Add a service account attribute to SAML Terraform Enterprise users

Use Case

There are common situations where a customer may find the need to add the IsServiceAccount attribute to Terraform Enterprise SAML users that are intended to behave like service accounts.

Adding the attribute to the user will let Terraform Enterprise know that the user should be treated as if it was service account, which will remove API Token timeout issues. 

Procedure

Steps to enable this functionality for any SAML provider are:

1. Create a user account in your organization’s AD/IdP to represent a system.
2. Add the IsServiceAccount attribute to that user with value of true
3. Have a user login to Terraform Enterprise, via SAML, as that system user. This should only need to happen once.
4. Generate an API token as that user via the steps listed here.
5. You can then use the API token which will now include the IsServiceAccount attribute.

Additional Information

• Documentation for IsServiceAccount SAML attributes can be found here.
• More information about Terraform Enterprise users can be read here.

If your issues persist after completing the steps outlined in this guide, please contact HashiCorp Support to request further assistance.