Summary and recommendation
Workable user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Workable's user management is handled entirely through a role-based access model with six predefined roles: Super Admin, Admin, Hiring Manager, Recruiter, Reviewer, and External Recruiter.
There are no custom roles - every user is assigned one of these fixed access levels.
Roles can be scoped further at the per-job level, so a single user can act as Hiring Manager on one job and Reviewer on another.
Quick facts
| Admin console path | Settings → Members & Permissions (or Settings → Users) |
| Admin console URL | Official docs |
| SCIM available | No |
| SCIM tier required | Premier |
| SSO prerequisite | Yes |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Super Admin | Full account access: manage billing, account settings, all jobs, all candidates, all users, integrations, and reports. Can add/remove/deactivate users and change access levels. | All plans | Included in plan seat | Only Super Admins can manage other users' access levels and account-level settings. | |
| Admin | Can manage all jobs and candidates, view reports, and manage most settings. Cannot manage billing or promote users to Super Admin. | Cannot manage billing or account subscription. Cannot change Super Admin access. | All plans | Included in plan seat | |
| Hiring Manager | Access to jobs they are assigned to as hiring manager. Can view and move candidates, leave comments, and schedule interviews for their jobs. | Cannot access jobs they are not assigned to. Cannot manage account settings or other users. | All plans | Included in plan seat | Access is scoped per job; must be explicitly added to each job. |
| Recruiter | Can manage jobs and candidates they are assigned to. Can post jobs, review applications, and communicate with candidates on assigned jobs. | Cannot access jobs they are not assigned to. Cannot manage account-level settings. | All plans | Included in plan seat | |
| Reviewer | Read-only access to candidates on jobs they are assigned to. Can leave comments and scorecards but cannot move candidates through pipeline stages. | Cannot move candidates, post jobs, or access account settings. | All plans | Included in plan seat | Reviewers do not consume a paid seat on some plan configurations; verify current plan terms. |
| External Recruiter | Limited portal access to submit candidates for specific jobs. Cannot see internal notes or other candidates. | Cannot access internal pipeline details, account settings, or other jobs. | All plans | External Recruiters access Workable through a separate portal link, not the main app login. |
Permission model
- Model type: role-based
- Description: Workable uses predefined access levels (Super Admin, Admin, Hiring Manager, Recruiter, Reviewer, External Recruiter). Permissions are assigned per user at the account level and can be further scoped per job. There are no fully custom roles; admins select from the fixed set of access levels.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Role-level with per-job scoping. Users can be assigned different roles on different jobs (e.g., Hiring Manager on one job, Reviewer on another).
How to add users
- Log in as Super Admin or Admin.
- Navigate to Settings → Members (or Settings → Users).
- Click 'Invite member' or 'Add user'.
- Enter the invitee's email address.
- Select the access level (role) for the user.
- Optionally assign the user to specific jobs.
- Click 'Send invitation'. The invitee receives an email to set up their account.
Required fields: Email address, Access level (role)
Watch out for:
- Invited users must accept the email invitation before they can log in.
- If SSO is enforced, users must authenticate via the configured identity provider.
- Job-level access must be configured separately after the user is added if scoped access is needed.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | No | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | No | Not documented |
How to remove or deactivate users
- Can delete users: No
- Delete/deactivate behavior: Workable supports deactivating users rather than permanently deleting them. Deactivated users lose access to the account but their historical activity and associated records are retained. Official documentation describes deactivation as the mechanism for removing access.
- Log in as Super Admin.
- Navigate to Settings → Members (or Settings → Users).
- Locate the user to deactivate.
- Click on the user's name or the options menu next to their name.
- Select 'Deactivate' and confirm the action.
| Data impact | Behavior |
|---|---|
| Owned records | Candidate records, comments, and evaluations created by the deactivated user remain in the account and are still visible to active users. |
| Shared content | Job postings and pipeline activity associated with the deactivated user are retained and accessible to other team members. |
| Integrations | Not documented |
| License freed | Deactivating a user frees up their seat, which can be reassigned to a new user. |
Watch out for:
- Deactivated users cannot be permanently deleted through the UI per official documentation.
- A Super Admin cannot deactivate themselves; another Super Admin must perform the action.
- Reactivating a deactivated user restores their access at the previously assigned role level.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Full member seat | Access for Super Admin, Admin, Hiring Manager, Recruiter roles. Counts toward plan user limit. | Included in plan subscription; plan pricing is not per-seat but per plan tier with employee/hiring volume limits. |
| Reviewer | Limited pipeline review access. Seat cost treatment varies by plan. | |
| External Recruiter | Portal-only access for external agency recruiters to submit candidates. | Typically does not consume a standard seat; verify with Workable support for current plan terms. |
- Where to check usage: Settings → Members - lists all active and deactivated users with their roles.
- How to identify unused seats: Review the Members list for users who have not logged in recently; Workable does not natively surface last-login timestamps in the standard UI per available documentation.
- Billing notes: Workable pricing is plan-tier based (Starter, Standard, Premier) rather than strictly per-seat. Plans include limits on active employees/hiring volume. Add-ons (texting, video interviews, assessments) are billed separately. SSO is available on Standard annual plan as an add-on or included in Premier.
The cost of manual management
Workable does not expose last-login timestamps in the standard Members UI, which means identifying inactive users requires manual review of the members list with no reliable signal for recency. There is no bulk CSV import for adding users, so every new hire or contractor must be invited individually.
Without SCIM, every app that connects to your identity provider for automated provisioning is out of scope - onboarding and offboarding in Workable stays a manual, admin-driven process.
SSO is available on the Premier plan or as a paid add-on on Standard (annual billing only). Even with SSO enabled, user deprovisioning is not automated - deactivation must be performed manually by a Super Admin in Settings → Members.
What IT admins are saying
Community evidence is not specific enough to quote or summarize yet for this app.
The decision
Workable's manual user management is practical for teams under roughly 50 people where hiring volume is moderate and role assignments are stable. The fixed role set covers most recruiting org structures without configuration overhead.
Every app in your stack that depends on IdP-driven provisioning will need a workaround here - SCIM is not natively supported, there is no bulk-import path, and granular custom permissions are not available.
If your org enforces SSO as a security baseline, confirm whether you are on Premier or Standard annual before assuming SSO is included. Deactivation - not deletion - is the only supported offboarding action; historical activity and records are retained after deactivation.
Bottom line
Workable's manual user management covers the basics reliably: invite by email, assign a role, scope to jobs, deactivate when done.
Every app in your stack that depends on automated provisioning will need a workaround here, since SCIM is not natively supported and there is no bulk-import path. For small-to-mid-sized recruiting teams with stable rosters, the overhead is manageable.
For orgs with frequent headcount changes or strict IdP-driven lifecycle policies, the manual process will create recurring administrative debt.
Automate Workable workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
