Service users
Service users enable you to grant permissions to your automation to access specific operations in Okta Privileged Access, including:
- Integrating with the Okta Privileged Access API to automatically add users to groups
- Building other custom integrations with the Okta Privileged Access API
-
Use information from the Okta Privileged Access API Endpoint reports to support audit and compliance requirements.
You can add service users to groups and grant them the same permissions as regular users. The main difference between a user and a service user is how they authenticate.
While users are pushed from Okta, which handles their authentication, each service user is given a pair of credentials used to generate a short-lived authentication token for use with the API.
Authentication
To authenticate as your service user to the Okta Privileged Access API, create an API key. The API key is a pair of strings known as the ID and secret. You need both to authenticate, which generates an authentication token that's sent with each request you make.
Create a service user and an API key
- From the Okta Privileged Access dashboard, go to .
- Select the Service Users tab.
- Enter a username for the service user. The system automatically creates corresponding Linux and Windows usernames. Click Create Service User to finish.
- Click Create API Key. The API Key Secret Rotated page appears.
- Copy your API key ID and your API key secret and store them.
You can't retrieve this information after closing the window. If you lose this information, you must generate a new API ID and key.
Expire a service user API key
Immediately after an API key expires, any requests that use a token generated using the key are prevented from succeeding.
To expire the API key of a service user:
- From the Okta Privileged Access dashboard, go to .
- Select the Service Users tab.
- Click the name of the service user whose key you want to expire. The service users details page appears.
- Click the gear next to the ID of the expiring key. Click Expire Now. The Expire API Key window appears.
- Click Expire.
Rotate a service user API key
Rotates all API keys for a specified service user. This also sets an expiration date for the existing API keys.
- From the Okta Privileged Access dashboard, go to .
- Select the Service Users tab.
- Click the name of the service user whose key you want to rotate. The service users details page appears.
- Click Rotate API Key.
- Click Rotate API Key to confirm.