Global Service Accounts
Prerequisites
To create, manage, and delete global service accounts, you must:
Log in as an Admin user (
ROLE-ADMIN
).Retrieve the Sysdig API Token from the Sysdig UI to use with the API.
Manage Global Service Accounts
Admins can create or delete a global service account by performing an API call. For instructions, access the Next Gen API documentation and go to the Service Accounts section.
Here, you can find API calls to:
- Retrieve a list of all service accounts.
- Create a new global service account.
- Delete a global service account.
When you create a global service account, select one of Sysdig’s pre-configured roles from the list of Available Global Service Accounts Roles.
Available Global Service Accounts Roles
A number of preset global service accounts exist, each with its own set of unique permissions. They include the following:
Runtime Insights
ROLE_RUNTIME_INSIGHTS
allows risk spotlight integration. The role contains these permissions:
secure.risk-spotlight-integrations.read
Cloud Ingestion - Okta
ROLE_CLOUDINGESTION_OKTA
allows cloud ingestion from Okta. The role contains these permissions:
cloudingestion-okta-ingest.write
Cloud Ingestion - GitHub
ROLE_CLOUDINGESTION_GITHUB
allows cloud ingestion from GitHub. The role contains these permissions:
cloudingestion-github-ingest.write
Cloud Ingestion - GCP
ROLE_CLOUDINGESTION_GCP
allows cloud ingestion from GCP. The role contains these permissions:
cloudingestion-gcp-ingest.write
Prometheus Remote Write
ROLE_PROM_REMOTE_WRITE
allows ingestion of Prometheus remote write metrics. The role contains these permissions:
ingest.prws
Access Keys
ROLE_MANAGE_ACCESS_KEYS
allows you to manage access keys. The role contains these permissions:
access-keys.read
access-keys.edit
Custom Roles
ROLE_MANAGE_CUSTOM_ROLES
allows you to manage custom team roles. The role contains these permissions:
permissions.read
custom-team-roles.read
custom-team-roles.create
custom-team-roles.update
custom-team-roles.delete
Group Mappings
ROLE_MANAGE_GROUP_MAPPINGS
allows you to manage group mappings. The role contains these permissions:
permissions.read
custom-team-roles.read
custom-team-roles.create
custom-team-roles.update
custom-team-roles.delete
Single Sign On Settings
ROLE_MANAGE_SSO_SETTINGS
allows you to manage single sign on settings. The role contains these permissions:
sso-active.edit
sso.config
User Provisioning
ROLE_USER_PROVISONING
allows you to manage users and teams. The role contains these permissions:
customer-teams.read
teams.create
teams.edit
teams.delete
memberships.read
memberships.edit
memberships-roles.edit
users.create
users.read
users.edit
group-mappings.read
group-mappings.edit
User and Zone Provisioning
ROLE_USER_ZONE_PROVISIONING
allows you to manage users, teams, and zones. The role contains these permissions:
customer-teams.read
teams.create
teams.edit
teams.delete
memberships.read
memberships.edit
memberships-roles.edit
users.create
users.read
users.edit
group-mappings.read
group-mappings.edit
zones.read
zones.edit
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.