Identity and Access Management (IAM) Identity and Access Management (IAM)

Service accounts

Please make sure you read the IAM Concepts before proceeding.

A service account is a special kind of account used by an application, rather than an actual user. Applications use service accounts to make authorised API calls (as the service account itself) to D4Science services running within one or multiple contexts (VOs or VREs/VLabs). Hence, service accounts represent non-human users and are intended for scenarios where a custom application needs to access resources or perform actions without end-user involvement.

A service account is granted roles that let it access resources. The service account is used as the identity of the application, and the service account's roles control which resources the application can access. For instance, a service account could be granted IAM roles to access the workspace (storage-hub service) or the catalogue (gcat-service) within one or more context.

A service account is associated to an identifier, which is unique to the account.

As member of any D4Science VRE/VLab you can request a service account on the D4Science Support page (3rd Party App Registration).