Skip to main content
Version: 13.x (Current)

Machine 2 Machine Auth Video

In this video:
00:00:04 Hi, and welcome to Mia-Platform Pills.
00:00:07 Today we will show you how to create service accounts, which are not human users that can be employed to implement automated processes with machine-to-machine communication.
00:00:15 Let's start.
00:00:16 Access to the Platform Overview by clicking on the icon.
00:00:20 Once on the page, simply click on “Identities” in the left sidebar.
00:00:24 Here you have an overview of all the users on the platform.
00:00:27 Now let us try to add a new Service Account which we have just said is a non-human user.
00:00:31 Click on “Add User” and then on “Add Service Account”.
00:00:34 Firstly, give it a name.
00:00:37 There are then two different methods of adding it using Client Secret Basic or a Private Key JWT.
00:00:43 Choose the Client Secret Basic method.
00:00:45 Now, as an actual user, you need to assign a role representing a set of permissions within the platform.
00:00:53 Once created, the credential must be saved.
00:00:56 For security reasons, the generated Client Secret is only visible once in this screen.
00:01:00 If you don't save it, you will not able to retrieve it.
00:01:03 So click on the copy icon and store it in a safe place.
00:01:10 The client idea is displayed in the table instead.
00:01:14 Let us now add a new Service Account with the Private Key JWT method.
00:01:18 Click on the “Add User” button and perform the previous steps.
00:01:24 Here you can paste your public certificate while your private certificate will be used to sign the token.
00:01:30 Assign the role and remember to save the key ID.
00:01:37 Let's test our Service Account.
00:01:39 To the purpose of this video, we will generate a token only for the client secret basic method.
00:01:44 The token is created by taking the clientID:clientsecret encoding it in base64, creating an intermediate token.
00:01:53 The call will return this token.
00:01:56 As you may notice, this token has an expiry date. For long term operations, it is necessary to request it several times.
00:02:04 Remember that it is always possible to change the role of a Service Account or delete it.
00:02:17 Service Accounts can be created on a platform, project, or runtime environment level, based on where they need to perform their task.
00:02:24 For example, here we're creating it in a project so it will be applied only in the current space.
00:02:30 Service Accounts can automate processes acting as real users.
00:02:34 For example, they can trigger automatic deploys or to perform monitoring actions.