You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/identity/users/seat-management.mdx
+37-23Lines changed: 37 additions & 23 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,51 +5,65 @@ sidebar:
5
5
order: 4
6
6
---
7
7
8
-
Cloudflare Zero Trust subscriptions consist of seats that active users in your account consume. Active users are added to Zero Trust through any authentication event.
8
+
Cloudflare Zero Trust subscriptions consist of seats that active users in your account consume. Active users are added to Zero Trust through any [authentication event](#authentication-event).
9
9
10
-
The amount of user seats available in your Zero Trust account depends on the amount of users you purchase. If you want to increase the number of seats available, you will have to purchase more users. Learn more about adding and removing seats from your account in the [Zero Trust FAQ](/cloudflare-one/faq/getting-started-faq/#how-do-i-change-my-subscription-plan).
10
+
The amount of seats available in your Zero Trust account depends on the amount of users you purchase. If you want to increase the number of seats available, you will have to purchase more users. Learn more about adding and removing seats from your account in the [Zero Trust FAQ](/cloudflare-one/faq/getting-started-faq/#how-do-i-change-my-subscription-plan).
11
11
12
-
## What constitutes an authentication event
12
+
## Authentication events
13
13
14
14
For Access, this is any Cloudflare Access authentication event, like a login to the [App Launcher](/cloudflare-one/applications/app-launcher/) or an application. For Gateway, this means any Cloudflare WARP authentication event, like enrolling a device to your ZT organization.
15
15
16
-
If either one of these events occurs, that user's identity is added as an Active user to Zero Trust and consumes one seat.
16
+
If either one of these events occurs, that user's identity is added as an Active user to Zero Trust and consumes one seat from your plan. The user will occupy and consume a single seat regardless of the number of applications accessed or login events from their user account. Once the total amount of seats in the subscription has been consumed, additional users who attempt to log in are blocked.
17
17
18
-
The user then continues to occupy and consume a single seat regardless of the number of applications accessed or login events. Once the total amount of seats in the subscription has been consumed, additional users who attempt to log in are blocked.
18
+
A user who authenticates will hold their seat until you [remove the user](#remove-a-user) from your account. By default, inactive users will not be [automatically removed](#enable-seat-expiration) from your account. You can remove a single user or all users at any time, and those users will immediately stop counting against the seat count defined in your subscription.
19
19
20
-
A user who authenticates will hold their seat until you [remove the user](#remove-a-user) from your account. By default, inactive users will not be [automatically removed](#enable-seat-expiration) from your account. You can remove a single user or all users at any time, and those users will immediately stop counting against your subscription.
20
+
## Manage users
21
21
22
-
##Revoke vs remove a user
22
+
### Check number of seats used
23
23
24
-
When you revoke a user, this action will terminate active sessions, but will not remove the user's consumption of an active seat. On the other hand, removing a user will end their active session and free up one seat from your account.
24
+
To check the number of seats consumed by active users in your organization, log in to [Zero Trust](https://one.dash.cloudflare.com). **Zero Trust overview** will display the amount of seats consumed and the remaining amount available. For more details on your users, go to **My team** > **Users**.
25
25
26
-
##Check number of Active Users
26
+
### Revoke a user
27
27
28
-
You can check for the number of active users in [Zero Trust](https://one.dash.cloudflare.com) home.
28
+
When you revoke a user, this action will terminate active sessions, but will not remove the user's consumption of an active seat.
29
29
30
-
## Remove a user
30
+
To revoke a user from your Zero Trust organization:
31
31
32
-
1. In [Zero Trust](https://one.dash.cloudflare.com), go to **My Team** > **Users**.
33
-
2. Select the checkbox next to an **Active** user.
32
+
1. In [Zero Trust](https://one.dash.cloudflare.com), go to **My team** > **Users**.
33
+
2. Select the checkbox next to a user with an **Active** status in the **Seat usage** column.
34
+
3. Select **Action** > **Revoke**.
35
+
4. Select **Revoke sessions**.
36
+
37
+
### Remove a user
38
+
39
+
Removing a user from your Zero Trust organization will free up the seat the user consumed. The user will still appear in your list of users.
40
+
41
+
To remove a user from your Zero Trust organization:
42
+
43
+
1. In [Zero Trust](https://one.dash.cloudflare.com), go to **My team** > **Users**.
44
+
2. Select the checkbox next to a user with an **Active** status in the **Seat usage** column.
34
45
3. Select **Action** > **Remove users**.
46
+
4. Select **Remove**.
47
+
48
+
The user will now show as **Inactive** and will no longer occupy a seat. If a user is removed but authenticates later, they will consume a seat again.
35
49
36
-
The user will now show as **Inactive** and will no longer occupy a seat. If a user is removed, and then authenticates once more, they will count as a seat again.
50
+
To automate the removal of users who have not logged in or triggered a device enrollment in a specific amount of time, turn on [seat expiration](#enable-seat-expiration).
37
51
38
-
##Enable seat expiration
52
+
### Delete a user record
39
53
40
-
Cloudflare Zero Trust can automatically remove any user who does not log in to an Access application or who does not trigger a device enrollment event within a specified time period (between 1 month and 1 year). These users will no longer count against your seat count.
54
+
There is currently no way to delete or archive a user record. You can [remove a user](#remove-a-user) from a seat, but their user record will remain in your Zero Trust organization.
55
+
56
+
### Enable seat expiration
57
+
58
+
Cloudflare Zero Trust can automatically remove any user who does not log in to an Access application or who does not trigger a device enrollment event within a specified time period (between one month and one year). These users will no longer count against your seat count.
41
59
42
60
To enable user seat expiration:
43
61
44
62
1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Account**.
45
-
2.Scroll down to **User Seat Expiration** and select **Edit**.
63
+
2.In **Seat Expiration**, select **Edit**.
46
64
3. Select an inactivity time from the dropdown menu.
47
65
4. Select **Save**.
48
66
49
-
If a user is removed, and then authenticates once more, they will count as a seat again.
50
-
51
-
Refer to the FAQ to [learn more](/cloudflare-one/faq/getting-started-faq/#removing-users) about the consequences of removing a user for Access and Gateway.
52
-
53
-
## Delete a user record
67
+
If a user is removed but authenticates later, they will consume a seat again.
54
68
55
-
There is currently no way to delete or archive a user record. You can [remove a user](#remove-a-user) from a seat, but their user record will remain in Zero Trust.
69
+
For more information about the consequences of removing a user for Access and Gateway, refer to the [FAQ](/cloudflare-one/faq/getting-started-faq/#removing-users).
0 commit comments