Service Accounts
Service Accounts
A service account is a specific subset of permissions assigned to a non-human user. The most common use is the Agilicus Connector.
Service accounts (typically) do not sign in via an OpenID Connect web-based identity-provider. Instead they use an ‘Authentication Document’ which is a cryptographic proof of identity and scopes combined, which is periodically refreshed.
Service accounts behave the same as all other users for the sake of permission assignment.
When you install your Agilicus Connector, a service account is created for it at that time. If you delete the Connector, you can delete the service account for it. WARNING: do not delete the service account if the Connector is still in use (it will stop functioning).
Service accounts show up in the audits as any other user: all actions are audited individually.
Service account’s have a name which is similar to an email address, in the format of:
agent-connector-erx-service-account-kx4mfqwadgxbccz3axyrr9@serviceaccounts.agilicus.com
The email address and authentication document may be downloaded as below.
If you download the authentication document, you will see something as below. This may be used in applications you write that use the Agilicus SDK.
{
"_builtin_original": {
"metadata": {
"created": "2022-05-29T23:27:39.556283Z",
"id": "j5PLubHV....",
"updated": "2022-05-29T23:27:39.599237Z"
},
"spec": {
"auth_issuer_url": "https://auth.dbt.agilicus.cloud",
"org_id": "5kX8JJdQ3CzY66pyAWPN3D",
"user_id": "GWN9EKQR7U8vv9eYNJdXud"
},
"status": {
"audience": "urn:api:agilicus:tokens",
"issuer": "urn:agilicus:authentication_documents:j5PLubHV....",
"key": "-----BEGIN PRIVATE KEY-----\n...t9F\n-----END PRIVATE KEY-----\n"
}
},
"metadata": {
"created": "2022-05-29T23:27:39.556283Z",
"id": "j5PLubHVzuq44xDbVEBMfh",
"updated": "2022-05-29T23:27:39.599237Z"
},
"spec": {
"auth_issuer_url": "https://auth.dbt.agilicus.cloud",
"org_id": "5kX8JJdQ3CzY66pyAWPN3D",
"user_id": "GWN9EKQR7U8vv9eYNJdXud"
},
"status": {
"audience": "urn:api:agilicus:tokens",
"issuer": "urn:agilicus:authentication_documents:j5PLubHVzuq44xDbVEBMfh",
"key": "-----BEGIN PRIVATE KEY-----\n...bOHt9F\n-----END PRIVATE KEY-----\n"
}
}Related Configuration
Return to Product Configuration
- Applications
- Labels
- Agilicus AnyX Frequently Asked Questions
- VNC Desktop
- Agilicus Connector – Container/Docker
- Agilicus Connector – NanoPI R5S
- Agilicus AnyX Product Updates
- Agilicus Connector – Export Certificate
- Agilicus Connector – Microsoft Windows
- Sign-In Errors
- Time Synchronisation
- Locked-Down Networks Certificate Revocation
- Signup: Firewall Configuration
- Geo-Location-Based Access Control
- Resources – Overview, Concepts
- Connect to VTScada – Adding a Web Application
- Web Application Security
- Administrative Users
- Define Application: Proxy
- Authorisation rules
- Real VNC & Raspberry Pi
- Connector Install: Raspberry Pi
- Kubernetes Connector Install
- Linux, FreeBSD, Embedded Connector Install
- Connector Install: Ubiquiti EdgeRouter X
- Audit Destinations
- Agilicus Connector Install: MikroTik RouterOS
- Connector Install: Netgate SG-1100 pfSense
- Identity Group Mapping
- Billing
- Auto-Create Users From Specific Domain With Google Workplace
- Organisation
- Authentication Audit
- Authentication Issuer – Onsite Identity
- Authentication Issuer – Custom Identity
- Sign Up
- Microsoft ClickOnce
- Groups
- Agilicus Connector Windows Cluster
- Launchers
- Forwarding
- Usage Metrics
- Service Accounts
- Identity & Authentication Methods
- Content Security Policy
- Users
- Sign-In Theming
- Sign in With Apple
- Azure Active Directory
- Sign in With Microsoft
- Agilicus Launcher (Desktop)
- Agilicus Connector
- Zero-Trust SSH Access
- Theory of Operation: CNAME + DOMAIN
- Zero-Trust Desktop Access
- Hosted Applications
- Command Line API Access
- Permissions
- Profile
- Multi-Factor Authentication
- Authentication Rules
- Application Request Access
- OpenWRT Connector Install
- Moxa UC-8200 Zero-Trust Connector Install
- Cisco IOx Zero Trust Connector Install
- Synology Connector Install
- Authentication Clients
- Shares
- Services
- Resource Groups
- Legacy Active Directory