Service account¶

See also: Manage service accounts

In JAAS, a service account is a machine identity used for non-human interactions with a Juju controller.

A service account identifier will vary depending on the identity provider.

Service account tag¶

A service account tag has the following format:

serviceaccount-<identifier>

where <identifier> is the name/id of the service account as provided by your IdP.

Tip

A serviceaccount-<identifier> type tag is only useful for providing permissions over administration of a service account.

In all other cases treat service accounts as users and use a user tag to grant them access to resources.

A service account permission describes what an entity can do with a service account.

Abilities: Can do anything that it is possible to do at the level of a service account. Used to manage the credentials of a service account.