# Principals A principal at StrongDM refers to an entity that has the ability to log in to your StrongDM organization using some method (the desktop app, the CLI, Admin UI, SDKs, etc). There are several types of users: ### Users [Users](https://docs.strongdm.com/admin/principals/users) are managed by either StrongDM or via an SSO provider or through user provisioning. All users are displayed with their name and email address. Users can authenticate in a variety of ways, including via SSO or by email and password directly, and with or without MFA challenges via integrations with MFA providers or StrongDM's TOTP service. Users can be granted access to resources through StrongDM via assigned [roles](https://docs.strongdm.com/admin/access/roles), or through Just-in-Time access using [access workflows](https://docs.strongdm.com/admin/access/access-workflows). * SSO * Provisioning * Authentication * MFA ### Service Accounts A [service account](https://docs.strongdm.com/admin/principals/service-accounts) is a slightly different type of entity that allows for programmatic access to StrongDM resources. Unlike a user account, a service account requires only a display name (not a full name and email address) because service accounts are for machines, programs, and applications—not people. Instead of username and password, service accounts authenticate to StrongDM with access tokens in order to perform any automated function that needs resource access. Service accounts can be given access to resources in the same ways that users can, through roles or temporary access. ### Admin Tokens [Admin tokens](https://docs.strongdm.com/admin/principals/admin-tokens) can be utilized for automated actions that require time-bound access to specific administrative functions in an organization, such as creating, updating, or destroying resources. They can similarly manage nodes, users, secrets, and other elements of your StrongDM organization as desired. Each token is able to be scoped to the desired areas of access. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/admin/principals.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.