff Accounts (permission-scoped, count against plan limits), and Collaborator Accounts (Shopify Partner access, does not consume a staff seat). All user management lives at Settings → Users and permissions.
Only the store owner can add or remove staff - no staff member can invite others regardless of their own permissions.
Quick facts
| Admin console path | Settings → Users and permissions |
| Admin console URL | Official docs |
| SCIM available | Yes |
| SCIM tier required | Plus |
| SSO prerequisite | Yes |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Store Owner | Full, unrestricted access to all store settings, billing, and data. Cannot have permissions restricted. | Cannot be demoted to staff; ownership must be transferred to another account to change this role. | All plans (one per store) | Included in plan; no additional charge. | Only one store owner per store. Transferring ownership requires the new owner to have an active Shopify account and accept the transfer. |
| Staff Account | Configurable per-user from a list of granular permission areas (Orders, Products, Customers, Reports, Apps, etc.). Owner grants specific permissions at invite time or edits them later. | Cannot access billing settings, change store owner, or exceed the permissions explicitly granted. Cannot log in via SSO unless on Shopify Plus with SAML configured. | Basic: up to 2 staff accounts; Shopify: up to 5; Advanced: up to 15; Plus: unlimited. | Included in plan subscription; no per-seat fee beyond plan cost. | Staff account limits are hard caps on non-Plus plans. Reaching the limit requires a plan upgrade to add more staff. Staff accounts count against the plan limit even if the staff member rarely logs in. |
| Collaborator Account | Shopify Partner (agency or developer) account granted specific permissions by the store owner. Permissions are scoped the same way as staff permissions but the collaborator manages their own Shopify Partner login. | Cannot access billing. Does not count against the store's staff account limit. Cannot initiate their own access - must request it or be invited. | All plans | No charge to the merchant; collaborator uses their own Shopify Partner account. | Collaborator access requests can be enabled or disabled by the store owner. If disabled, partners cannot request access at all. Collaborators appear in Settings → Users and permissions but are managed separately from staff. |
Permission model
- Model type: permission-sets
- Description: Shopify uses a flat, per-user permission model. When inviting a staff member, the store owner selects individual permission checkboxes from a fixed list of functional areas (e.g., Orders, Draft orders, Products, Customers, Discounts, Marketing, Analytics, Apps, Themes, Blog posts, Pages, Navigation, Preferences, Locations, Reports, Gift cards). There are no named roles or role templates; each staff account has its own unique permission set. Shopify Plus adds the ability to use the Shopify Organization Admin to manage staff across multiple stores.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Permission areas map to major functional sections of the Shopify admin. Within each area, access is typically all-or-nothing (view + edit) rather than read-only vs. write. Some areas (e.g., Reports, Apps) have sub-options. There are no field-level or record-level permissions.
How to add users
- Log in to Shopify admin as the store owner.
- Navigate to Settings → Users and permissions.
- Click 'Add staff account'.
- Enter the staff member's first name, last name, and email address.
- Select the permission checkboxes for the areas this staff member should access.
- Click 'Send invite'.
- The invitee receives an email and must click the link to create or connect their Shopify account and accept access.
Required fields: First name, Last name, Email address
Watch out for:
- Only the store owner can add staff accounts; existing staff cannot invite other staff regardless of their permissions.
- The invite link expires; if the invitee does not accept in time, the owner must resend the invite from Settings → Users and permissions.
- On Basic, Shopify, and Advanced plans, adding a staff account beyond the plan limit is blocked - the UI will prompt an upgrade.
- The invited person must have or create a Shopify account tied to the invited email address.
- Permissions must be set at invite time; the owner can edit them later but there is no way to clone permissions from an existing staff member in the UI.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | No | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Shopify Plus (requires SAML SSO configured first; SCIM provisioning available via Okta, Entra ID, or OneLogin) |
How to remove or deactivate users
- Can delete users: Yes
- Delete/deactivate behavior: Shopify allows the store owner to permanently remove (delete) a staff account from Settings → Users and permissions. There is no 'deactivate/suspend' state that preserves the account in a dormant status - removal is permanent. The removed staff member loses access immediately. Their historical activity (orders they processed, notes they left) remains in the store's records attributed to their name, but their login no longer functions.
- Log in to Shopify admin as the store owner.
- Navigate to Settings → Users and permissions.
- Click the staff member's name.
- Scroll to the bottom of their profile page.
- Click 'Remove staff account'.
- Confirm the removal in the dialog.
| Data impact | Behavior |
|---|---|
| Owned records | Orders, products, and other records the staff member created or edited remain in the store and are not deleted. Attribution (e.g., 'created by [name]') is preserved in activity logs. |
| Shared content | Blog posts, pages, and other content created by the staff member remain published and intact in the store. |
| Integrations | Any API keys or app permissions granted to the staff member's account are revoked. If the staff member installed apps under their account, those apps may need to be reviewed. |
| License freed | Removing a staff account frees up one staff seat against the plan's staff account limit, allowing a new staff member to be invited without a plan upgrade. |
Watch out for:
- Removal is immediate and irreversible - there is no soft-delete or suspension option in the standard admin.
- The store owner account cannot be removed; ownership must be transferred before the original owner can be removed.
- Collaborator accounts are removed separately via the Collaborator accounts section and do not free a staff seat.
- On Shopify Plus with SCIM, deprovisioning via the IdP removes the staff account automatically; manual removal and IdP deprovisioning should not both be performed to avoid sync errors.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Staff account seat | One named staff login with configurable permissions. Counts against the plan's staff account limit. | Included in plan; no per-seat charge. Basic: 2 seats, Shopify: 5 seats, Advanced: 15 seats, Plus: unlimited. |
| Collaborator account | Shopify Partner access with scoped permissions. Does not count against the store's staff seat limit. | No charge to the merchant. |
- Where to check usage: Settings → Users and permissions (shows all current staff accounts and the plan's staff limit)
- How to identify unused seats: Shopify admin does not display a 'last login' date or activity timestamp for staff accounts in the Users and permissions UI. There is no built-in report for identifying inactive staff. Store owners must manually review the staff list or use Shopify's activity log (Settings → Log) filtered by staff member to assess recent activity.
- Billing notes: Staff account seats are bundled into the plan subscription cost. There is no mechanism to purchase additional staff seats on Basic, Shopify, or Advanced plans without upgrading the plan tier. Shopify Plus includes unlimited staff accounts as part of its base subscription. Plan billing is monthly or annual; removing staff accounts mid-cycle does not generate a prorated credit.
The cost of manual management
Shopify does not surface a last-login date or inactivity timestamp anywhere in the admin UI. Identifying dormant accounts requires manually cross-referencing the staff list against the activity log at Settings → Log, filtered per staff member - there is no bulk report.
Permissions cannot be cloned from an existing staff member; every app and every new invite requires manually re-selecting checkboxes from scratch. On Basic plans, the hard cap of two staff seats means a single offboarding delay can block a new hire from getting access.
What IT admins are saying
Recurring friction points in the Shopify community center on three areas. First, SCIM and SAML are gated entirely behind Shopify Plus - merchants on Basic, Shopify, or Advanced plans have no path to automated provisioning.
Second, the absence of role templates means permission setup is fully manual for every app and every staff member added.
Third, the low staff seat limits on entry-tier plans (2 on Basic, 5 on Shopify) are widely flagged as restrictive for small businesses with more than a handful of employees.
Common complaints:
- Plus pricing puts SCIM out of reach for smaller merchants.
- Must verify domain and set up SAML before SCIM - multi-step process with no shortcut.
- Standard Shopify plans completely lack SSO/SCIM.
- No built-in 'last login' or inactivity report makes it difficult to audit and clean up unused staff accounts.
- No role templates or cloning - permissions must be manually re-selected for every new staff invite.
- Staff account limits on lower-tier plans (2 on Basic) are considered very restrictive for small businesses with multiple employees.
- Only the store owner can manage staff; there is no 'admin' staff role that can invite or remove other staff.
- No read-only permission option for most sections - access is typically all-or-nothing per functional area.
- Removing a staff account is permanent with no suspend/deactivate option, which is problematic for seasonal or temporary workers.
The decision
If your team is on Shopify Plus and has SAML SSO already configured, SCIM provisioning via Okta, Entra ID, or OneLogin is viable and removes manual onboarding and offboarding steps.
If you are on any plan below Plus, automated provisioning is not available - every app and every staff change is a manual action in the admin.
For teams that need audit-grade visibility into who has access and when they last used it, Shopify's native tooling has meaningful gaps that require external tooling or manual log review to close.
Bottom line
Shopify's access model is straightforward for small stores but shows its limits as teams grow. The flat, per-user permission model with no role templates means every app and every new staff member requires hands-on configuration by the store owner.
SCIM is available but locked to Shopify Plus with a working SAML setup as a prerequisite, putting automated lifecycle management out of reach for the majority of Shopify merchants.
Teams without Plus should plan for fully manual provisioning and deprovisioning workflows, and should account for the absence of native inactivity reporting when building any access review process.
Automate Shopify workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
