Manage service accounts

Early Access release. To enable it, contact Okta Support.

Service accounts are typically non-human user accounts created to perform actions, access data, or run processes on behalf of the app. There are two types of service accounts that you can set up for your Okta org:

• SaaS app service accounts: a shared account that exists on a third-party SaaS app supported by Okta

• Okta service account: an Okta user account that you can manage as a service account

For Okta service accounts, Okta doesn't recommend creating new service accounts and suggests exploring alternatives to replace any existing service accounts.

If you temporarily need to keep your existing Okta service accounts, you can designate an Okta user account as a service account. An Okta super admin can select the user and choose the option to Manage with Privileged Access.The Okta user account is then treated as a service account and appears in the Service Accounts list in the Okta Admin Console. You can then use Okta Privileged Access to implement other security measures for the user account that's designated as a service account.

How service accounts work

Use the Admin Console and the Okta Privileged Access dashboard to configure and oversee your service accounts. Certain procedures are performed in the Admin Console, while the rest is handled within the Okta Privileged Access app.

1. Ensure that Okta Privileged Access is enabled for your org.

2. In the Admin Console, complete the following steps (you need super admin privileges):

   1. Add the Okta Privileged Access app to your org.

   2. Assign the Okta Privileged Access app to yourself or to another super admin to create and manage service accounts.

3. You or another super admin can then create a service account in the Admin Console.

4. The service accounts that you create using the Admin Console are visible to resource admins in the Okta Privileged Access dashboard. See the Okta Privileged Access documentation.

Requirements

Review the following before using privileged accounts:

• You have access to Okta Privileged Access

• You've reviewed Alternative options to service accounts.

• You've Set up the Okta Privileged Access app for your org.

• You've reviewed and completed the following tasks:

  • Add the Okta Privileged Access app to your org to make it available for configuration and user assignment. See Add existing app integrations.

  • Assign the Okta Privileged Access app integration to a group or a user that's part of the service account.

    • Assign an app integration to a group

    • Assign an app integration to a user

• You have Okta super admin privileges and are assigned to the Okta Privileged Access app.

• The Okta super admin also has PAM administrator privileges in Okta Privileged Access.

Related topic

Set up the Okta Privileged Access app

Manage a SaaS app service account

Manage an Okta user account as a service account

Manage service accounts in Okta Privileged Access