You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/identity/users/seat-management.mdx
+5-3Lines changed: 5 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,8 +9,6 @@ Cloudflare Zero Trust subscriptions consist of seats that active users in your a
9
9
10
10
The amount of seats available in your Zero Trust account depends on the amount of users you purchase. If you want to increase the number of seats available, you will have to purchase more users. Learn more about adding and removing seats from your account in the [Zero Trust FAQ](/cloudflare-one/faq/getting-started-faq/#how-do-i-change-my-subscription-plan).
11
11
12
-
Access [service tokens](/cloudflare-one/identity/service-tokens/) do not consume seats.
13
-
14
12
## Authentication events
15
13
16
14
A user consumes a seat when they perform an authentication event. For Access, this is any Cloudflare Access authentication event, like a login to the [App Launcher](/cloudflare-one/applications/app-launcher/) or an application. For Gateway, this means any Cloudflare WARP authentication event, like enrolling a device to your Zero Trust organization.
@@ -19,6 +17,8 @@ If either one of these events occurs, that user's identity is added as an Active
19
17
20
18
A user who authenticates will hold their seat until you [remove the user](#remove-a-user) from your account. By default, inactive users will not be [automatically removed](#enable-seat-expiration) from your account. You can remove a single user or all users at any time, and those users will immediately stop counting against the seat count defined in your subscription.
21
19
20
+
If you notice a number of accounts greater than the number of your users, you may need to configure an Access [bypass policy](/cloudflare-one/policies/access/#bypass). Alternatively, you can use Access [service tokens](/cloudflare-one/identity/service-tokens/) to allow access to applications without consuming seats.
21
+
22
22
## Manage users
23
23
24
24
### Check number of seats used
@@ -36,6 +36,8 @@ To revoke a user from your Zero Trust organization:
36
36
3. Select **Action** > **Revoke**.
37
37
4. Select **Revoke sessions**.
38
38
39
+
Revoked users can still log in if your policies allow them.
40
+
39
41
### Remove a user
40
42
41
43
Removing a user from your Zero Trust organization will free up the seat the user consumed. The user will still appear in your list of users.
@@ -52,7 +54,7 @@ The user will now show as **Inactive** and will no longer occupy a seat. If a us
52
54
To automate the removal of users who have not logged in or triggered a device enrollment in a specific amount of time, turn on [seat expiration](#enable-seat-expiration).
53
55
54
56
:::note[User record persistence]
55
-
You cannot delete or archive a user record. You can [remove a user](#remove-a-user) from a seat, but their user record will remain in your Zero Trust organization.
57
+
You cannot delete or archive a user record. You can [remove a user](#remove-a-user) from a seat, but their user record will remain in your Zero Trust organization. Inactive users do not count towards billing.
0 commit comments