Service account

In JAAS, a service account is a machine identity used for non-human interactions with a Juju controller.

A service account identifier will vary depending on the identity provider.

Service account tag

See first: Tag

A service account tag has the following format:

serviceaccount-<identifier>

where <identifier> is the name/id of the service account as provided by your IdP.

Tip

A serviceaccount-<identifier> type tag is only useful for providing permissions over administration of a service account.

In all other cases treat service accounts as users and use a user tag to grant them access to resources.

Service account relation

A service account relation is a relation that describes permissions on a service account.

List of service account relations

administrator

Abilities: Can do anything that it is possible to do at the level of a service account. Used to manage the credentials of a service account.