Summary and recommendation
Tango Card user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Tango Card is a rewards and gift card platform that lets teams send digital and physical rewards without per-seat or transaction fees - you pay only the face value of rewards sent.
The free plan covers gift cards, prepaid cards, Reward Links, and reporting out of the box.
SSO and SCIM provisioning are gated behind a custom-priced Enterprise plan, which creates a meaningful upgrade decision for teams that need automated lifecycle management across every app in their stack.
Quick facts
| Admin console path | Public Tango Card documentation does not expose a detailed internal user-admin path; account administration appears to happen in the authenticated Tango portal. |
| Admin console URL | Official docs |
| SCIM available | No |
| SCIM tier required | Enterprise |
| SSO prerequisite | Yes |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Program admin | Manages rewards programs, funding, and portal administration in the Tango account. | Detailed public permission boundaries are not documented. | Not publicly documented | No per-seat pricing documented | Public docs do not enumerate a complete internal role matrix. |
Permission model
- Model type: role-based (public details not documented)
- Description: Public Tango Card documentation confirms SSO/SCIM for enterprise customers, but detailed internal user-role documentation is not publicly exposed.
- Custom roles: No
- Custom roles plan: Not publicly documented
- Granularity: Not publicly documented
How to add users
- Use the authenticated Tango portal to invite or create the user through the tenant-specific administration workflow.
- Assign the available portal role or access level required for the team member.
- If SSO/SCIM is enabled, validate the identity flow in the live tenant because public docs do not expose a complete onboarding runbook.
Required fields: Work email, Tenant-specific role assignment
Watch out for:
- Public Tango help content does not expose the exact invite workflow, so automation should be validated in the tenant first.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Unknown | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Unknown | Enterprise |
How to remove or deactivate users
- Can delete users: Unknown
- Delete/deactivate behavior: Public Tango documentation does not describe whether portal users are deleted or deactivated when access is revoked.
- Use the tenant-specific user-management workflow in the Tango portal to revoke access.
- If enterprise SSO/SCIM is enabled, remove or disable the user in the IdP first so authentication state stays aligned.
- Confirm reward-history and audit impact directly in the tenant because public docs do not describe those semantics.
| Data impact | Behavior |
|---|---|
| Owned records | Not documented |
| Shared content | Not documented |
| Integrations | Not documented |
| License freed | Not documented |
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Platform user | Access to send rewards, reporting, and account management. No per-seat fee documented; platform charges face value of rewards only. | No documented per-seat cost; platform is free to use with no transaction fees on gift card face value. |
- Where to check usage: Not documented
- How to identify unused seats: Not documented
- Billing notes: Tango Card charges only the face value of rewards sent. No subscription or per-seat fees are documented on the public pricing page. Enterprise pricing is custom and adds SSO/SCIM.
The cost of manual management
Because Tango Card has no native SCIM on free or mid-market tiers, adding or removing a platform user requires direct action in the Rewards Manager portal at https://app.tangocard.com with no documented self-service role management guide publicly available.
Without automated deprovisioning, offboarding gaps are a real risk - former employees or contractors may retain access to an account that can send funded rewards. Every app that relies on manual provisioning adds incremental admin overhead, and Tango Card is no exception.
The decision
If your team sends rewards at low volume and manages a small, stable user list, the free plan is operationally viable with manual provisioning.
Once headcount or reward volume grows, the absence of SCIM on non-Enterprise tiers means every app in your environment that lacks automation keeps user lifecycle work entirely manual - and Tango Card compounds that gap given its ability to send funded rewards.
Teams that already operate an Enterprise SSO stack should evaluate whether the SCIM unlock justifies the custom Enterprise contract.
Bottom line
Tango Card's pricing model is genuinely low-friction for reward distribution - no transaction fees, no seat costs - but lifecycle automation is an Enterprise-only feature that requires SSO as a prerequisite.
For IT and ops teams managing access across many tools, the manual provisioning gap is the primary operational risk to weigh against the platform's otherwise accessible cost structure.
Automate Tango Card workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
