Service Accounts

STARTERTEAMENTERPRISE

Service accounts are actors that can be used with Firezone Clients that support headless mode operation. They are commonly used for situations where you want to manage access from a server, machine, IoT device, or other non-user machine to your Resources.

Service accounts behave like any other actor in Firezone. They can be added to Groups and Policies to gain access to Resources.

Unlike users, however, service accounts must be managed manually and are never synced from your identity provider.

Because service accounts authenticate to your Firezone account without user interaction, their tokens have a 1-year expiration by default. This can be changed when creating the service account.

Create a service account

To create a service account, head to Actors -> Add Actor and select Service Account as the type.

On the next screen, set an appropriate expiration date for the token.

You will then be shown a token you'll need to store somewhere safe. This token can then be used with Firezone Clients that support headless mode operation.

You can add as many tokens as you like to a service account, and you can revoke them at any time.


Need additional help?

Try asking on one of our community-powered support channels:

Or try searching the docs: