At times, a customer may find the need to add the
IsServiceAccount attribute to Terraform Enterprise SAML users that are intended to behave like service accounts.
This method was introduced as a workaround in the past and currently is not a feature of the product. Due to this, the steps listed here could be changed without notice. Adding the attribute to the user will let Terraform Enterprise know that the user should be treated as if it was service account.
General steps to enable this workaround for any SAML provider are:
- Create a user account in your organization’s AD/IdP to represent a system.
- Add the
IsServiceAccountattribute to that user with value of
- Have a user login to Terraform Enterprise, via SAML, as that system user. This should only need to happen once.
- Generate an API token as that user via the steps listed here.
- You can then use the API token which will now include the
More information about Terraform Enterprise users can be read here.
If your issues persist after completing the steps outlined in this guide, please contact HashiCorp Support to request further assistance.