Service accounts authenticate automated processes and services to CloudBees CI without using personal user credentials for tasks such as triggering builds, querying the REST API, or managing job configurations. A service account is a named entity defined at either the root or item scope, with associated tokens used for HTTP Basic authentication. Unlike personal access tokens (PATs) associated with human user accounts, service accounts are independent entities designed specifically for automation.
- Improve security and compliance
-
Service accounts are not associated with any individual person. Unlike PATs, service account tokens can expire and be rotated easily, and they remain functional even after users leave the organization. Permissions can be scoped to give each service account only the minimum permissions required for its function.
- Simplify operations and maintenance
-
Eliminate hidden dependencies on individual user accounts. Create and manage multiple service accounts for different purposes without creating phony “bot” users in external authentication systems.
- Enable flexible access control
-
Define service accounts at root scope for global access, or at item scope to manage them alongside the groups that use them. Item-scoped service accounts enable teams to manage their own work without overall administrative access. Add service accounts to Role-Based Access Control (RBAC) groups to grant roles and permissions, similar to users or groups.