Summary and recommendation
Zapier user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Zapier's admin console lives at Settings → Members and is accessible to Owner and Admin roles on Team and Enterprise plans. Three fixed roles govern every app in the account: Owner (one per account, full control), Admin (member and Zap management, no billing access), and Member (own Zaps plus shared folders only).
There are no custom roles or per-Zap permission granularity beyond folder membership.
Quick facts
| Admin console path | Settings → Members (accessible to Owner and Admin roles on Team and Enterprise plans) |
| Admin console URL | Official docs |
| SCIM available | Yes |
| SCIM tier required | Enterprise |
| SSO prerequisite | Yes |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Owner | Full account control: billing, plan changes, member management, all Zaps and folders, can transfer ownership. One per account. | Cannot have more than one Owner simultaneously. Cannot be removed by Admins. | Team or Enterprise | Counts as a paid seat | Ownership transfer requires deliberate action from the current Owner; Admins cannot force a transfer. |
| Admin | Invite and remove members, manage roles, access all team Zaps and folders, manage shared app connections. | Cannot change billing/plan, cannot remove or demote the Owner. | Team or Enterprise | Counts as a paid seat | Admins can see and edit all Zaps in the account, including those created by other members. |
| Member | Create and manage own Zaps, use shared app connections granted by Admin, collaborate in shared folders they are invited to. | Cannot invite other users, cannot access Zaps outside folders they are explicitly shared on, cannot manage billing or app connections. | Team or Enterprise | Counts as a paid seat | Members cannot see Zaps owned by other members unless placed in a shared folder. |
Permission model
- Model type: role-based
- Description: Zapier uses three fixed roles (Owner, Admin, Member) applied at the account level. Folder-level sharing provides a secondary layer of access control for Zaps. There are no custom roles or granular permission sets beyond these three tiers.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Account-level role assignment plus folder-level Zap sharing. No per-Zap or per-integration permission granularity beyond folder membership.
How to add users
- Sign in to Zapier and navigate to zapier.com/app/settings/members.
- Click 'Invite members'.
- Enter the email address(es) of the user(s) to invite.
- Select the role to assign: Admin or Member.
- Click 'Send invite'. The invitee receives an email to accept and create or link their Zapier account.
Required fields: Email address, Role (Admin or Member)
Watch out for:
- Invitations consume a seat immediately upon acceptance; the seat count increases the billing amount at the next billing cycle.
- Users must accept the invitation via email before they appear as active members.
- Only Owners and Admins can send invitations.
- On Team plan, there is a minimum seat count tied to the plan; reducing below that minimum requires a plan downgrade.
- Invited users who already have a personal Zapier account will be prompted to link or switch accounts.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | No | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Enterprise |
How to remove or deactivate users
- Can delete users: Verify in tenant
- Delete/deactivate behavior: This app exposes delete operations in its API documentation, but the admin-console path may present removal as deactivation, archiving, or deletion depending on tenant configuration. Confirm whether the UI action is reversible before treating removal as recoverable.
- Navigate to zapier.com/app/settings/members.
- Locate the member to remove.
- Click the three-dot (⋯) menu or 'Remove' option next to the member's name.
- Confirm the removal in the dialog prompt.
- The member loses access to the team account immediately.
| Data impact | Behavior |
|---|---|
| Owned records | Zaps owned by the removed member remain in the account and continue to run. Ownership of those Zaps does not automatically transfer; an Admin or Owner must manually reassign or move them. |
| Shared content | Shared folders and Zaps the removed member contributed to remain accessible to other team members with folder access. |
| Integrations | App connections (authenticated credentials) set up by the removed member that are shared with the team remain available to the team until explicitly revoked by an Admin. |
| License freed | The seat is freed and billing adjusts at the next billing cycle. Immediate mid-cycle credit behavior depends on plan terms. |
Watch out for:
- Zaps owned by a removed member continue to run and consume the team's task quota until an Admin pauses or reassigns them.
- App connections authenticated by the removed member remain active for the team; Admins should audit and re-authenticate sensitive connections after removal.
- The Owner role cannot be removed by Admins; ownership must be transferred first.
- On Enterprise with SCIM, deprovisioning via the IdP suspends access but the same Zap and connection considerations apply.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Team seat (Owner/Admin/Member) | Access to shared Zaps, folders, and app connections within the team account. Task quota is shared across all seats on Team plan. | Team plan starts at $103.50/month (billed annually) for up to 25 seats with 2,000 tasks/month; per-seat pricing applies above minimums. Enterprise pricing is custom. |
- Where to check usage: zapier.com/app/settings/members - shows current member list and seat count. Billing details at zapier.com/app/settings/billing.
- How to identify unused seats: No built-in 'last active' or login-date column is displayed in the Members settings page as of the research date. Admins must cross-reference member list against Zap ownership and activity manually, or use SCIM/IdP activity logs on Enterprise.
- Billing notes: Team plan is billed per seat with a minimum seat floor. Adding members mid-cycle is prorated. Removing members frees the seat at the next billing cycle. Enterprise pricing is negotiated directly with Zapier sales and is not publicly listed.
The cost of manual management
Every app connected through a removed member's credentials stays live and continues consuming the team's task quota until an Admin manually pauses or reassigns those Zaps. Shared app connections authenticated by that member also remain active, creating a standing security gap that requires manual audit.
Because the Members console shows no last-login or activity column, identifying unused seats means cross-referencing Zap ownership by hand - there is no built-in idle-seat report on any plan below Enterprise.
What IT admins are saying
Recurring friction points reported by admins center on three areas. First, no read-only Zap sharing exists: Members either have full folder access or none at all.
Second, Zaps owned by removed members keep running silently, which surprises teams that assume removal equals immediate cleanup. Third, Enterprise pricing is opaque - no public figures are available, and any estimate requires a sales conversation.
Common complaints:
- Enterprise pricing not transparent; users report needing to contact sales for any pricing information.
- Limited documentation on advanced SCIM features and attribute mapping.
- No granular per-Zap permissions; Members either have folder access or they do not, with no read-only Zap sharing.
- Zaps owned by removed members continue running and consuming tasks, requiring manual cleanup by Admins.
- No built-in last-login or activity reporting in the Members console, making it difficult to identify inactive seats.
- Shared app connections from removed members remain active, creating a potential security gap if not manually audited.
- Minimum seat counts on Team plan mean organizations cannot reduce seats below the plan floor without downgrading.
- No CSV bulk-import for invitations; large team onboarding requires individual email invites unless SCIM is configured.
The decision
SCIM provisioning is gated behind the Enterprise plan and requires SAML SSO to be fully configured first; Team and lower plans have no automated provisioning path. If your organization manages identity through Okta, Azure AD (Entra ID), or OneLogin, Enterprise SCIM eliminates the manual invite-and-remove loop for every app in scope.
Teams on the Team plan should budget time for manual offboarding cleanup - particularly Zap reassignment and app-connection audits - every time a member departs.
Bottom line
Zapier's permission model is straightforward for small teams but shows its limits at scale: three fixed roles, no granular per-Zap controls, and no native activity reporting make ongoing access hygiene a manual discipline.
Offboarding in particular requires a deliberate checklist - Zap reassignment, app-connection re-authentication, and seat reconciliation at the next billing cycle - because none of these steps happen automatically below the Enterprise SCIM tier.
Teams that have already standardized on Okta, Azure AD, or OneLogin will find the Enterprise SCIM path the only reliable way to keep access state in sync without recurring manual effort.
Automate Zapier workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
