Support Access
Support Access allows Defakto staff to view your deployment telemetry in read-only mode via command line or web portal. This replaces cumbersome and less secure approaches like screen sharing and emailing screenshots while providing audit logs of all access.
Defakto can access: General settings, events, and telemetry sent to Defakto
Defakto cannot access: Your workloads, infrastructure, agents, or self-hosted trust domain servers
Enable Support Access​
Admin access required. Choose from two methods:
Command Line (spirlctl)​
Requires spirlctl version 0.26.0 or later.
# Enable indefinitely
spirlctl iam support-access enable always-on
# Enable with expiration
spirlctl iam support-access enable 2024-12-31T23:59:59Z
# Disable
spirlctl iam support-access disable
# Check status
spirlctl iam support-access status
Web Portal​
- Go to Settings → Account Settings
- Find Support Access section (disabled by default)
- Select expiration time or "always on"
- Click Enable
Expiration Options​
- Always on: Permanent access for ongoing support
- Timed: Auto-disable after troubleshooting
All access is logged regardless of access mode.
Audit Log​
All Defakto staff actions are recorded with timestamps and employee identity in your company's audit log.