Service accounts
About service accounts in Neptune. Differences between user and service accounts.
To automate and enhance your workflow, you can create service accounts in your team workspace.
Service accounts are a special type of non-human privileged account. You can use them for automated processes, such as training pipelines and report generation, instead of maintaining user accounts for this purpose.

Good to know

  • You can have up to 50 service accounts per workspace.
  • The name of a service account ends with @workspace-name. Example: If you create a service account "report-generation" in a workspace called "ml-team", the service account name will be [email protected].
  • A service account can't access a project without being specifically assigned to it, even if the project visibility is set to "workspace".
  • You can only deactivate a service account, not delete it completely. Note: If the service account is reactivated after being deactivated, the API token is refreshed.

Service vs user account

A service account has much of the same functionalities as a user account, with some differences.
Create runs
Have the admin role
Be assigned roles and function according to the permissions
Have a personal workspace
Become the owner of created projects and objects
Be a member of multiple workspaces
Delete projects
In practice, this means the service account is always tied to a particular workspace, where it can function as a user account depending on the project permissions assigned to it.
Because a service account can't be a workspace admin, it can't delete projects.

Who can manage service accounts

Workspace admins and project owners can do the following:
  • Access service account settings
  • Add a service account to a project
  • Remove a service account from a project
  • Change the service account role within a project
Only workspace admins can access and manage the Neptune API tokens of service accounts.

API reference