Chapter 2. Creating and managing a service account
Use service accounts to securely and automatically connect and authenticate services or applications without requiring an end user’s credentials or direct interaction.
When you create a Red Hat service account, you generate a client ID and a secret. The service account uses the ID and secret to access services on the Red Hat Hybrid Cloud Console.
- Client ID The client ID identifies the service account to the resource, much like a username identifies a user.
- Secret The secret provides a similar function as does a password. The secret appears once when you create the service account. Copy and save the secret and protect it as you would any password.
After you create a service account, you add it to the applicable User Access group. (User Access is the Red Hat implementation of role-based access control.) The roles assigned to a User Access group determine the level of access the service account has to applications and services on the Red Hat Hybrid Cloud Console.
The following tasks show you how to create service accounts and add them to a User Access group:
You can perform the following tasks after you generate a client ID and a secret for a service account:
You must be the owner of a service account if you want to reset it or delete it. The Organization Administrator can reset or delete any service account.
Additional resources
2.1. Creating a service account
You can create a service account and generate the client ID and secret to use with that account.
Prerequisites
- You are logged in to the Red Hat Hybrid Cloud Console.
Procedure
- From the Red Hat Hybrid Cloud Console, Click the settings icon (⚙) and click Service Accounts.
- Click Create service account to set up the account.
- Enter a Service account name and a Short description and click Create.
Copy the generated Client ID and Client secret values to a secure location. You’ll specify these credentials when configuring a connection to a service.
ImportantThe Client secret is displayed only once, so ensure that you’ve successfully and securely saved the copied credentials before closing the credentials window.
- After you save the Client ID and secret to a secure location, select the confirmation check box in the credentials window and close the window.
- The service account and its Client ID appear on the Service Accounts page.
2.2. Adding service accounts to a User Access group
The Organization Administrator adds a service account to a User Access group that has the permissions that allow a service account to access services and applications on the Red Hat Hybrid Cloud Console. Any user can create a service account but only the Organization Administrator or a User Access administrator can add service accounts to groups.
Prerequisites
- You are logged in to the Red Hat Hybrid Cloud Console as the Organization Administrator or as a user with User Access administrator permissions.
- One or more service accounts are associated with your Red Hat organization account. Section 2.1, “Creating a service account”
Procedure
- From the Red Hat Hybrid Cloud Console, click the settings icon (⚙) and click User Access.
- To add the service account to a preexisting group, click the Groups tab and click the name of the group that you want to add the service account to.
- When the group name window appears, click the Service accounts tab.
- Click Add service account. A list appears of all service accounts associated with your Red Hat organization account.
- Click the service accounts you want to add to the User Access group and click Add to group.
- The service accounts appear on the Service accounts tab.
2.3. Deleting service accounts from a User Access group
The Organization Administrator can delete a service account from a User Access group on the Red Hat Hybrid Cloud Console. Any user can create a service account but only the Organization Administrator or a User Access administrator can delete service accounts from groups.
Prerequisites
- You are logged in to the Red Hat Hybrid Cloud Console as the Organization Administrator or as a user with User Access administrator permissions.
- One or more service accounts are associated with your Red Hat organization account. Section 2.1, “Creating a service account”
Procedure
- From the Red Hat Hybrid Cloud Console, click the settings icon (⚙) and click User Access.
- To delete the service account from a group, click the Groups tab and click the name of the group that includes the service account.
- When the group name window appears, click the Service accounts tab. All service accounts in that group appear.
Remove a single service account.
- Click the options icon (⋮) in the Name row and click Remove.
- Acknowledge the Remove service account? message and click Remove service account.
Remove multiple service accounts.
- Click the check box next to each account to remove.
- Click the options icon (⋮) in any Name row of the selected service accounts and click Remove.
- Acknowledge the Remove service account? message and click Remove service account.
- Verify that the selected service account does not appear on the Service accounts tab.
Additional resources
2.4. Resetting a service account secret
You can reset the secret for a service account. When you do so, the client ID does not change. You must be the owner of a service account if you want to reset it or delete it. The Organization Administrator user can reset or delete any service account.
Prerequisites
- You are logged in to the Red Hat Hybrid Cloud Console.
Procedure
- From the Red Hat Hybrid Cloud Console, Click the settings icon (⚙) and click Service Accounts.
- On the list of existing service accounts, select the service account you want to reset and click the options icon (⋮).
- Verify that you want to reset this account and click Reset credentials.
Copy the updated Client secret values to a secure location. You’ll specify these credentials when configuring a connection to a service.
ImportantThe generated credentials are displayed only once, so ensure that you’ve successfully and securely saved the copied credentials before closing the credentials window.
- After you save the generated credentials to a secure location, select the confirmation check box in the credentials window and close the window.
2.5. Deleting a service account
You can delete a service account. You must be the owner of a service account if you want to reset it or delete it. The Organization Administrator user can reset or delete any service account.
Prerequisites
- You are logged in to the Red Hat Hybrid Cloud Console.
Procedure
- From the Red Hat Hybrid Cloud Console, Click the settings icon (⚙) and click Service Accounts.
- Identify the service account you want to delete and click the options icon (⋮).
- Verify that you want to delete this account and click Delete service account.