Removing and suspending users

You can remove users who should no longer be on your network in the admin console. You can also suspend users to prevent them from using Tailscale without permanently deleting their devices.

If you want to delete your account, contact support.

Removing users from your network

You need to be an Owner, Admin, or IT Admin of a tailnet in order to delete a user.

You can delete a user from the admin console:

  1. Navigate to the Users page.
  2. Find the row corresponding to the user you are interested in.
  3. Click on the ellipsis icon at the far right and select the Delete user option:
  4. Done. The user is deleted.

When a user is deleted from your network:

  • Their devices are deleted. The devices’ keys are removed from the coordination server so that any further requests from those devices to connect to the network are blocked.
  • Their API keys and auth keys stop working

This usually happens within seconds.

Only Admins and Members can be deleted; a network’s Owner cannot be deleted.

  • To delete the Owner in a Team, Business or Enterprise plan, first make a different user the Owner, then delete the desired user.
  • To delete the Owner in a Personal plan, since the Owner is the only user, you must delete the tailnet. See the section below.

Suspending and restoring users from your network

If you don’t want to delete a user from your network right away, but want to restrict them from using Tailscale, you can suspend the user.

You need to be an Owner, Admin, or IT Admin of a tailnet in order to suspend and restore a user.

You can suspend a user from the admin console:

  1. Navigate to the Users page.
  2. Find the row corresponding to the user you are interested in.
  3. Click on the ellipsis icon at the far right and select the Suspend user option.
  4. The user is shown as Suspended in the users page.

When a user is suspended, they cannot use Tailscale on this tailnet. That means:

  • Their devices are not able to connect to other devices in the tailnet, including other devices they own
  • They cannot add new devices to the tailnet. If they try to sign in on a device, they will get an error that they are suspended
  • They cannot access the admin console
  • Their API keys and auth keys stop working

If someone else has access to their devices, they can re-authenticate or tag these devices and use them in the same tailnet.

You can restore a user from the admin console by choosing the Restore user option.

When a user is restored, they regain access to Tailscale on this tailnet, including the devices they owned when they were restored. That means:

  • Their devices are able to reconnect to other devices in the tailnet, as allowed by ACLs
  • They can add new devices to the tailnet
  • They can access the admin console, if allowed by their role
  • Their API keys and auth keys work, if they have not expired

Inactive users

If a user does not own any devices and has not logged into Tailscale in more than 7 days, and is not an Owner, Admin, Network Admin or IT Admin, they are shown as Inactive in the users page.

Leaving a network

You cannot delete yourself from a network or leave a network. Ask your Admin to remove your account.

You can, however, delete your account. To delete your account, contact support.

Deleting your tailnet

If your tailnet only has one user, you can delete it from the General Settings page of the admin console. You need to be the Owner of a tailnet to delete it.

  1. Open General Settings.

  2. Select Delete tailnet.

  3. To confirm you want to delete your tailnet, enter the domain of your tailnet. For a Personal account, this is your account name.

  4. Click Delete to confirm.

  5. Your tailnet is now deleted.

If your tailnet has multiple users, to delete your entire tailnet, contact support. You need to be the Owner of a tailnet to delete it.

When you delete your tailnet, we will permanently delete all node and user data and metadata for your tailnet from our coordination server’s database. Some data may still exist in temporary storage, such as diagnostic logs and backups, and will generally rotate out automatically within 60 days.

Tailscale gathers or stores almost no personal information, except the metadata necessary to operate the product, such as your email address, your full name, a link to your external account profile, and some IP addresses needed for NAT traversal, in compliance with our privacy policy.

If you want to start using Tailscale again after deleting your account, you can use the same account to log in with your preferred identity provider. Upon logging into Tailscale, our system automatically creates a new account if one does not exist. Do not log into Tailscale if you do not want an account to be re-created automatically.

Deleting your data from Tailscale does not automatically unsubscribe you from any mailing lists. To do that, you will also need to unsubscribe from our newsletter and from Tips & Tricks emails, respectively.

Last updated

WireGuard is a registered
trademark of Jason A. Donenfeld.

© 2022 Tailscale Inc.

Privacy & Terms