Cloud Services

ModernOps

Service IDs
Published On May 16, 2024 - 2:08 PM

Service IDs

Understand the Service IDs, which identify a non-human user such as a system service or subscription.
Since the Service ID is not tied to a specific user, in the event that a user is removed from the system, the rest of the team can continue using the subscription or service.
As an example, Service IDs are very useful when a group of developers need to access a service that requires to call APIs. You could store a common credential and API keys that only have access to the services needed and not tied to any of the developers.

What is the benefit of Service IDs?

  • Avoid exposing personal credentials, as they are not linked to a specific user.
  • Grant access to the needed services only; instead of granting access to everything a personal user can access.
  • Distribute various API Keys and Service IDs among different subscriptions so they do not have an impact on each other.

What permissions do I need to manage Service IDs?

The following permissions are needed to be able to manage Service IDs. The
Platform Administrator
role, which is the out-of-the-box role granted to you when the account is first created, is the only role that includes all these permissions. Alternatively, as a
Platform Administrator
, you can create Custom Roles and assign them the Service IDs permissions.
Permission
Description
iam.serviceids.view
Allow to view Service IDs
iam.serviceids.create
Allow to create Service IDs
iam.serviceids.update
Allow to update Service IDs
iam.serviceids.delete
Allow to delete Service IDs

Accessing the Service IDs page

To navigate into the Service IDs page, follow these steps:
  1. Access the IAM page.
  2. Select
    Service IDs
    from the left navigation bar of the page. The Service IDs page opens.
In the Service IDs page, you can perform a series of actions to personalize your Service IDs needs, including the following:
  • Viewing a list of Service IDs
  • Creating a new Service ID
  • Adding Service IDs to an Access Group
  • Adding API keys for a Service ID
  • Deleting a Service ID
  • Locking and unlocking Service IDs
  • Adding Access Policies to a Service ID

Viewing a list of Service IDs

By accessing the Service IDs page, you are presented with the available Service IDs that you have added to your tenant. You can use the filter and search capabilities to do more specific searches.

Creating a new Service ID

To create a new Service ID, follow these steps:
  1. Access the IAM page.
  2. Select
    Service IDs
    from the left navigation bar of the page. The
    Service IDs
    page opens.
  3. Click
    Add New
    .
  4. Select
    Add Service ID
    . The
    Add Service ID
    page opens.
  5. Enter the name of the Service ID and an optional description.
  6. Click
    Add
    .
The new
Service ID
is created and displayed under the Service IDs page.

Adding Service IDs to an Access Group

To add a Service ID to an Access Group, go to the Access Group page and follow the steps.

Adding API keys for a Service ID

To add API keys for a Service ID, follow these steps:
  1. Navigate to the Service ID of your choice.
  2. Click
    Manage
    .
  3. Select
    Add API Key
    . The Add API Key page opens.
  4. Enter the name of the API key and an optional description.
  5. Click
    Add
    .
  6. Copy the API key by clicking the
    Copy icon
    and close the message window.
The new API key is created and displayed under the API Keys tab for that specific Service ID.
Similarly to the API Keys page, you can manage your API keys for a Service ID to regenerate the API key, edit, lock, unlock, or delete it. For more information, go to API Keys.

Deleting a Service ID

To delete an existing Service ID, follow these steps:
  1. In the Service IDs page, select the checkbox next to the Service ID that you want to delete.
  2. Click
    Delete
    .
  3. Confirm the deletion.
You can delete several Service IDs in bulk. To do so, select the checkbox next to each of the Service Ids that you want to delete and click
Delete

Locking and Unlocking Service IDs

You can prevent a Service ID from being deleted or modified by locking it. A locked Service ID is represented by the
Locked icon
. You can unlock a Service ID at any time to update or delete it from your platform.
To lock or unlock a Service ID, follow these steps:
  1. Navigate to the
    Service IDs
    tab. A list of all available Service IDs is displayed.
  2. Click the
    overflow menu
    next to the Service ID that you want to edit.
  3. Select
    Lock
    or
    Unlock
    whether the Service ID has been locked before.
Locking the Service ID makes that none of the associated Access Policies can be used by the Service ID, nor modified (added, deleted, edited). The only actions allowed are deletion or removal from an Access Group.
If a Service ID is locked, all API keys that belong to that Service ID are also locked. In that approach, Service ID overwrites API keys locking and unlocking options.

Adding Access Policies to a Service ID

To add Access Policies to a Service ID, follow these steps:
  1. Navigate to the Service ID of your choice.
  2. Click
    Manage
    .
  3. Select
    Assign Access
    . The Assign Access to Service ID page opens.
  4. Select the Access Groups that you want to grant access the Access Policy to.
  5. Click
    Continue
    .
  6. Select the service from the dropdown menu.
  7. Based on the service that you selected, click the radio button to select your preferred scope:
    • If you select
      All resources
      , the Access Policy is assigned to all resources for that user.
    • If you select
      Resources based on selected attributes
      , you can create and add Access Tags and Attributes, for a more specific access selection.
  8. Select the Platform role or roles that you want to assign to this Access Policy. You may also select one of the Custom Roles that you have created. For more information, see Administration Platform roles.
    A tag number lets you know how many permissions are associated to that specific role. Click said tag number to learn about the permissions' descriptions.
  9. Click
    Assign
    at the bottom of the Summary pane to finish.
The
Access Groups
page for that specific
Service ID
is automatically updated and the new Access Policy is displayed.
To learn more about navigating to the different services from each tenant, refer to Kyndryl ModernOps landing page or Kyndryl Bridge landing page.

Recommended next steps

Refer to the following topics:
Do you have two minutes for a quick survey?
Take Survey