cloudflare · patriciasantaana · Dec 17, 2024 · Dec 11, 2024 · Dec 11, 2024 · Dec 11, 2024
@@ -4,82 +4,80 @@
 
 ---
 
-Account owned tokens are the first step that Cloudflare is taking to represent service principals in our service.
-
-Cloudflare is working to ensure that all features eventually become compatible with account owned tokens. 
-
-If you are working with a service that is not currently supported by account owned tokens, it is recommended that you continue to use the existing user tokens.
+While user tokens act on behalf of a particular user, and inherit a subset of that user's permissions, account owned tokens allow you to set up durable integrations that can act as service principals, effectively acting as themselves with their own specific set of permissions. This approach is ideal for scenarios like CI/CD, or building integrations with external services like SEIMs where it's important that the integration keeps working, even long after the user who configured the integration may have left your organization altogether. User tokens are better for ad hoc tasks like scripting, where acting as the user is ideal, and durability is less of a concern. 
 
+## Creating an account owned token
 :::note
-User tokens will continue to work and we do not have plans to deprecate them.
+Creating an account owned token requires Super Administrator permission on the account
 :::
 
-Account owned tokens are available to all customers. Super Administrators of accounts on the [Cloudflare dashboard](https://dash.cloudflare.com/) can find them via **Manage Account** > **API Tokens**.
-
-You can still create tokens using the Cloudflare dashboard, and it can also be accessed via the API at `/accounts/<accountID>/tokens`.
+1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com)
+2. In the sidebar, choose **Manage Account**
+3. Choose **Account API Tokens**
+4. Click **Create Token**
+5. Navigate through the subsequent pages to set the name, permissions, and the (optional) expiration date for the token. Click **Continue to Summary**
+6. Review the details, and finally click **Create Token**
 
-Try using account owned tokens specifically in these scenarios:
-
-- You require business continuity when managing tokens as a team of super administrators.
-- You need to restrict API access on your account and want to centralize visibility and management of these tokens.
+You can alternatively create a token using the [account owned token creation API](https://developers.cloudflare.com/api-next/resources/accounts/subresources/tokens/methods/create/). 
 
 ## Compatibility matrix
 
-Account owned tokens are a new credential type that is currently in open beta. Refer to the table below for products currently supported and their compatibility status.
+Account owned tokens are generally available in all accounts. Some services may not support account owned tokens yet. Please see the compatibility matrix below for the latest status. 
+
+| Product | Compatibility |
+| :---- | :---- |
+| Access | ❌ |
+| Account Analytics | ❌ |
+| Account Management | ✅ |
+| AI Gateway | ✅ |
+| AMP | ✅ |
+| API Shield | ✅ |
+| Billing | ❌ |
+| Cache | ✅ |
+| Cloud Connector | ✅ |
+| Configuration Rules | ✅ |
+| Custom Pages | ✅ |
+| Data Loss Prevention | ✅ |
+| Digital Experience Monitoring | ✅ |
+| Distributed Web | ❌ |
+| DNS | Partial (Non-analytics) |
+| Durable Objects | ❌ |
+| Email Relay | ❌ |
+| Gateway Filtering | ❌ |
+| Healthchecks | ✅ |
+| Hyperdrive | ❌ |
+| Images | ✅ |
+| Intel Data Platform | ❌ |
+| Load Balancing | ❌ |
+| Log Explorer | ❌ |
+| Magic Network Monitoring | ✅ |
+| Magic Transit | ❌ |
+| Magic WAN | ❌ |
+| Managed Rules | ❌ |
+| Network Error Logging | ❌ |
+| Page Shield | ✅ |
+| Pages | ✅ |
+| Pub/Sub | ❌ |
+| R2 | ✅ |
+| Radar | ✅ |
+| Registrar | ❌ |
+| Rulesets | ✅ |
+| Spectrum | ❌ |
+| Speed | ✅ |
+| Stream | ✅ |
+| Super Bot Fight Mode | ❌ |
+| Trace | ✅ |
+| Tunnels | ✅ |
+| Turnstile | ❌ |
+| Vectorize | ❌ |
+| Waiting Room | ✅ |
+| Workers | ✅ |
+| Workers AI | ❌ |
+| Workers KV | ✅ |
+| Workers Observability | ❌ |
+| Workers Queues | ✅ |
+| Zaraz | ❌ |
+| Zero Trust Client Platform | ❌ |
+| Zero Trust Devices and Services | ✅ |
+| Zone/Domain Management | ✅ |
 
-| Product                         | Compatible              |
-| ------------------------------- | ----------------------- |
-| Account Management              | ✅                     |
-| Account Analytics               | ❌                     |
-| Zero Trust Devices and Services | ✅                     |
-| Stream                          | ✅                     |
-| Pages                           | ✅                     |
-| Speed                           | ✅                     |
-| Images                          | ✅                     |
-| Zone/Domain Management          | ✅                     |
-| Workers                         | ✅                     |
-| Workers Queues                  | ✅                     |
-| Workers KV                      | ✅                     |
-| Workers AI                      | ❌                     |
-| Workers Observability           | ❌                     |
-| Durable Objects                 | ❌                     |
-| R2                              | ✅                     |
-| Tunnels                         | ✅                     |
-| Cache                           | ✅                     |
-| Rulesets                        | ✅                     |
-| Custom Pages                    | ✅                     |
-| Cloud Connector                 | ✅                     |
-| Trace                           | ✅                     |
-| Configuration Rules             | ✅                     |
-| DNS                             | Partial (Non-analytics) |
-| Access                          | ❌                      |
-| Magic WAN                       | ❌                      |
-| Magic Transit                   | ❌                      |
-| Magic Network Monitoring        | ✅                      |
-| Managed Rules                   | ❌                      |
-| Load Balancing                  | ❌                      |
-| Spectrum                        | ❌                      |
-| Pub/Sub                         | ❌                      |
-| Distributed Web                 | ❌                      |
-| Radar                           | ✅                      |
-| Data Loss Prevention            | ✅                      |
-| Network Error Logging           | ❌                      |
-| Super Bot Fight Mode            | ❌                      |
-| Page Shield                     | ✅                      |
-| AI Gateway                      | ✅                      |
-| Turnstile                       | ❌                      |
-| AMP                             | ✅                      |
-| API Shield                      | ✅                      |
-| Billing                         | ❌                      |
-| Digital Experience Monitoring   | ✅                      |
-| Intel Data Platform             | ❌                      |
-| Email Relay                     | ❌                      |
-| Gateway Filtering               | ❌                      |
-| Healthchecks                    | ✅                      |
-| Log Explorer                    | ❌                      |
-| Zero Trust Client Platform      | ❌                      |
-| Registrar                       | ❌                      |
-| Hyperdrive                      | ❌                      |
-| Vectorize                       | ❌                      |
-| Waiting Room                    | ✅                      |
-| Zaraz                           | ❌                      |