Is it possible to manually expire user?

I am testing out this amazing software and I am trying to see what happens when a user goes to expired status but currently the lowest time to re-authenticate is an hour which is less than ideal for testing.


Expiring the user is the same as disabling their VPN connection. You should be able to disable the user at the bottom of the page when viewing that user.

This is not really true, disabling the user VPN connection sets the status to disabled. Which does not allow the user to reauthenticate to get the status back to enabled. I guess a better way to word this question would be “Is there a way to force a user to re-authenticate?”

Ah, apologies for misunderstanding. Not currently with local authentication, but if you’re using OIDC or SAML you should be able to expire the session via your provider.

Keycloak is a self-hosted OIDC provider we use for developing Firezone (see docker-compose.yml); that may be a better choice than local auth for things like this.