diff --git a/cmd/cloudflared/access/carrier.go b/cmd/cloudflared/access/carrier.go
index 3ab88bc9..4061f336 100644
--- a/cmd/cloudflared/access/carrier.go
+++ b/cmd/cloudflared/access/carrier.go
@@ -22,6 +22,12 @@ func ssh(c *cli.Context) error {
 		return cli.ShowCommandHelp(c, "ssh")
 	}
 	headers := buildRequestHeaders(c.StringSlice("header"))
+	if c.IsSet("service-token-id") {
+		headers.Add("CF-Access-Client-Id", c.String("service-token-id"))
+	}
+	if c.IsSet("service-token-secret") {
+		headers.Add("CF-Access-Client-Secret", c.String("service-token-secret"))
+	}
 
 	if c.NArg() > 0 || c.IsSet("url") {
 		localForwarder, err := config.ValidateUrl(c)
diff --git a/cmd/cloudflared/access/cmd.go b/cmd/cloudflared/access/cmd.go
index 7ca30a6b..9753c719 100644
--- a/cmd/cloudflared/access/cmd.go
+++ b/cmd/cloudflared/access/cmd.go
@@ -93,14 +93,27 @@ func Commands() []*cli.Command {
 					Description: `The ssh subcommand sends data over a proxy to the Cloudflare edge.`,
 					Flags: []cli.Flag{
 						&cli.StringFlag{
-							Name: "hostname",
+							Name:  "hostname",
+							Usage: "specifics the hostname of your application.",
 						},
 						&cli.StringFlag{
-							Name: "url",
+							Name:  "url",
+							Usage: "specifics the host:port to forward data to Cloudflare edge.",
 						},
 						&cli.StringSliceFlag{
 							Name:    "header",
 							Aliases: []string{"H"},
+							Usage:   "specific additional headers you wish to send.",
+						},
+						&cli.StringSliceFlag{
+							Name:    "service-token-id",
+							Aliases: []string{"id"},
+							Usage:   "specific an Access service token ID you wish to use.",
+						},
+						&cli.StringSliceFlag{
+							Name:    "service-token-secret",
+							Aliases: []string{"secret"},
+							Usage:   "specific an Access service token secret you wish to use.",
 						},
 					},
 				},