Kyndryl Bridge

Experience Kyndryl Bridge

Service IDs management
Published On Jun 12, 2024 - 2:43 PM

Service IDs management

Service IDs enable access to system groups instead of individual access.
A Service ID identifies a non-human user such as a system service or subscription. Since the Service ID is not tied to a specific user, if a user is removed from the system, the rest of the team can continue using the subscription or service. As an example, Service IDs are very useful when a group of developers need to access a service that requires APIs. You could store a common credential and API keys that only have access to the services needed and not tied to any of the developers. To understand which roles and permissions are required, see Roles and permissions.
Some of the benefits of Service IDs include:
  • Avoid exposing personal credentials, as they are not linked to a specific user.
  • Grant access to the services needed only; instead of granting access to everything a personal user can access.
  • Distribute various API Keys and Service IDs among different subscriptions so they do not have an impact on each other.

Accessing the Service IDs page

To access the Service IDs page, follow these steps:
  1. Access the IAM page.
  2. Select Service IDs from the left navigation bar of the page. The Service IDs page opens.
  3. Once in the Service IDs page, you can perform a series of actions to personalize your Service IDs needs, including the following:
    1. Viewing a list of Service IDs
    2. Creating a new Service ID
    3. Adding Service IDs to an Access Group
    4. Adding API keys for a Service ID
    5. Deleting a Service ID
    6. Locking and unlocking Service IDs
    7. Adding Access Policies to a Service ID

Viewing a list of Service IDs

By accessing the Service IDs page, you are presented with the available Service IDs added to your account. You can use the filter and search capabilities to refine the results.

Creating a new Service ID

To create a new Service ID, follow these steps:
  1. Click
    Add New
    .
  2. Select
    Add Service ID
    . The Add Service ID page opens.
  3. Enter the name of the Service ID and an optional description.
  4. Click
    Add
    .
The new Service ID is created and displayed under the Service IDs page.

Adding Service IDs to an Access Group

To add a Service ID to an Access Group, refer to the Access Group page and follow the steps.

Adding API keys for a Service ID

To add API keys for a Service ID, follow these steps:
  1. Select the Service ID of your choice.
  2. Click
    Manage
    .
  3. Select
    Add API Key
    . The Add API Key page opens.
  4. Enter the name of the API key and an optional description.
  5. Click
    Add
    .
  6. Copy the API key by clicking the copy icon and close the message window.
The new API key is created and displayed under the API Keys tab for that specific Service ID. Similarly to the API Keys page, you can manage your API keys for a Service ID to regenerate the API key, edit, lock, unlock, or delete it. For more information, go to API Keys.

Deleting a Service ID

To delete one or more existing Service ID, follow these steps:
  1. Check the box(es) next to the Service ID(s) that you want to delete.
  2. Click
    Delete
    .
  3. Confirm the deletion.

Locking and Unlocking Service IDs

You can prevent a Service ID from being deleted or modified by locking it. A locked Service ID is represented by the locked icon. You can unlock a Service ID at any time to update or delete it from your account.
To lock or unlock a Service ID, follow these steps:
  1. Click the overflow menu next to the Service ID that you want to edit.
  2. Select
    Lock
    or
    Unlock
    depending on the Service ID status.
Locking the Service ID makes also blocks any associated Access Policy from usage or modification (add, delete, or edit). The only actions allowed are deletion or removal from an Access Group. Concurrently, API keys associated to a Service ID are also locked. Lastly, (un)lock Service ID overwrites API keys locking and unlocking options.

Adding Access Policies to a Service ID

To add Access Policies to a Service ID, follow these steps:
  1. Select the Service ID of your choice.
  2. Click
    Manage
    .
  3. Select
    Assign Access
    . The Assign Access to Service ID page opens.
  4. Select the Access Groups that you want to grant access to.
  5. Click
    Continue
    .
  6. Select the service from the dropdown menu.
  7. Based on the service that you selected, click the radio button to select your preferred scope:
    1. If you select
      All resources
      , the Access Policy is assigned to all resources for that user.
    2. If you select resources based on selected attributes, you can create and add
      Access Tags
      and
      Attributes
      , for a more precise access.
    The tag number advise the number of permissions associated to that specific role. To learn about the permissions' descriptions, click the correspondent tag number.
  8. Select the platform role or roles that you want to assign to this Access Policy. You may also select one of the custom roles that you have created.
  9. Click
    Assign
    at the bottom of the summary pane to finish.
The Access Groups page for that specific Service ID is automatically updated and the new Access Policy is displayed.
Do you have two minutes for a quick survey?
Take Survey