Service Accounts
Service accounts are a specialized type of user designed for programmatic access to Turbot Pipes.
The primary use case for service accounts is to enable automation and integration scenarios, where a non-human user needs to interact with the Pipes platform. Service accounts can be used in CI/CD pipelines, automated scripts, or other systems that require access to Pipes resources without human intervention.
Service accounts are managed within Turbot Pipes and, as such, do not require a provisioned user from your user directory (SAML, Google, GitHub, etc).
Limitations
Service accounts have the following limitations:
- Cannot log in via the Console (web interface).
- Cannot create/manage personal resources, i.e., workspaces.
- Cannot modify themselves or other service accounts.
- Can only be created and managed from either the organization or tenant level, depending on your plan.
- Team Plan: Service accounts can be created at the organization level.
- Enterprise Plan: Service accounts can be created at the tenant level.
Billing Considerations
From a billing standpoint, each service account is classified as a user in your Team or Enterprise plan.
Service accounts are billed like any other user. They will count against the included users in your plan and are billed at the same rate as individual users.
Creating Service Accounts
To create a service account, navigate to Members from the Tenant Settings section. Click the Add Member button and select Create Service Account from the dropdown options, enter a title and if desired, an optional description for the service account, and click Create.
The service account will be created with the Member role by default. You can change the role if desired via the Change Role action on the options menu button ('three dots' button).
You can then manage the service account via the cog. This will allow access to various settings, such as amending the title or managing the service account's access tokens.
Once you have created a service account in your tenant, you can grant it permissions from the Members page for the organizations and workspaces in the tenant.
Managing Service Accounts
Management of a service account is available to owners of the billing entity (organization or tenant) in which the service account was created.
To manage a service account, navigate to the Members tab of the organization or tenant in which the service account was created. Select the cog button to the right of the service account you wish to manage.
Tokens
The Tokens tab allows you to create and manage API tokens for your service account. API tokens are used for authenticating API requests made by the service account.
A service account can have a maximum of 2 API tokens.
Click New Token to create a new API token. You will be prompted to enter an optional Title and select an Expiration date for the token. The expiration can be set to a specific duration or to Never, which means the token will not expire.
NoteIf you're on an Enterprise Plan with a custom Tenant, the Maximum Token Expiration setting will apply to the token expiration.
The token will be masked, but you can reveal it by clicking the eye icon or hovering over it and clicking the clipboard icon to copy it. Make a secure note of the token, as you will not be able to retrieve it again.
You can deactivate or delete a token from the list by clicking the options menu button ('three dots' button) and selecting Deactivate or Delete from the menu.
Audit Log
The Audit Log tab provides a log of API activity associated with your service account, including who did what and when.
Settings
The Settings tab allows you to update or delete the service account.
You may update the Title or Description of the service account. Click Save to apply your changes.
You may delete the service account by clicking the Delete Service Account button. You will be prompted to confirm deletion; enter the service account identifier shown and click Delete.