Service users

Service users enable you to grant permissions to your automation to access specific operations in Advanced Server Access, including:

  • Enabling trusted services to be granted access to your infrastructure
  • Integrating with the Advanced Server Access API to automatically add users to groups
  • Retrieving audit events from the Advanced Server Access API to store in your ELK setup
  • Building other custom integrations with the Advanced Server Access API

You can add service users to groups and grant them the same permissions as regular users. The main difference between a user and service user is how they authenticate.

While users are pushed from Okta, which handles their authentication, each service user is given a pair of credentials that are used to generate a short-lived authentication token to be used with the API.

Authentication

In order to authenticate as your service user to the Advanced Server Access API, you will need to create an API key. The API key is a pair of strings known as the ID and secret. You will need both to authenticate, which generates an authentication token that is sent with each request you make.

Create a service user and an API key

  1. Navigate to the Users page for your team.

  2. Select the Service Users tab.

  3. Click Create Service User. The Create Service User page appears.

  4. Enter a username for the service user. The system automatically creates corresponding Linux and Windows usernames. Click Create Service User to finish creating the service user.

  5. Click Create API Key. The API Key Secret Rotated screen appears.

  6. Copy and store your API key ID and your API key secret from this screen.

    Caution: These values only appear on this screen. You can't recover your API key secret, so copy and store it safely.

Expire a service user API key

Immediately upon expiring an API key, any requests that use a token generated using the key are prevented from succeeding.

To expire the API key of a service user:

  1. Navigate to the Users page for your team.

  2. Select the Service Users tab.

  3. Click the name of the service user whose key you want to expire. The service users details page appears.
  4. Click the gear gear icon beside the ID of the key to expire. Click Expire Now. The Expire API Key window appears.
  5. Click Expire to expire the API key ID, or click x button to cancel the operation.

Related topics

Services

Introduction to the Advanced Server Access API