Skip to main content

Manage service accounts

Contributors netapp-rlithman
PDFs

Create service accounts to act as machine users that automate infrastructure operations. You can revoke or change access to service accounts at any time.

About this task

Service accounts are a multi-tenancy functionality provided by BlueXP. Account admins create service accounts, control access, and delete service accounts. You can manage service accounts in the BlueXP console or in the BlueXP workload factory console.

Unlike managing service accounts in BlueXP where you can recreate a client secret, workload factory supports only creation and deletion of service accounts. If you want to recreate a client secret for a specific service account in the BlueXP workload factory console, you'll need to delete the service account, and then create a new one.

Service accounts use a client ID and a secret for authentication rather than a password. Client IDs and secrets are fixed until the account admin decides to change them. To use a service account, you'll need the client ID and secret to generate the access token or you won't gain access. Keep in mind that access tokens are short-lived and can only be used for several hours.

Before you begin

Decide if you want to create a service account in the BlueXP console or in the BlueXP workload factory console. There are slight differences. The following instructions describe how to manage service accounts in the BlueXP workload factory console.

To manage service accounts in BlueXP, learn about BlueXP identity and access management and learn how to add BlueXP IAM members and manage their permissions.

Create a service account

When you create a service account, BlueXP workload factory enables you to copy or download a client ID and client secret for the service account. This key pair is used for authentication with BlueXP workload factory.

Steps

  1. In the workload factory console, select the Account icon, and select Service accounts.

    Screenshot that shows the BlueXP workload factory user interface account menu options. One of the options is service accounts.

  2. On the Service accounts page, select Create service account.

  3. In the Create service account dialog, enter a name for the service account in the Service account name field.

    The role is preselected as account admin.

  4. Select Continue.

  5. Copy or download the client ID and client secret.

    The client secret is visible only once and is not stored anywhere by workload factory. Copy or download the secret and store it safely.

  6. Optionally, you can get an access token for Auth0 management API by executing a client credentials exchange. The curl example shows how can you take the client ID and secret and use an API to generate the access token which are time-limited. The token provides several hours of access to the BlueXP workload factory APIs.

  7. Select Close.

The new service account is created and listed on the Service accounts page.

Delete a service account

Delete a service account if you no longer need to use it.

Steps

  1. In the Workload Factory console, select the Account icon, and select Service accounts.

  2. On the Service accounts page, select the three-dot menu and then select Delete.

  3. In the Delete service account dialog, enter delete in the text box.

  4. Select Delete to confirm deletion.

The service account is deleted.