New Service Account Access Request

What is a Service Account?

A service account in Balkan is like a digital key for applications to automatically do tasks and talk to each other without needing a person to step in. It's similar to having special IDs in other platforms, like Service Principals in Azure or IAM Roles in AWS, which let software access resources or perform actions securely. This setup helps in automating workflows, keeping things secure, and making sure different apps can work together smoothly.

The Service Account Management System encompasses three core functionalities:

• Service Account Creation

• Service Account Assignment

• Service Account Deletion

Each function is accessible via a simple selection using radio buttons on our interface. Below, you will find detailed steps on how to execute each function.

Service Account Creation

To create a new service account, follow these simple steps to add the account to your selected applications efficiently

Select Creation: Initiate the creation process by choosing the "Creation" radio button. Choose an Application: Select from the list of applications where you want to add a new service account.

Fill the Payload: A form will appear on the page once you select an application. This form needs to be completed with the necessary details to create a new service account.

Note - Not supported indicates we don't support creating a service account for the selected application but it will be supported in the future.

Preview Your Request: Proceed to the preview page to review your request, ensuring all provided information is accurate.

Create Request: Submit your creation request by clicking on the "Create Request" button. Your request will then undergo an approval process.(In the my task page of the reviewer)

Approval and Verification: After your request has been approved(from the my task page of the reviewer), the new service account will be added to the selected application. Verify the addition by checking within the application.

Service Account Assignment

This functionality allows you to manage the permissions of existing service accounts by granting or revoking access to various resources.

Select Assignment: Begin the assignment process by choosing the "Assignment" radio button.

Select Application and Service Account: Pick the application and then the service account you wish to manage.

Configure Grants and Revokes: A table will be presented for configuring "grants" and "revokes". These arrays let you define the types of connections or resources (e.g., groups, roles, policies for connections, and applications for resources) and their respective names.

Note - In the Service Account Access Request System, the payload you see during the assignment process allows you to customize access rights for a connection within an application by granting or revoking permissions. You can modify this payload by removing objects you no longer need or adding new ones, provided you use the source types already presented in the example on your screen. It's important to note that adding new types not displayed in the example is not supported, ensuring the system processes your request correctly and efficiently.

• Grants: Details the permissions you wish to grant to the service account.

• Revokes: Details the permissions you wish to revoke from the service account.

{
"grants": [
{
"type": "<type_of_connection_or_resource>",
"source_name": "<name_of_the_source>"
}
],
"revokes": [ 
{
"type": "<type_of_connection_or_resource>",
"source_name": "<name_of_the_source>"
} 
]
}

Preview and Create Request: Similar to the creation process, preview your assignment request and submit it by clicking on "Create Request". The request will be visible in the my task page of the reviewer. Approval and Update: Following approval(from the my task page of reviewer), the service account's permissions within the application will be updated accordingly.

Service Account Deletion

Deleting a service account involves removing its access from the specified application.

Select Deletion: To initiate the deletion process, choose the "Deletion" radio button.

Select Application and Service Account: Select the application and then the service account you intend to delete.

Preview and Create Request: Preview your deletion request and submit it by clicking on "Create Request". The request will be visible in the my task page of the reviewer.

Approval and Deletion: Once the request is approved(from the my task page of the reviewer), the service account will be deleted from the application, following the Balkan provisioning protocol.