Service usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. enable you to grant permissions to your automation to access specific operations in the Advanced Server Access Platform, such as:
- Enabling trusted services to be granted access to your infrastructure
- Integrating with the Advanced Server Access API to automatically add users to groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups.
- Retrieving audit events from the Advanced Server Access API to store in your ELK setup
- Building other custom integrations with the Advanced Server Access API
Service users can be added to a group just like a normal user, and they will be granted permissions the same way. Currently the main difference between a user and service user is how each type of user authenticates.
While users are backed by an Identity Provider(IdPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta.), a service user is given a pair of credentials that are used to generate a short-lived authentication token to be used with the API.
In order to authenticate as your service user to the Advanced Server Access API, you will need to create an API key. The API key is a pair of strings known as the id and secret. You will need both to authenticate, which generates an authentication token that is sent with each request you make.
Creating an API Key
1. Navigate to the details for your service user
2. Confirm the creation of your API key
3. You will be presented with your API key secret. Copy it down to a safe place.
Expiring API Keys
Whenever a new API key is created, any existing API keys will be automatically expired in 2 days. You can also immediately expire an API key so it can't be used anymore.