Service users
Service users enable you to grant permissions to your automation to access specific operations in Advanced Server Access, including:
- Enabling trusted services to be granted access to your infrastructure
- Integrating with the Advanced Server Access API to automatically add users to groups
- Retrieving audit events from the Advanced Server Access API to store in your ELK setup
- Building other custom integrations with the Advanced Server Access API
You can add service users to groups and grant them the same permissions as regular users. The main difference between a user and service user is how they authenticate.
While users are pushed from Okta, which handles their authentication, each service user is given a pair of credentials that are used to generate a short-lived authentication token to be used with the API.
Authentication
In order to authenticate as your service user to the Advanced Server Access API, you will need to create an API key. The API key is a pair of strings known as the ID and secret. You will need both to authenticate, which generates an authentication token that is sent with each request you make.
Create a service user and an API key
- From the Advanced Server Access dashboard, click Users.
- Select the Service Users tab.
- Click Create Service User. The Create Service User page appears.
- Enter a username for the service user. The system automatically creates corresponding Linux and Windows usernames. Click Create Service User to finish creating the service user.
- Click Create API Key. The API Key Secret Rotated page appears.
- Copy and store your API key ID and your API key secret from this page.
Note: You cannot retrieve this information after closing the window. If you lose this information, you must generate a new API ID & key.
Expire a service user API key
Immediately upon expiring an API key, any requests that use a token generated using the key are prevented from succeeding.
To expire the API key of a service user:
- From the Advanced Server Access dashboard, click Users.
- Select the Service Users tab.
- Click the name of the service user whose key you want to expire. The service users details page appears.
- Click the gear next to ID of the expiring key. Click Expire Now. The Expire API Key window appears.
- Click Expire to expire the API key ID, or click to cancel the operation.