Impersonation Mode

Impersonation mode lets you run SigNoz without user accounts or login. Every request is automatically treated as admin - there is no login screen, no sign-up, and no session to manage.

Common use cases include:

• Single-developer setups
• Small teams operating entirely behind a VPN or firewall
• Air-gapped environments
• CI/automation pipelines where managing user accounts adds unnecessary friction

Prerequisites

• SigNoz v0.126.0 or later.
• A root user configured for your deployment. Impersonation mode treats all requests as this user. See Root User Configuration.

How it works

When impersonation mode is enabled, SigNoz treats every incoming request as the root admin user - no credentials, tokens, or API keys are checked. There are no individual user identities, no sessions, and no login flow.

Your network perimeter becomes the sole access control layer. If a request reaches SigNoz, it has full admin access.

Configuration

Configure impersonation mode via environment variables:

Example:

SIGNOZ_IDENTN_IMPERSONATION_ENABLED=true
SIGNOZ_IDENTN_TOKENIZER_ENABLED=false
SIGNOZ_IDENTN_APIKEY_ENABLED=false

Validate

After restarting SigNoz with the updated configuration, confirm impersonation mode is active by calling the global config endpoint:

curl http://<your-signoz-host>/api/v1/global/config

The response should show enabled: true under identN.impersonation:

{
  "data": {
    "identN": {
      "impersonation": {
        "enabled": true
      }
    }
  }
}

Disable impersonation mode

To re-enable authentication, remove or set SIGNOZ_IDENTN_IMPERSONATION_ENABLED to false. For SIGNOZ_IDENTN_TOKENIZER_ENABLED and SIGNOZ_IDENTN_APIKEY_ENABLED, set them according to your authentication requirements.

Next steps

• Authentication and User Management
• JWT Secret Configuration