Impersonation Mode

Self-Hosted Enterprise - This page applies to self-hosted SigNoz with an active license.
Self-Hosted Community - This page applies to self-hosted SigNoz without a license.

Impersonation mode lets you run SigNoz without user accounts or login. Every request is automatically treated as admin - there is no login screen, no sign-up, and no session to manage.

Common use cases include:

  • Single-developer setups
  • Small teams operating entirely behind a VPN or firewall
  • Air-gapped environments
  • CI/automation pipelines where managing user accounts adds unnecessary friction

Prerequisites

  • SigNoz v0.126.0 or later.
  • A root user configured for your deployment. Impersonation mode treats all requests as this user. See Root User Configuration.

How it works

When impersonation mode is enabled, SigNoz treats every incoming request as the root admin user - no credentials, tokens, or API keys are checked. There are no individual user identities, no sessions, and no login flow.

Your network perimeter becomes the sole access control layer. If a request reaches SigNoz, it has full admin access.

Configuration

Configure impersonation mode via environment variables:

VariableDescription
SIGNOZ_IDENTN_IMPERSONATION_ENABLEDEnable impersonation mode (true / false).
SIGNOZ_IDENTN_TOKENIZER_ENABLEDEnable or disable token-based authentication. Set to false in impersonation mode.
SIGNOZ_IDENTN_APIKEY_ENABLEDEnable or disable API key authentication. Set to false in impersonation mode.

Example:

SIGNOZ_IDENTN_IMPERSONATION_ENABLED=true
SIGNOZ_IDENTN_TOKENIZER_ENABLED=false
SIGNOZ_IDENTN_APIKEY_ENABLED=false

All three variables are required. Setting only SIGNOZ_IDENTN_IMPERSONATION_ENABLED without disabling the tokenizer and API key authenticators will not fully activate impersonation mode.

Validate

After restarting SigNoz with the updated configuration, confirm impersonation mode is active by calling the global config endpoint:

curl http://<your-signoz-host>/api/v1/global/config

The response should show enabled: true under identN.impersonation:

{
  "data": {
    "identN": {
      "impersonation": {
        "enabled": true
      }
    }
  }
}

Disable impersonation mode

To re-enable authentication, remove or set SIGNOZ_IDENTN_IMPERSONATION_ENABLED to false. For SIGNOZ_IDENTN_TOKENIZER_ENABLED and SIGNOZ_IDENTN_APIKEY_ENABLED, set them according to your authentication requirements.

Troubleshooting

Login page still appears after enabling impersonation mode

  • Confirm all three environment variables are set correctly.
  • Check SigNoz logs for startup errors related to the identity configuration.
  • Verify GET /api/v1/global/config returns identN.impersonation.enabled: true.

GET /api/v1/global/config returns enabled: false

  • Confirm the environment variables are set on the correct service and that the service was restarted after the change.

Next steps

Last updated: May 20, 2026

Edit on GitHub

Was this page helpful?

Your response helps us improve this page.

Prev
Serving on an External URL
Next
Overview
On this page
Prerequisites
How it works
Configuration
Validate
Disable impersonation mode
Troubleshooting
Login page still appears after enabling impersonation mode
`GET /api/v1/global/config` returns `enabled: false`
Next steps

Is this page helpful?

Your response helps us improve this page.

Docs
IntroductionContributingMigrate from DatadogSigNoz API
OpenTelemetry
What is OpenTelemetryOpenTelemetry Collector GuideOpenTelemetry Demo
Community
Support
Slack
X
Launch Week
Changelog
Dashboard Templates
DevOps Wordle
Newsletter
KubeCon, Atlanta 2025
More
SigNoz vs DatadogSigNoz vs New RelicSigNoz vs GrafanaSigNoz vs Dynatrace
Careers
AboutTermsPrivacySecurity & Compliance
SigNoz - Open Source Datadog Alternative
SigNoz
All systems operational
HIPAASOC-2