Service Accounts

A Service Account allows programmatic access to the platform without requiring user-specific invitations or UI interactions. This feature is designed to streamline access management and ensure continuity when personnel changes occur. Service Accounts are assigned specific roles, and the actions that can be performed programmatically are defined by the selected Role-Based Access Control (RBAC) permissions.

Key Features

• Programmatic Access: Allows scripts, applications, or automated processes to interact with the platform without manual login.

• RBAC Integration: Assign specific roles to Service Accounts to control the scope of actions the user can perform.

• Simplified Management: No need to manage individual user invitations or access rights for each team member.

Creating a Service Account

1. Navigate to the Service Accounts Section:

   • Go to the platform's access control dashboard.

   • Select "Service Accounts" from the menu.

2. Create New Service Account:

   • Click on "Create Service Account."

   • Fill in the required details, such as the name and description of the service account.

3. Assign Roles:

   • Select the appropriate role for the service account from the dropdown menu.

   • The assigned role will dictate the actions that can be performed programmatically using this service account.

4. Generate Keys:

   • After creating the service account, generate the Keys.

   • Download the Key file (typically in CSV format) and store it securely.

Using a Service Account

1. Integrate with Applications:

   • Use the Key file to authenticate API requests or integrate with third-party applications.

   • Ensure that your application securely loads and uses these credentials.

2. Programmatic Access:

   • The service account can perform actions as defined by the RBAC role.

   • Use the platform's API endpoints to perform allowed operations.

3. Managing Permissions:

   • If the service account needs to perform different actions, update the assigned role through the admin dashboard.

   • Changes to the RBAC role will take effect immediately for all API requests made with the service account.

Security Best Practices

• Secure Storage: Store the credentials file in a secure location and limit access to it.

• Least Privilege: Assign the minimum necessary permissions to the service account to reduce security risks.

• Rotate Credentials: Regularly rotate service account credentials to mitigate the risk of compromise.

• Monitor Activity: Regularly review the activity logs for actions performed by service accounts to detect any unauthorized or suspicious behaviour.

Handling Personnel Changes

• No User-Specific Changes: When a team member leaves or changes roles, there is no need to modify service account permissions.

• Centralized Management: Manage access centrally by updating the RBAC role associated with the service account, without inviting or removing individual users from the platform.