Summary and recommendation
Vena user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Vena is an AI-powered FP&A platform built around an Excel-native model, and its user management lives entirely inside the Admin Panel at app.vena.io (Settings → Users).
Every app in a finance team's stack eventually demands the same audit question who has access and at what level
and in Vena that answer requires navigating four fixed roles: Administrator, Power User, Contributor, and Viewer.
No custom roles are supported on any plan.
Quick facts
| Admin console path | Admin Panel → Users (accessible via the gear/settings icon in the Vena web application) |
| Admin console URL | Official docs |
| SCIM available | Yes |
| SCIM tier required | Enterprise |
| SSO prerequisite | Yes |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Administrator | Full access to all Vena settings including user management, template configuration, integrations, SSO/SCIM setup, and all model data. | Administrator role grants broad system-wide access; should be assigned sparingly. | |||
| Power User | Can build and edit templates, manage workflows, access all model data assigned to them, and run reports. | Cannot manage system-level settings or other users. | Typically the primary role for FP&A team members who build and maintain models. | ||
| Contributor | Can enter data into assigned templates and participate in workflows. Read access to reports they are granted. | Cannot build or edit templates, cannot access admin settings. | Intended for budget owners and business users who only need to input data. | ||
| Viewer | Read-only access to reports and dashboards they are explicitly granted access to. | Cannot enter data, build templates, or access admin settings. | Viewer seats may be priced differently from full contributor/power user seats; confirm with Vena account team. |
Permission model
- Model type: role-based
- Description: Vena uses predefined system roles (Administrator, Power User, Contributor, Viewer) combined with object-level access controls on templates, models, and reports. Admins assign roles at the user level and can further restrict data access via dimension-level security within the model.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Role assignment at the user level; data-level security configurable via model dimension access and template permissions.
How to add users
- Log in to Vena as an Administrator.
- Navigate to the Admin Panel via the settings icon.
- Select 'Users' from the left-hand navigation.
- Click 'Add User' or 'Invite User'.
- Enter the user's first name, last name, and email address.
- Assign a role (Administrator, Power User, Contributor, or Viewer).
- Optionally assign the user to groups or specific model access.
- Click 'Save' or 'Send Invitation'. The user receives an email invitation to set up their account.
Required fields: First name, Last name, Email address, Role
Watch out for:
- Users must accept the email invitation before they can log in; pending invitations consume a license seat.
- If SSO is enforced, users must authenticate via the configured IdP and cannot use a local password.
- Adding users beyond contracted seat count may trigger overage charges; confirm seat limits with the Vena account team before bulk additions.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | Unknown | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Enterprise |
How to remove or deactivate users
- Can delete users: Unknown
- Delete/deactivate behavior: Vena's official documentation describes deactivating users rather than permanently deleting them. Deactivated users cannot log in and do not consume an active seat, but their historical data and contributions are retained. Whether a hard delete is available is not explicitly confirmed in publicly available official documentation.
- Log in to Vena as an Administrator.
- Navigate to Admin Panel → Users.
- Locate the user by searching their name or email.
- Select the user to open their profile.
- Click 'Deactivate User' (or equivalent action).
- Confirm the deactivation when prompted.
| Data impact | Behavior |
|---|---|
| Owned records | Templates, models, and data entries created by the deactivated user are retained in the system. |
| Shared content | Reports and templates the user had access to remain accessible to other users with appropriate permissions. |
| Integrations | Not documented |
| License freed | Deactivating a user frees the seat for reassignment; confirm with Vena account team whether the seat count adjusts immediately or at the next billing cycle. |
Watch out for:
- Deactivating a user who owns critical templates or workflows may require reassigning ownership before deactivation to avoid access gaps.
- If SSO/SCIM is configured, deprovisioning the user in the IdP should also deactivate them in Vena, but manual deactivation in Vena may still be required if SCIM is not fully configured.
- Reactivating a previously deactivated user may require a new seat if the contract limit has been reached.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Full User (Power User / Contributor) | Template building, data entry, workflow participation, and reporting depending on assigned role. | |
| Viewer | Read-only access to reports and dashboards. |
- Where to check usage: Admin Panel → Users → filter by status (Active/Inactive) to review current active seat consumption.
- How to identify unused seats: Review the 'Last Login' column in the Users list within the Admin Panel to identify users who have not logged in recently.
- Billing notes: Vena is sold on annual contracts starting at approximately $5,000/year for Professional and $10,000/year for Complete. Seat counts and types are negotiated at contract time. Overages and seat additions typically require a contract amendment. Implementation fees are separate from licensing costs.
The cost of manual management
Pending invitations consume a license seat even before the user logs in, so stale invites silently inflate your active seat count. Deactivated users retain their historical data, but reclaiming that seat in billing typically requires contacting the account team directly rather than a self-serve adjustment. Overages trigger a contract amendment, not an automatic true-up.
What IT admins are saying
Community evidence is not specific enough to quote or summarize yet for this app.
The decision
Every app that lacks automated provisioning creates the same pattern: manual invitations, role assignments done one user at a time, and no bulk tooling to surface dormant accounts beyond sorting by Last Login in the Users list. Vena is no exception - bulk onboarding requires individual invitations, and role reassignment is entirely manual.
Teams on the Enterprise plan should prioritize SCIM setup via Okta or Entra ID to eliminate this overhead, but SSO must be fully configured before SCIM can be enabled, and the SCIM endpoint URL is not self-service.
Bottom line
Vena's manual user management is workable for small, stable finance teams where headcount changes are infrequent, but carries real operational cost at scale: seat-type complexity, billing that does not self-correct on deactivation, and no bulk tooling mean that every access change requires deliberate admin action and often a follow-up with the account team.
Teams that can reach the Enterprise tier should treat SCIM provisioning as a prerequisite, not an optional enhancement, to keep access accurate and seat spend defensible at renewal.
Automate Vena workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
