Creating and managing service accounts
This section walks you through the process of creating a service account for running the metadata collectors.
Preparing to create a service account
To prepare for the service account:
Login to the application as an administrator of the organization.
From the user menu available in the top toolbar, navigate to the Settings page.
Go to the Advanced section and note down the Enterprise Admin API token. We will use this API token to create the service account.
Next, note down the ID of the organization for which you are creating the service account.
Setting up the service account
To setup a service account:
Access the create a new service account API. Set the following parameters.
In the Auth section set the Token value as Bearer <API_TOKEN_Copied_from UI>. For example, the value will look like: Bearer OiJIUzUxMiJ9.eyJzdWIiOiJ.
Important
You must add Bearer along with API token.
In the Parameters section set the Owner as the ID of the organization for which you are creating the service account. This should be the organization in which you are planning to run the collectors. If you are using the Catalog Toolkit, it must be the catalog-sources organization. For example, the value will look like: catalog-sources
In the Body section, set the following properties:
desiredUsername: Set the username for the account. This is the name with which the account gets created.
expiryDate: Set an expiration date. The generated token expires on this date and will need to be regenerated on that date.
displayName: Set the display name. The display name can have maximum 128 characters.
Click the Send API request button.
If the API request is sent successfully, the Response section refreshes and shows a 200 OK response and the following information:
Token: This is the token generated for the service account you created. This token is used while running the collectors.
Important
You must use discretion while sharing and using this token. You must save this token in a safe place as it cannot be retrieved. If you lose the token, you will have to generate a new one.
serviceAccountUsername: This is the name with which the account gets created in the organization. The system automatically prefixes the name with sa-<organizationID>. For example, if you set the desiredUsername as new-service-account for the 8bank organization, the serviceAccountUsername will get created as sa-8bank-new-service-account.
Managing the service account
This is the account you will use to upload the collector output to the dataset.
To manage the service account:
Go to the organization for which you created the service account.
In the Members tab, you will see the service account. Give this account permissions to the datasets in which the collector output will be saved. At a minimum the account must have Edit access to the dataset.