Introduction
This guide explains how to add the IsServiceAccount attribute to SAML users in Terraform Enterprise. This configuration allows specific SAML users to function as service accounts, which prevents their API tokens from expiring.
Use Case
You may need to configure a SAML user to act as a service account for automation or CI/CD pipelines. By adding the IsServiceAccount attribute, you ensure that API tokens generated for this user do not time out, providing stable authentication for automated processes.
Procedure
To enable this functionality for your SAML provider, follow these steps:
- Create a user account in your organization’s Active Directory (AD) or Identity Provider (IdP) to represent the system or service.
- Add the
IsServiceAccountattribute to that user with a value oftrue. - Log in to Terraform Enterprise as that system user through your SAML provider. This initial login is typically only required once to provision the user.
- Generate a user API token for the service account user by following the steps in the User API Tokens documentation.
- You can now use this API token for your automation, and it will include the
IsServiceAccountattribute, preventing it from expiring.
Additional Information
- For more details on SAML attributes, refer to the Terraform Enterprise SAML attributes documentation.
- You can find more information about user management in the Terraform user management documentation.