Skip to content

Commit

Permalink
add docs for service accounts
Browse files Browse the repository at this point in the history
  • Loading branch information
@przemek-sl
przemek-sl committed Feb 25, 2025
1 parent 460abec commit 070f6f6
Show file tree
Hide file tree
Showing 28 changed files with 250 additions and 54 deletions.
7 changes: 4 additions & 3 deletions docs/basics/acct-team-mgmt-hub.md
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,21 @@
---
id: acct-team-mgmt-hub
title: Account and Team Management
title: Account and Organization Management
sidebar_label: Getting Started
---

The Account area in Sauce Labs provides several options for you to configure your teams, users, and accounts.
The Account area in Sauce Labs provides several options for you to configure your teams, users, and service accounts.

<div className="box-wrapper" markdown="1">
<div className="box box1 card">
<div className="container">
<h2>Settings and Accounts</h2>
<p>Sauce Labs offers a number of features to set up additional team members who can share your account.</p>
<ul>
<li><a href="/basics/acct-team-mgmt/managing-user-info">Managing Users and Accounts</a></li>
<li><a href="/basics/acct-team-mgmt/managing-user-info">Managing Users</a></li>
<li><a href="/basics/acct-team-mgmt/adding-deleting-teams">Adding and Deleting Teams</a></li>
<li><a href="/basics/acct-team-mgmt/assigning-removing-users-teams">Assigning and Removing Users from Teams</a></li>
<li><a href="/basics/acct-team-mgmt/managing-service-accounts">Managing Service Accounts</a></li>
</ul>
</div>
</div>
Expand Down
5 changes: 5 additions & 0 deletions docs/basics/acct-team-mgmt/adding-deleting-teams.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,11 @@ If you are an organization admin, you can create and delete teams and assign con

## Deleting Teams

:::note
Teams that contain service accounts cannot be deleted. Remove all service accounts before attempting to delete the team.<br/><br/>
However, if a team only contains user accounts, you can delete it by selecting a target team to which the users will be reassigned.
:::

1. On Sauce Labs, click **ACCOUNT** and then click **Organization Management**.
2. On the **TEAMS** tab, select the checkbox of the team or teams you want to delete.
3. Next to **TEAMS SELECTED**, in the **Action** dropdown, click **Delete team**.
Expand Down
149 changes: 149 additions & 0 deletions docs/basics/acct-team-mgmt/managing-service-accounts.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,149 @@
---
id: managing-service-accounts
title: Managing Service Accounts
sidebar_label: Managing Service Accounts
---

import useBaseUrl from '@docusaurus/useBaseUrl';
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';

<p><span className="sauceGreen">Paid Plans Only</span></p>

:::note
Service accounts are available only on paid plans. Free trial accounts cannot create service accounts.
:::

## Overview

Service accounts are non-human accounts designed for automated processes such as CI/CD pipelines and integrations.

:::tip
Throughout this documentation, non-human accounts will always be referred to as **service accounts**. In contrast, accounts associated with individual users and linked to an email address will be referred to as **users** or **user accounts**.
:::

Service accounts can be managed by any team administrator in their active team or any organization administrator.

Unlike user accounts, service accounts:

- Are not tied to a specific user and remain functional even if the creator is deleted.
- Cannot switch teams after creation.

Key characteristics:

- **No UI or SAML SSO Sign-In:** Service accounts cannot log in to the Sauce Labs UI or via SAML Single Sign-On.
- **No Email Notifications:** They do not have an email address and will not receive notifications.
- **Credentials for Automation:** They use a username and access key for API access and running tests as user accounts.
- **Team Assignment:** Once created, a service account is tied to a specific team and cannot be reassigned.
- **Limited Permissions:** Service accounts have limited permissions compared to user accounts, amongst others they **cannot**:
- manage teams and accounts ([Accounts API](/dev/api/accounts/))
- manage tunnels with Sauce Trusted Connection ([Sauce Connect API](/dev/api/connect/), [SC CLI 4](/dev/cli/sauce-connect-proxy), [SC CLI 5](/dev/cli/sauce-connect-5))
- manage private real devices ([Private Real Device API](/dev/api/rdc/#private-real-device-management))
- use the [API Testing API](/dev/api/api-testing/)
- submit a crash in the [Crash/Error Reporting](/dev/api/error-reporting/)
- use the [Sauce Orchestrate](/orchestrate)
- use the [Virtual USB CLI](/dev/cli/virtual-usb/)

## Creating a Service Account

### As a Team Administrator

1. Click the **Account icon** <img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/account-icon.png')} alt="Account Icon" /> in the top-right corner and select **Team management**.
2. Navigate to the **Service Accounts** tab.
3. Click **+ New Service Account**.
4. Enter a **Display name** and verify the **Assigned Team**:
- The username is auto-generated based on the display name.
- You can update the display name later, but the username remains fixed.
- The service account is automatically assigned to your active team and cannot be reassigned later.
<img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/creation-modal-team-admin-step-1.png')} alt="Service Account Creation - Step 1"/>
5. Copy and securely store the username and the access key.
- **Important:** The access key is available only during this step and cannot be retrieved later.
<img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/creation-modal-team-admin-step-2.png')} alt="Service Account Creation - Step 2"/>

### As an Organization Administrator

1. Click the **Account icon** <img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/account-icon.png')} alt="Account Icon"/> in the top-right corner and select **Organization management**.
2. Click the **Service Accounts** tab to manage all service accounts across your entire organization.
- Alternatively, to manage service accounts for a specific team, select that team from the **Teams** tab and then click the **Service Accounts** tab.
3. Click **+ New Service Account**.
4. Enter a **Display name** and choose the appropriate **Assigned Team**:
- The username is auto-generated based on the display name.
- You can update the display name later, but the username remains fixed.
- When managing service accounts at the organization level, you can assign the account to any team but it cannot be reassigned later.
<img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/creation-modal-org-admin-step-1.png')} alt="Service Account Creation - Step 1"/>
5. Copy and securely store the username and the access key.
- **Important:** The access key is available only during this step and cannot be retrieved later.
<img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/creation-modal-org-admin-step-2.png')} alt="Service Account Creation - Step 2"/>

## Managing Service Accounts

### Accessing the Service Account Details View

- **Team Administrators:** Can manage service accounts only in their active team. Use [the team assignment dropdown list](/basics/acct-team-mgmt/switching-active-team) to switch teams.
- **Organization Administrators:** Can manage service accounts across any team.

#### As a Team Administrator

1. Click the **Account icon** <img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/account-icon.png')} alt="Account Icon" /> in the top-right corner and select **Team management**.
2. Click the **Service Account** tab.
3. Click on the username of the service account you want to manage.

#### As an Organization Administrator

1. Click the **Account icon** <img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/account-icon.png')} alt="Account Icon"/> in the top-right corner and select **Organization management**.
2. Click the **Service Accounts** tab to manage all service accounts across your entire organization.
- Alternatively, to manage service accounts for a specific team, select that team from the **Teams** tab and then click the **Service Accounts**
3. Click on the username of the service account you want to manage.

### Deleting a Service Account

1. Open the [service account details view](#accessing-the-service-account-details-view).
2. Click the delete button.
<br/><img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/delete-button.png')} alt="Delete button"/>
3. Confirm the deletion.

### Deleting Service Accounts in Bulk

1. Open the [service account details view](#accessing-the-service-account-details-view).
2. Select the checkboxes next to the service accounts you want to delete.
3. From the dropdown menu, choose **Delete service accounts**.
<br/><img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/delete-service-accounts-dropdown.png')} alt="Delete service accounts dropdown"/>

### Resetting the Access Key

1. Open the [service account details view](#accessing-the-service-account-details-view).
2. Click the reset access key button.
<br/><img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/reset-access-key-button.png')} alt="Reset access key button"/>
3. Confirm the reset action.
4. Copy and securely store the new access key.
- **Important:** The access key is available only during this step and cannot be retrieved later.
<img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/reset-access-key-step-2.png')} alt="Reset access key - Step 2"/>

### Updating the Display Name

1. Open the [service account details view](#accessing-the-service-account-details-view).
2. Edit the display name field.
<br/><img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/update-display-name.png')} alt="Update display name"/>
3. Click the **Update** to save your changes.
<br/><img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/update-button.png')} alt="Update button"/>

:::note
Changing the display name does not affect the auto-generated username.
:::

## Running Tests as a Service Account

You can run tests as a service account in the same way you would with a user account - use the service account's username and access key.

### Viewing Test Results

Jobs run by service accounts are displayed on the [Automated Test Results page](/test-results/viewing-test-results/#automated-test-results). The visibility and permissions for jobs and builds run by service accounts are the same as those for user accounts:

- **When "Job Visibility Across Teams" is enabled** in the [Organization Security Settings](/basics/acct-team-mgmt/org-settings/#security-settings):
Users and service accounts across all teams in your organization can view jobs and builds from any team.
- **When "Job Visibility Across Teams" is disabled:**
Users and service accounts can only view jobs and builds associated with their active team.

### Using Sauce Connect Proxy with a Service Account

If you plan to run tests through a [Sauce Connect Proxy tunnel](/secure-connections/), be mindful of tunnel sharing options. Service accounts cannot create or manage tunnels, so you must use a tunnel that has been shared with the service account’s assigned team. For detailed configuration instructions, refer to the [shared tunnels section](/secure-connections/sauce-connect-5/operation/overview/#shared-tunnels).
10 changes: 5 additions & 5 deletions docs/basics/acct-team-mgmt/managing-user-info.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,11 +96,11 @@ Regenerating your access key will update the access key throughout your configur

## User Roles

| Role | Permissions |
| ------------------ |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Organization Admin | <ul><li>Create and delete teams, and move teams within an organization</li><li>Manage Organization Settings</li><li>Manage users across the organization:<ul><li>Add and deactivate users</li><li>Reset user passwords</li><li>Change email addresses and names</li><li>Assign user roles</li><li>Move users between teams</li><li>View user activity</li></ul></li><li>Set concurrency allocation for teams</li><li>Sauce Connect Proxy tunnels: <ul><li>Create tunnels for users across the organization to share</li><li>Limit access to shared tunnels</li><li>Stop any and all tunnels</li></ul></li><li>View all jobs in the organization</li><li>Modify Real Device App Settings</li></ul> |
| Team Admin | <ul><li>Only a user assigned to a team can become a team admin</li><li>Manage the team and users on the team</li><li>View team usage and users assigned to the team</li><li>Sauce Connect Proxy Team tunnels: <ul><li>View shared tunnels and non-shared tunnels created by team members</li><li>Start shared tunnels</li><li>Stop tunnels they have started</li></ul></li><li>Manage users on the team:<ul><li>Reset user passwords</li><li>Change email addresses and names</li><li>Move users between their team and the list of users who are not assigned to any team</li><li>View user activity</li></ul></li><li>View jobs that were run by team members</li><li>View jobs that were run by members of other teams</li><li>Modify Real Device App Settings</li></ul> |
| Team Member | <ul><li>Edit personal information such as name, password, and email address</li><li>View jobs that were run by other team members</li><li>View jobs that were run by members of other teams in the organization</li><li>Sauce Connect Proxy tunnels: <ul><li>Start tunnels for individual use or to be shared with other team members</li><li>Stop tunnels they have started</li></ul></li></ul> |
| Role | Permissions |
| ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Organization Admin | <ul><li>Create and delete teams, and move teams in an organization</li><li>Manage Organization Settings</li><li>Manage users across the organization:<ul><li>Add and deactivate users</li><li>Reset user passwords</li><li>Change email addresses and names</li><li>Assign user roles</li><li>Move users between teams</li><li>View user activity</li></ul></li><li>Manage service accounts across the organization</li><li>Set concurrency allocation for teams</li><li>Sauce Connect Proxy tunnels: <ul><li>Create tunnels for users across the organization to share</li><li>Limit access to shared tunnels</li><li>Stop any and all tunnels</li></ul></li><li>View all jobs in the organization</li><li>Modify Real Device App Settings</li></ul> |
| Team Admin | <ul><li>Only a user assigned to a team can become a team admin</li><li>Manage the team</li><li>View team usage and users assigned to the team</li><li>Sauce Connect Proxy Team tunnels: <ul><li>View shared tunnels and non-shared tunnels created by team members</li><li>Start shared tunnels</li><li>Stop tunnels they have started</li></ul></li><li>Manage users on the team:<ul><li>Reset user passwords</li><li>Change email addresses and names</li><li>Move users between their team and the list of users who are not assigned to any team</li><li>View user activity</li></ul></li><li>Manage service accounts in the team</li><li>View jobs that were run by team members (users and service accounts)</li><li>View jobs that were run by members of other teams (if the [Job Visibility Across Teams](/basics/acct-team-mgmt/org-settings/#security-settings) is enabled)</li><li>Modify Real Device App Settings</li></ul> |
| Team Member | <ul><li>Edit personal information such as name, password, and email address</li><li>View jobs that were run by other team members (users and service accounts)</li><li>View jobs that were run by members of other teams in the organization (if the [Job Visibility Across Teams](/basics/acct-team-mgmt/org-settings/#security-settings) is enabled)</li><li>Sauce Connect Proxy tunnels: <ul><li>Start tunnels for individual use or to be shared with other team members</li><li>Stop tunnels they have started</li></ul></li></ul> |

In every organization, multiple Organization Admins and/or Team Admins can exist. However, users can only be part of one organization.

Expand Down
Loading

0 comments on commit 070f6f6

Please sign in to comment.