Service IDs
Service IDs
Understand the Service IDs, which identify a non-human user such as a system service or subscription.
Since the Service ID is not tied to a specific user, in the event that a user is removed from the system, the rest of the team can continue using the subscription or service.
As an example, Service IDs are very useful when a group of developers need to access a service that requires to call APIs. You could store a common credential and API keys that only have access to the services needed and not tied to any of the developers.
What is the benefit of Service IDs?
- Avoid exposing personal credentials, as they are not linked to a specific user.
- Grant access to the needed services only; instead of granting access to everything a personal user can access.
- Distribute various API Keys and Service IDs among different subscriptions so they do not have an impact on each other.
What permissions do I need to manage Service IDs?
The following permissions are needed to be able to manage Service IDs. The
Platform Administrator
role, which is the out-of-the-box role granted to you when the account is first created, is the only role that includes all these permissions. Alternatively, as a Platform Administrator
, you can create Custom Roles and assign them the Service IDs permissions.Permission | Description |
|---|---|
iam.serviceids.view | Allow to view Service IDs |
iam.serviceids.create | Allow to create Service IDs |
iam.serviceids.update | Allow to update Service IDs |
iam.serviceids.delete | Allow to delete Service IDs |
Accessing the Service IDs page
To navigate into the Service IDs page, follow these steps:
- Access the IAM page.
- SelectService IDsfrom the left navigation bar of the page. The Service IDs page opens.
In the Service IDs page, you can perform a series of actions to personalize your Service IDs needs, including the following:
- Viewing a list of Service IDs
- Creating a new Service ID
- Adding Service IDs to an Access Group
- Adding API keys for a Service ID
- Deleting a Service ID
- Locking and unlocking Service IDs
- Adding Access Policies to a Service ID
Viewing a list of Service IDs
By accessing the Service IDs page, you are presented with the available Service IDs that you have added to your tenant. You can use the filter and search capabilities to do more specific searches.
Creating a new Service ID
To create a new Service ID, follow these steps:
- Access the IAM page.
- SelectService IDsfrom the left navigation bar of the page. TheService IDspage opens.
- ClickAdd New.
- SelectAdd Service ID. TheAdd Service IDpage opens.
- Enter the name of the Service ID and an optional description.
- ClickAdd.
The new
Service ID
is created and displayed under the Service IDs page.Adding Service IDs to an Access Group
To add a Service ID to an Access Group, go to the Access Group page and follow the steps.
Adding API keys for a Service ID
To add API keys for a Service ID, follow these steps:
- Navigate to the Service ID of your choice.
- ClickManage.
- SelectAdd API Key. The Add API Key page opens.
- Enter the name of the API key and an optional description.
- ClickAdd.
- Copy the API key by clicking theCopy iconand close the message window.
The new API key is created and displayed under the API Keys tab for that specific Service ID.
Similarly to the API Keys page, you can manage your API keys for a Service ID to regenerate the API key, edit, lock, unlock, or delete it. For more information, go to API Keys.
Deleting a Service ID
To delete an existing Service ID, follow these steps:
- In the Service IDs page, select the checkbox next to the Service ID that you want to delete.
- ClickDelete.
- Confirm the deletion.
You can delete several Service IDs in bulk. To do so, select the checkbox next to each of the Service Ids that you want to delete and click
Delete
Locking and Unlocking Service IDs
You can prevent a Service ID from being deleted or modified by locking it. A locked Service ID is represented by the
Locked icon
. You can unlock a Service ID at any time to update or delete it from your platform.To lock or unlock a Service ID, follow these steps:
- Navigate to theService IDstab. A list of all available Service IDs is displayed.
- Click theoverflow menunext to the Service ID that you want to edit.
- SelectLockorUnlockwhether the Service ID has been locked before.
Locking the Service ID makes that none of the associated Access Policies can be used by the Service ID, nor modified (added, deleted, edited). The only actions allowed are deletion or removal from an Access Group.
If a Service ID is locked, all API keys that belong to that Service ID are also locked. In that approach, Service ID overwrites API keys locking and unlocking options.
Adding Access Policies to a Service ID
To add Access Policies to a Service ID, follow these steps:
- Navigate to the Service ID of your choice.
- ClickManage.
- SelectAssign Access. The Assign Access to Service ID page opens.
- Select the Access Groups that you want to grant access the Access Policy to.
- ClickContinue.
- Select the service from the dropdown menu.
- Based on the service that you selected, click the radio button to select your preferred scope:
- If you selectAll resources, the Access Policy is assigned to all resources for that user.
- If you selectResources based on selected attributes, you can create and add Access Tags and Attributes, for a more specific access selection.
- Select the Platform role or roles that you want to assign to this Access Policy. You may also select one of the Custom Roles that you have created. For more information, see Administration Platform roles.A tag number lets you know how many permissions are associated to that specific role. Click said tag number to learn about the permissions' descriptions.
- ClickAssignat the bottom of the Summary pane to finish.
The
Access Groups
page for that specific Service ID
is automatically updated and the new Access Policy is displayed.To learn more about navigating to the different services from each tenant, refer to Kyndryl ModernOps landing page or Kyndryl Bridge landing page.
Do you have two minutes for a quick survey?
Take Survey
