Docs / Admin

Removing and suspending users

You can remove users who should no longer be on your network in the admin console. You can also suspend users to prevent them from using Tailscale without permanently deleting their devices.

If you want to delete your account, contact support.

Removing users from your network

You need to be an Owner, Admin, or IT Admin of a tailnet in order to delete a user.

You can delete a user from the admin console:

  1. Navigate to the users page.
  2. Find the row corresponding to the user you are interested in.
  3. Click on the ellipsis icon at the far right and select the “Delete user” option:
  4. Done. The user is deleted.

When a user is removed from your network, the user, user-owned machines, and machines tagged by the user are removed. The user’s keys are removed from the coordination server so that any further requests from those devices to connect to the network are blocked. This usually happens within seconds.

To avoid removing machines tagged by a user when the user is deleted, reauthenticate the machine with a user who will not be deleted using the --force-reauth flag.

Only Admins and Members can be deleted; a network’s Owner cannot be deleted.

  • To delete the Owner in a Team, Business or Enterprise plan, first make a different user the Owner, then delete the desired user.
  • To delete the Owner in a Personal plan, since the Owner is the only user, you must delete the tailnet. See the section below.

Suspending and restoring users from your network

If you don’t want to delete a user from your network right away, but want to restrict them from using Tailscale, you can suspend the user.

You need to be an Owner, Admin, or IT Admin of a tailnet in order to suspend and restore a user.

You can suspend a user from the admin console:

  1. Navigate to the users page.
  2. Find the row corresponding to the user you are interested in.
  3. Click on the ellipsis icon at the far right and select the “Suspend user” option.
  4. The user is shown as “Suspended” in the users page.

When a user is suspended, they cannot use Tailscale on this tailnet. That means:

  • Their devices are not able to connect to other devices in the tailnet, including other devices they own or tagged
  • They cannot add new devices to the tailnet
  • They cannot access the admin console
  • Their API keys and auth keys stop working

If someone else has access to their devices, they can re-authenticate or tag these devices and use them in the same tailnet.

You can restore a user from the admin console by choosing the “Restore user” option.

When a user is restored, they regain access to Tailscale on this tailnet, including the devices they owned when they were restored. That means:

  • Their devices are able to reconnect to other devices in the tailnet, as allowed by ACLs
  • They can add new devices to the tailnet
  • They can access the admin console, if allowed by their role
  • Their API keys and auth keys work, if they have not expired

Inactive users

If a user does not own any machines and has not logged into Tailscale in more than 7 days, and is not an Owner, Admin, Network Admin or IT Admin, they are shown as “Inactive” in the users page.

Leaving a network

You cannot delete yourself from a network or leave a network. Ask your Admin to remove your account.

You can, however, delete your account. See the section below.

Deleting your user account or your entire tailnet

To delete your account or your entire tailnet, contact support.

When you delete your account, we will permanently delete all node and user data and metadata for your account from our coordination server’s database. Some data may still exist in temporary storage, such as diagnostic logs and backups, and will generally rotate out automatically within 60 days.

Tailscale gathers or stores almost no personal information, except the metadata necessary to operate the product, such as your email address, your full name, a link to your external account profile, and some IP addresses needed for NAT traversal, in compliance with our privacy policy.

Even after deleting your account, you will still be able to log into Tailscale with an identity provider. This is because upon logging into Tailscale, our system automatically creates a new account if one does not exist. Do not log into Tailscale if you do not want an account to be re-created automatically.

Deleting your account data from Tailscale does not automatically unsubscribe you from any mailing lists. To do that, you will also need to unsubscribe from our newsletter and from Tips & Tricks emails, respectively.

Last updated

WireGuard is a registered
trademark of Jason A. Donenfeld.

© 2021 Tailscale Inc.

Privacy & Terms