add docs for service accounts

docs/basics/acct-team-mgmt-hub.md

@@ -1,20 +1,21 @@
 ---
 id: acct-team-mgmt-hub
-title: Account and Team Management
+title: Account and Organization Management
 sidebar_label: Getting Started
 ---
 
-The Account area in Sauce Labs provides several options for you to configure your teams, users, and accounts.
+The Account area in Sauce Labs provides several options for you to configure your teams, users, and service accounts.
 
 <div className="box-wrapper" markdown="1">
 <div className="box box1 card">
   <div className="container">
   <h2>Settings and Accounts</h2>
   <p>Sauce Labs offers a number of features to set up additional team members who can share your account.</p>
   <ul>
-      <li><a href="/basics/acct-team-mgmt/managing-user-info">Managing Users and Accounts</a></li>
+      <li><a href="/basics/acct-team-mgmt/managing-user-info">Managing Users</a></li>
       <li><a href="/basics/acct-team-mgmt/adding-deleting-teams">Adding and Deleting Teams</a></li>
       <li><a href="/basics/acct-team-mgmt/assigning-removing-users-teams">Assigning and Removing Users from Teams</a></li>
+      <li><a href="/basics/acct-team-mgmt/managing-service-accounts">Managing Service Accounts</a></li>
   </ul>
   </div>
 </div>

docs/basics/acct-team-mgmt/adding-deleting-teams.md

@@ -29,6 +29,11 @@ If you are an organization admin, you can create and delete teams and assign con
 
 ## Deleting Teams
 
+:::note
+Teams that contain service accounts cannot be deleted. Please remove all service accounts before attempting to delete the team.<br/><br/>
+However, if a team only contains user accounts, you can delete it by selecting a target team to which the users will be reassigned.
+:::
+
 1. On Sauce Labs, click **ACCOUNT** and then click **Organization Management**.
 2. On the **TEAMS** tab, select the checkbox of the team or teams you want to delete.
 3. Next to **TEAMS SELECTED**, in the **Action** dropdown, click **Delete team**.

docs/basics/acct-team-mgmt/managing-service-accounts.md

@@ -0,0 +1,149 @@
+---
+id: managing-service-accounts
+title: Managing Service Accounts
+sidebar_label: Managing Service Accounts
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+<p><span className="sauceGreen">Paid Plans Only</span></p>
+
+:::note
+Service accounts are available only on paid plans. Free trial accounts cannot create service accounts.
+:::
+
+## Overview
+
+Service accounts are non-human accounts designed for automated processes such as CI/CD pipelines and integrations.
+
+:::tip
+Throughout this documentation, non-human accounts will always be referred to as **service accounts**. In contrast, accounts associated with individual users and linked to an email address will be referred to as **users** or **user accounts**.
+:::
+
+Service accounts can be managed by any team administrator within their active team or any organization administrator.
+
+Unlike user accounts, service accounts:
+
+- Are not tied to a specific user and remain functional even if the creator is deleted.
+- Cannot switch teams after creation.
+
+Key characteristics:
+
+- **No UI or SAML SSO Sign-In:** Service accounts cannot log in to the Sauce Labs UI or via SAML Single Sign-On.
+- **No Email Notifications:** They do not have an email address and will not receive notifications.
+- **Credentials for Automation:** They use a username and access key for API access and running tests as user accounts.
+- **Team Assignment:** Once created, a service account is tied to a specific team and cannot be reassigned.
+- **Limited Permissions:** Service accounts have limited permissions compared to user accounts, amongst others they **cannot**:
+  - manage teams and accounts ([Accounts API](/dev/api/accounts/))
+  - manage tunnels with Sauce Trusted Connection ([Sauce Connect API](/dev/api/connect/), [SC CLI 4](/dev/cli/sauce-connect-proxy), [SC CLI 5](/dev/cli/sauce-connect-5))
+  - manage private real devices ([Private Real Device API](/dev/api/rdc/#private-real-device-management))
+  - use the [API Testing API](/dev/api/api-testing/)
+  - submit a crash in the [Crash/Error Reporting](/dev/api/error-reporting/)
+  - use the [Sauce Orchestrate](/orchestrate)
+  - use the [Virtual USB CLI](/dev/cli/virtual-usb/)
+
+## Creating a Service Account
+
+### As a Team Administrator
+
+1. Click the **Account icon** <img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/account-icon.png')} alt="Account Icon" /> in the top-right corner and select **Team management**.
+2. Navigate to the **Service Accounts** tab.
+3. Click **+ New Service Account**.
+4. Enter a **Display name** and verify the **Assigned Team**:
+   - The username is auto-generated based on the display name.
+   - You can update the display name later, but the username remains fixed.
+   - The service account is automatically assigned to your active team and cannot be reassigned later.
+     <img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/creation-modal-team-admin-step-1.png')} alt="Service Account Creation - Step 1"/>
+5. Copy and securely store the username and the access key.
+   - **Important:** The access key is available only during this step and cannot be retrieved later.
+     <img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/creation-modal-team-admin-step-2.png')} alt="Service Account Creation - Step 2"/>
+
+### As an Organization Administrator
+
+1. Click the **Account icon** <img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/account-icon.png')} alt="Account Icon"/> in the top-right corner and select **Organization management**.
+2. Click the **Service Accounts** tab to manage all service accounts across your entire organization.
+   - Alternatively, to manage service accounts for a specific team, select that team from the **Teams** tab and then click the **Service Accounts** tab.
+3. Click **+ New Service Account**.
+4. Enter a **Display name** and choose the appropriate **Assigned Team**:
+   - The username is auto-generated based on the display name.
+   - You can update the display name later, but the username remains fixed.
+   - When managing service accounts at the organization level, you can assign the account to any team but it cannot be reassigned later.
+     <img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/creation-modal-org-admin-step-1.png')} alt="Service Account Creation - Step 1"/>
+5. Copy and securely store the username and the access key.
+   - **Important:** The access key is available only during this step and cannot be retrieved later.
+     <img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/creation-modal-org-admin-step-2.png')} alt="Service Account Creation - Step 2"/>
+
+## Managing Service Accounts
+
+### Accessing the Service Account Details View
+
+- **Team Administrators:** Can manage service accounts only in their active team. Use [the team assignment dropdown](/basics/acct-team-mgmt/switching-active-team) to switch teams.
+- **Organization Administrators:** Can manage service accounts across any team.
+
+#### As a Team Administrator
+
+1. Click the **Account icon** <img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/account-icon.png')} alt="Account Icon" /> in the top-right corner and select **Team management**.
+2. Click the **Service Account** tab.
+3. Click on the username of the service account you want to manage.
+
+#### As an Organization Administrator
+
+1. Click the **Account icon** <img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/account-icon.png')} alt="Account Icon"/> in the top-right corner and select **Organization management**.
+2. Click the **Service Accounts** tab to manage all service accounts across your entire organization.
+   - Alternatively, to manage service accounts for a specific team, select that team from the **Teams** tab and then click the **Service Accounts**
+3. Click on the username of the service account you want to manage.
+
+### Deleting a Service Account
+
+1. Open the [service account details view](#accessing-the-service-account-details-view).
+2. Click the delete button.
+   <br/><img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/delete-button.png')} alt="Delete button"/>
+3. Confirm the deletion.
+
+### Deleting Service Accounts in Bulk
+
+1. Open the [service account details view](#accessing-the-service-account-details-view).
+2. Select the checkboxes next to the service accounts you want to delete.
+3. From the dropdown menu, choose **Delete service accounts**.
+   <br/><img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/delete-service-accounts-dropdown.png')} alt="Delete service accounts dropdown"/>
+
+### Resetting the Access Key
+
+1. Open the [service account details view](#accessing-the-service-account-details-view).
+2. Click the reset access key button.
+   <br/><img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/reset-access-key-button.png')} alt="Reset access key button"/>
+3. Confirm the reset action.
+4. Copy and securely store the new access key.
+   - **Important:** The access key is available only during this step and cannot be retrieved later.
+     <img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/reset-access-key-step-2.png')} alt="Reset access key - Step 2"/>
+
+### Updating the Display Name
+
+1. Open the [service account details view](#accessing-the-service-account-details-view).
+2. Edit the display name field.
+   <br/><img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/update-display-name.png')} alt="Update display name"/>
+3. Click the **Update** button to save your changes.
+   <br/><img src={useBaseUrl('img/basics/acct-team-mgmt/service-accounts/update-button.png')} alt="Update button"/>
+
+:::note
+Changing the display name does not affect the auto-generated username.
+:::
+
+## Running Tests as a Service Account
+
+You can run tests as a service account in the same way you would with a user account - simply use the service account's username and access key.
+
+### Viewing Test Results
+
+Jobs run by service accounts are displayed on the [Automated Test Results page](/test-results/viewing-test-results/#automated-test-results). The visibility and permissions for jobs and builds run by service accounts are the same as those for user accounts:
+
+- **When "Job Visibility Across Teams" is enabled** in the [Organization Security Settings](/basics/acct-team-mgmt/org-settings/#security-settings):  
+  Users and service accounts across all teams in your organization can view jobs and builds from any team.
+- **When "Job Visibility Across Teams" is disabled:**  
+  Users and service accounts can only view jobs and builds associated with their active team.
+
+### Using Sauce Connect Proxy with a Service Account
+
+If you plan to run tests through a [Sauce Connect Proxy tunnel](/secure-connections/), be mindful of tunnel sharing options. Service accounts cannot create or manage tunnels, so you must use a tunnel that has been shared with the service account’s assigned team. For detailed configuration instructions, refer to the [shared tunnels section](/secure-connections/sauce-connect-5/operation/overview/#shared-tunnels).

docs/basics/acct-team-mgmt/managing-user-info.md

@@ -96,11 +96,11 @@ Regenerating your access key will update the access key throughout your configur
 
 ## User Roles
 
-| Role               | Permissions                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
-| ------------------ |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Organization Admin | <ul><li>Create and delete teams, and move teams within an organization</li><li>Manage Organization Settings</li><li>Manage users across the organization:<ul><li>Add and deactivate users</li><li>Reset user passwords</li><li>Change email addresses and names</li><li>Assign user roles</li><li>Move users between teams</li><li>View user activity</li></ul></li><li>Set concurrency allocation for teams</li><li>Sauce Connect Proxy tunnels: <ul><li>Create tunnels for users across the organization to share</li><li>Limit access to shared tunnels</li><li>Stop any and all tunnels</li></ul></li><li>View all jobs in the organization</li><li>Modify Real Device App Settings</li></ul>                                                                           |
-| Team Admin         | <ul><li>Only a user assigned to a team can become a team admin</li><li>Manage the team and users on the team</li><li>View team usage and users assigned to the team</li><li>Sauce Connect Proxy Team tunnels: <ul><li>View shared tunnels and non-shared tunnels created by team members</li><li>Start shared tunnels</li><li>Stop tunnels they have started</li></ul></li><li>Manage users on the team:<ul><li>Reset user passwords</li><li>Change email addresses and names</li><li>Move users between their team and the list of users who are not assigned to any team</li><li>View user activity</li></ul></li><li>View jobs that were run by team members</li><li>View jobs that were run by members of other teams</li><li>Modify Real Device App Settings</li></ul> |
-| Team Member        | <ul><li>Edit personal information such as name, password, and email address</li><li>View jobs that were run by other team members</li><li>View jobs that were run by members of other teams in the organization</li><li>Sauce Connect Proxy tunnels: <ul><li>Start tunnels for individual use or to be shared with other team members</li><li>Stop tunnels they have started</li></ul></li></ul>                                                                                                                                                                                                                                                                                                                                                                            |
+| Role               | Permissions                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
+| ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Organization Admin | <ul><li>Create and delete teams, and move teams within an organization</li><li>Manage Organization Settings</li><li>Manage users across the organization:<ul><li>Add and deactivate users</li><li>Reset user passwords</li><li>Change email addresses and names</li><li>Assign user roles</li><li>Move users between teams</li><li>View user activity</li></ul></li><li>Manage service accounts across the organization</li><li>Set concurrency allocation for teams</li><li>Sauce Connect Proxy tunnels: <ul><li>Create tunnels for users across the organization to share</li><li>Limit access to shared tunnels</li><li>Stop any and all tunnels</li></ul></li><li>View all jobs in the organization</li><li>Modify Real Device App Settings</li></ul>                                                                                                                                                                                |
+| Team Admin         | <ul><li>Only a user assigned to a team can become a team admin</li><li>Manage the team</li><li>View team usage and users assigned to the team</li><li>Sauce Connect Proxy Team tunnels: <ul><li>View shared tunnels and non-shared tunnels created by team members</li><li>Start shared tunnels</li><li>Stop tunnels they have started</li></ul></li><li>Manage users on the team:<ul><li>Reset user passwords</li><li>Change email addresses and names</li><li>Move users between their team and the list of users who are not assigned to any team</li><li>View user activity</li></ul></li><li>Manage service accounts in the team</li><li>View jobs that were run by team members (users and service accounts)</li><li>View jobs that were run by members of other teams (if the [Job Visibility Across Teams](/basics/acct-team-mgmt/org-settings/#security-settings) is enabled)</li><li>Modify Real Device App Settings</li></ul> |
+| Team Member        | <ul><li>Edit personal information such as name, password, and email address</li><li>View jobs that were run by other team members (users and service accounts)</li><li>View jobs that were run by members of other teams in the organization (if the [Job Visibility Across Teams](/basics/acct-team-mgmt/org-settings/#security-settings) is enabled)</li><li>Sauce Connect Proxy tunnels: <ul><li>Start tunnels for individual use or to be shared with other team members</li><li>Stop tunnels they have started</li></ul></li></ul>                                                                                                                                                                                                                                                                                                                                                                                                  |
 
 In every organization, multiple Organization Admins and/or Team Admins can exist. However, users can only be part of one organization.