There are common situations where a customer may find the need to add the
IsServiceAccount attribute to Terraform Enterprise SAML users that are intended to behave like service accounts.
Adding the attribute to the user will let Terraform Enterprise know that the user should be treated as if it was service account, which will remove API Token timeout issues.
Steps to enable this functionality for any SAML provider are:
- Create a user account in your organization’s AD/IdP to represent a system.
- Add the
IsServiceAccountattribute to that user with value of
- Have a user login to Terraform Enterprise, via SAML, as that system user. This should only need to happen once.
- Generate an API token as that user via the steps listed here.
- You can then use the API token which will now include the
- Documentation for
IsServiceAccountSAML attributes can be found here.
- More information about Terraform Enterprise users can be read here.
If your issues persist after completing the steps outlined in this guide, please contact HashiCorp Support to request further assistance.