Manage Service IDs to provide secure, non-personalized access to services and APIs, avoiding the need for individual credentials.
A Service ID identifies a non-human user such as a system service or subscription. Since the Service ID is not tied to a specific user, if a user is removed from the system, the rest of the team can continue using the subscription or service. As an example, Service IDs are very useful when a group of developers need to access a service that requires APIs. You could store a common credential and API keys that only have access to the services needed and not tied to any of the developers. To understand which roles and permissions are required, see Roles and permissions.
Some of the benefits of Service IDs include:
Avoid exposing personal credentials, as they are not linked to a specific user.
Grant access to the services needed only; instead of granting access to everything a personal user can access.
Distribute various API Keys and Service IDs among different subscriptions so they do not have an impact on each other.
Accessing the Service IDs page
To access the Service IDs page, follow these steps:
Click the Global menu icon.
Click
Settings
and select
Service IAM
. The IAM page opens.
Select
Service IDs
from the left navigation bar of the page. The Service IDs page opens.
Once in the Service IDs page, you can perform a series of actions to personalize your Service IDs needs, including the following:
Viewing a list of Service IDs
Creating a new Service ID
Adding Service IDs to an Access Group
Adding API keys for a Service ID
Deleting a Service ID
Locking and unlocking Service IDs
Adding Access Policies to a Service ID
Viewing a list of Service IDs
By accessing the Service IDs page, you are presented with the available Service IDs added to your account. You can use the filter and search capabilities to refine the results.
Creating a new Service ID
To create a new Service ID, follow these steps:
Click
Add New
.
Select
Add Service ID
. The Add Service ID page opens.
Enter the name of the Service ID and an optional description.
Click
Add
.
The new Service ID is created and displayed under the Service IDs page.
Adding Service IDs to an Access Group
To add a Service ID to an Access Group, refer to the Access Group page and follow the steps.
Adding API keys for a Service ID
To add API keys for a Service ID, follow these steps:
Select the Service ID of your choice.
Click
Manage
.
Select
Add API Key
. The Add API Key page opens.
Enter the name of the API key and an optional description.
Click
Add
.
Copy the API key by clicking the copy icon and close the message window.
The new API key is created and displayed under the API Keys tab for that specific Service ID. Similarly to the API Keys page, you can manage your API keys for a Service ID to regenerate the API key, edit, lock, unlock, or delete it. For more information, go to API Keys.
Deleting a Service ID
To delete one or more existing Service ID, follow these steps:
Check the box(es) next to the Service ID(s) that you want to delete.
Click
Delete
.
Confirm the deletion.
Locking and Unlocking Service IDs
You can prevent a Service ID from being deleted or modified by locking it. A locked Service ID is represented by the locked icon. You can unlock a Service ID at any time to update or delete it from your account.
To lock or unlock a Service ID, follow these steps:
Click the overflow menu next to the Service ID that you want to edit.
Select
Lock
or
Unlock
depending on the Service ID status.
Locking the Service ID makes also blocks any associated Access Policy from usage or modification (add, delete, or edit). The only actions allowed are deletion or removal from an Access Group. Concurrently, API keys associated to a Service ID are also locked. Lastly, (un)lock Service ID overwrites API keys locking and unlocking options.
Adding Access Policies to a Service ID
To add Access Policies to a Service ID, follow these steps:
Select the Service ID of your choice.
Click
Manage
.
Select
Assign Access
. The Assign Access to Service ID page opens.
Select the Access Groups that you want to grant access to.
Click
Continue
.
Select the service from the dropdown menu.
Based on the service that you selected, click the radio button to select your preferred scope:
If you select
All resources
, the Access Policy is assigned to all resources for that user.
If you select resources based on selected attributes, you can create and add
Access Tags
and
Attributes
, for a more precise access.
The tag number advise the number of permissions associated to that specific role. To learn about the permissions' descriptions, click the correspondent tag number.
Select the platform role or roles that you want to assign to this Access Policy. You may also select one of the custom roles that you have created.
Click
Assign
at the bottom of the summary pane to finish.
The Access Groups page for that specific Service ID is automatically updated and the new Access Policy is displayed.