Summary and recommendation
TriNet user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
TriNet is a Professional Employer Organization (PEO) that co-employs your workforce, meaning user management is inseparable from HR, payroll, and compliance operations.
Every app interaction - adding, updating, or removing a user - carries legal and tax weight beyond a typical SaaS platform.
The admin console lives at app.trinet.com and is accessible to Company Administrators only.
Three predefined roles exist: Company Administrator, Manager, and Employee (Self-Service).
Granular custom role creation is not documented as a self-serve feature.
Manager scope can be narrowed to specific teams, but fully custom permission sets are not available.
Quick facts
| Admin console path | TriNet Platform > Admin Dashboard (accessible after login at app.trinet.com) |
| Admin console URL | Official docs |
| SCIM available | No |
| SCIM tier required | Enterprise |
| SSO prerequisite | Yes |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Company Administrator | Full access to HR, payroll, benefits, reporting, and user management functions for the company. Can add/remove employees, run payroll, manage benefits enrollment, and configure platform settings. | Cannot modify TriNet-level platform configuration or access other client companies' data. | Administrator access is tied to employment status; terminating an admin employee requires reassigning admin duties before or at offboarding. | ||
| Employee (Self-Service) | Access to personal pay stubs, W-2s, benefits enrollment, PTO requests, and personal profile updates. | Cannot view other employees' data, run payroll, or manage company-level settings. | Employee self-service access is provisioned automatically when an employee record is created in TriNet. Access is deactivated upon termination processing. | ||
| Manager | Can view and approve time-off requests, access direct reports' basic HR data, and run limited reports scoped to their team. | Cannot process payroll, manage benefits at company level, or access employees outside their reporting chain. | Manager-level access is configured by the Company Administrator and depends on org hierarchy being correctly set up in the platform. |
Permission model
- Model type: role-based
- Description: TriNet uses a role-based access model with predefined roles (Administrator, Manager, Employee). Administrators can assign roles and configure which managers have visibility into specific teams. Granular custom role creation is not publicly documented as a self-serve feature.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Role-level (Administrator, Manager, Employee); manager scope can be limited to specific teams or departments but fully custom permission sets are not documented as available.
How to add users
- Log in to the TriNet platform at app.trinet.com as a Company Administrator.
- Navigate to the 'People' or 'Employees' section of the admin dashboard.
- Select 'Add New Employee' or 'Hire' to initiate the onboarding workflow.
- Enter required employee information including personal details, job information, compensation, and start date.
- Assign the appropriate role (Employee, Manager, or Administrator).
- Submit the record; TriNet will provision the employee's self-service account and send an activation email to the employee.
Required fields: Legal first and last name, Date of birth, Social Security Number (SSN), Home address, Start date, Job title, Compensation (salary or hourly rate), Work location, Email address
Watch out for:
- TriNet is a PEO (Professional Employer Organization); adding a user means co-employing that individual through TriNet, which involves legal and tax implications beyond simple platform access.
- New hire paperwork (I-9, W-4, state tax forms) must be completed through the platform before the employee can be fully activated.
- Benefits enrollment windows are time-sensitive; administrators must ensure new employees are notified promptly after account creation.
- SSN is required at the time of hire entry; this cannot be skipped and is used for payroll tax purposes.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Unknown | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Enterprise (SSO prerequisite required; Okta and OneLogin confirmed as supported IdPs) |
How to remove or deactivate users
- Can delete users: No
- Delete/deactivate behavior: TriNet processes employee departures as terminations, not deletions. Because TriNet is a PEO and co-employer, employee records must be retained for legal, tax, and compliance purposes (W-2 issuance, unemployment claims, audit trails). Terminated employee records remain in the system in an inactive state; they are not permanently deleted.
- Log in to the TriNet platform at app.trinet.com as a Company Administrator.
- Navigate to the 'People' or 'Employees' section.
- Locate the employee record to be terminated.
- Select 'Terminate Employee' or the equivalent offboarding action.
- Enter the termination date, reason for termination, and any required final pay details.
- Confirm the termination; TriNet will process final payroll, issue required notices, and deactivate the employee's self-service access on the effective date.
| Data impact | Behavior |
|---|---|
| Owned records | Employee's HR records, pay history, and tax documents are retained by TriNet for compliance purposes and remain accessible to administrators. |
| Shared content | Not documented |
| Integrations | SSO/IdP-linked access is deactivated upon termination processing; administrators should also revoke access in connected IdP (e.g., Okta) separately. |
| License freed | The terminated employee no longer counts toward active headcount for billing purposes after the termination effective date. |
Watch out for:
- Termination effective date drives final payroll processing; entering an incorrect date can result in payroll errors or missed final pay obligations.
- State-specific final pay timing laws (e.g., California same-day requirement) must be accounted for when setting the termination date.
- COBRA election notices are triggered automatically by TriNet upon termination for benefits-eligible employees.
- Administrators should coordinate IdP/SSO deprovisioning separately, as TriNet platform deactivation does not automatically revoke access in external identity providers.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Active Employee (PEPM) | Full HR, payroll, benefits administration, and self-service access for one co-employed individual. | Custom pricing; approximately $80+/employee/month (PEPM) based on company size, industry, and location. Exact rates require a TriNet sales quote. |
- Where to check usage: TriNet Platform > Admin Dashboard > Reports or Billing section (exact path varies by platform version)
- How to identify unused seats: Administrators can review active employee headcount via the People/Employees section. Employees on leave may still count as active for billing; confirm with TriNet account representative.
- Billing notes: TriNet charges on a per-employee-per-month (PEPM) flat-fee basis. Pricing is custom and not publicly listed; a minimum of 5 employees is required. Benefits costs (health insurance premiums, etc.) are billed separately from the PEPM platform/service fee. Billing adjustments for new hires and terminations are typically reflected in the following billing cycle.
The cost of manual management
Every app in your stack that depends on TriNet employee data requires a manual trigger to stay in sync - there is no native SCIM or automated provisioning to offload that work. Onboarding a single employee requires collecting SSN, compensation, work location, and completing I-9/W-4 paperwork before the account is fully active;
none of this can be batched or scripted through a public API.
Terminations carry compounding manual risk: the effective date drives final payroll, state-specific final pay laws (e.g., California's same-day rule) must be manually accounted for, and IdP/SSO deprovisioning must be handled separately - TriNet platform deactivation does not revoke access in external identity providers.
Administrators have reported that certain configuration changes require opening a support ticket rather than self-serving in the console, adding further latency to routine access changes.
What IT admins are saying
Community evidence is not specific enough to quote or summarize yet for this app.
The decision
TriNet fits companies that want a single vendor to own HR, payroll, benefits administration, and compliance under a co-employment model. The tradeoff is reduced platform flexibility: role customization is limited, API access is absent, and every employee lifecycle event is a manual, compliance-bound workflow.
If your team needs automated provisioning across every app tied to employee status, TriNet's current architecture will require a manual bridge at every integration point. Companies with high hiring velocity or distributed state footprints should weigh the compliance overhead carefully before committing.
Bottom line
TriNet delivers broad HR and compliance coverage under a PEO model, but that model comes with meaningful operational constraints for IT and identity teams.
There is no public API, no SCIM provisioning, and no automated deprovisioning - every employee lifecycle change is a manual, compliance-bound action with payroll and legal consequences.
Teams managing access across a multi-app environment will need to build and maintain manual synchronization processes until TriNet expands its integration surface.
Automate TriNet workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
