Summary and recommendation
Toggl user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Toggl Track uses three fixed workspace roles - Admin, Regular User (Member), and Project Manager - with no custom roles or granular permission toggles available at any plan tier.
Admins have full workspace control including inviting and removing members, managing billing, and viewing all time entries.
Project Manager is assigned per project, not workspace-wide, which limits its usefulness for org-level access governance.
Quick facts
| Admin console path | toggl.com/app/workspaces → select workspace → Settings (gear icon) → Members |
| Admin console URL | Official docs |
| SCIM available | No |
| SCIM tier required | Premium/Enterprise |
| SSO prerequisite | No |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Admin | Full workspace control: invite/remove members, manage projects, clients, tags, billing, and workspace settings. Can view all time entries across the workspace. | Cannot act on behalf of other users' time entries without those entries being visible to them. | All plans including Free | Counts as a paid seat on Starter and above; free on Free plan (up to 5 users total). | Workspace owner is always an Admin; ownership cannot be transferred via the UI without contacting support. |
| Regular User (Member) | Can track time, create projects (if permitted by Admin), view own reports. Can be restricted from seeing other members' data. | Cannot manage workspace settings, billing, or other members. Cannot view other users' time entries unless Admin grants access. | All plans including Free | Counts as a paid seat on Starter and above; free on Free plan (up to 5 users total). | On the Free plan, workspace is limited to 5 users total regardless of role. |
| Project Manager | Can manage assigned projects: add/remove project members, edit project details, view time entries for their projects. | Cannot manage workspace-level settings, billing, or members outside their assigned projects. | Starter and above | Counts as a paid seat. | Project Manager role is assigned per-project, not workspace-wide. |
Permission model
- Model type: role-based
- Description: Toggl Track uses three fixed workspace roles (Admin, Regular User, Project Manager). Permissions are predefined per role; there are no custom roles or granular permission toggles beyond what each role provides.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Coarse: three fixed roles. Admins can toggle whether Regular Users can see others' time entries and whether they can create projects, but no further per-permission customization is available.
How to add users
- Log in to Toggl Track and navigate to your workspace.
- Click the Settings (gear) icon next to the workspace name in the left sidebar.
- Select the 'Members' tab.
- Click 'Invite people'.
- Enter the email address(es) of the user(s) to invite.
- Select the role to assign (Admin or Regular User; Project Manager is assigned at the project level).
- Click 'Send invitation'. The invitee receives an email to accept.
Required fields: Email address of invitee
Watch out for:
- Invited users must accept the email invitation before they appear as active members and consume a seat.
- On the Free plan, the workspace is capped at 5 users total; invitations beyond this limit will be blocked.
- If the invitee does not have a Toggl account, they will be prompted to create one upon accepting.
- Pending invitations count toward the seat limit on paid plans once accepted, not when sent.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | No | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Premium or Enterprise (SSO required; supported IdPs include Okta, Microsoft Entra ID/Azure AD, and OneLogin) |
How to remove or deactivate users
- Can delete users: Unknown
- Delete/deactivate behavior: Toggl documentation describes removing a user from a workspace and the API surface also exposes delete-style membership operations. In practice this revokes workspace access while retaining historical data, but the tenant-specific lifecycle semantics should be treated as membership removal rather than permanent identity deletion.
- Navigate to workspace Settings → Members tab.
- Locate the member to remove.
- Click the three-dot (…) menu or 'Remove' option next to their name.
- Confirm the removal in the dialog.
| Data impact | Behavior |
|---|---|
| Owned records | Time entries created by the removed user are retained in the workspace and continue to appear in reports. |
| Shared content | Projects and clients the user was associated with remain intact; the user is simply removed from project membership. |
| Integrations | Any personal API tokens or integrations set up by the removed user will no longer function for workspace actions, but workspace-level data is unaffected. |
| License freed | The seat is freed immediately upon removal; billing adjusts at the next billing cycle according to Toggl's billing terms. |
Watch out for:
- Removed users retain their own Toggl account and can still access any other workspaces they belong to.
- Time entries logged by the removed user remain in the workspace and are visible to Admins in reports.
- If the removed user was the workspace owner, ownership must be transferred before removal; contact Toggl support if needed.
- Re-inviting a previously removed user is possible; they rejoin as a new member and consume a seat again.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Free seat | Up to 5 users total on the Free plan; basic time tracking, limited reporting. | $0 |
| Starter seat | Unlimited users, billable rates, project templates, time rounding. | $10/user/month (monthly) or $9/user/month (annual billing) |
| Premium seat | All Starter features plus SSO, scheduled reports, project forecasts, required fields. | $20/user/month (monthly) or $18/user/month (annual billing) |
| Enterprise seat | All Premium features plus dedicated CSM, custom solutions, priority support. | Custom pricing |
- Where to check usage: Workspace Settings → Members tab shows all active and pending members with their roles.
- How to identify unused seats: Admins can review the Members list and cross-reference with Reports (toggl.com/app/reports) to identify members with no recent time entries. There is no built-in 'last active' column on the Members page; usage must be inferred from report data.
- Billing notes: Seats are billed per active workspace member. Removing a user frees the seat; billing adjusts at the next billing cycle. Annual plans are billed upfront for the committed user count; adding users mid-cycle is prorated. The Free plan is hard-capped at 5 users.
The cost of manual management
There is no built-in 'last active' or 'last login' column on the Members page; identifying unused seats requires manually cross-referencing the Members list against report data in a separate tab. Bulk or CSV-based user import is not supported, so onboarding large groups means sending individual email invitations one at a time.
Workspace ownership cannot be self-transferred - it requires contacting Toggl support - adding friction whenever an owner departs. On annual plans, mid-cycle seat additions are prorated, but the billing page does not always display the adjusted amount clearly before confirmation.
The decision
Toggl Track's manual user management is workable for small, stable teams but becomes operationally expensive as headcount grows or turnover increases. Every app in your stack that lacks automated provisioning adds recurring admin overhead; Toggl is no exception.
SSO (SAML) is available only on the Premium plan ($20/user/month monthly or $18/user/month annual) and above, which is a prerequisite for any IdP-driven access control. Teams on Starter or Free plans have no SSO path and must manage every access change manually.
Bottom line
Toggl Track's role model is simple and predictable, but the manual provisioning workflow has meaningful gaps: no last-active visibility, no bulk import, and ownership transfers that require a support ticket. For small teams with low churn, the built-in Members UI is sufficient.
For organizations managing every app through a central IdP or running regular access reviews, the manual process will generate recurring overhead that compounds with team size.
Automate Toggl workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
