Service accounts
Service accounts can be used for services and automations, such as CI/CD or automation scenarios with Lenses CLI
Introduction
Service accounts require an authentication token in order to be authenticated and they need to belong to at least one group for authorization. Service accounts are commonly used for automations ie. when using Lenses CLI or API, or any other application or service to interact with Lenses.
Required permission
| Permission | Type | Description |
|---|---|---|
| User Management / View | Admin | Enables user management view for Groups, Users & Service Accounts |
| User Management / Manage | Admin | Enables to manage Groups, Users & Service Accounts such as to create, edit, delete, change passwords |
To be able to view, create or modify Service Accounts you need to be authorized with the User Management permission.
Access Management & permissions
Create service accounts
To create a new Service Account, navigate to the Admin and select Users and New Service Account.
Authentication token
You can manually enter the authentication token or autogenerate one. If you select to auto-generate tokens, then you will receive a one time token for this service account. Follow the instructions and copy and store this token. You can now use this token to authenticate via API and CLI.
The tokens are not recoverable. You can edit, revoke or delete a Service Account, but you can never retrieve the original token.
To change the token, go to the service account and select Revoke Token
Use Service Accounts
To use the service account you need to prefix the token with its name separated by a colon. You then include that to the corresponding header.
Example
For a service account named myservice and a token da6bad50-55c8-4ed4-8cad-5ebd54a18e26 then the combination
looks like this:
myservice:28ab4195-18cf-426a-abda-c41a451e001a
Here is how it looks in postman using the example above:
