Skip to content

Service accounts#

Viewing service accounts in Neptune workspace settings

To automate and enhance your workflow, you can create service accounts in your workspace.

Service accounts are a special type of non-human privileged account. You can use them for automated processes instead of maintaining user accounts for this purpose.

Why should I use a service account?#

With service accounts, you can have multiple API tokens or non-user tokens in your setup.

Service accounts are also good for scoping permissions. They can have lower permission levels and access only to necessary projects.

What's different about service accounts?

  • You can instantly revoke a service account's API token in the workspace settings, which helps improve the security of your setup.
  • A service account cannot access any projects automatically. To perform actions in a project, it has to be explicitly assigned to it with at least "contributor" permissions.

What to use service accounts for

  • Your shared training/evaluation pipeline
  • CI/CD servers that do something like validating models marked for staging
  • Monitoring services that regularly check how models behave
  • Report generation

Creating a service account#

To create a new service account:

  1. In the top-left of the Neptune app, click your workspace name to expand the settings menu.
  2. Select Service accounts to get started.

For more detailed instructions, see Set up a service account.

Note

A service account cannot access projects with "workspace" visibility. It must be explicitly assigned to a project to be able to access it.

Managing service accounts#

Workspace admins and project owners can do the following:

  • Access service account settings
  • Add a service account to a project (needs to be created in the workspace settings first)
  • Remove a service account from a project
  • Change the service account role within a project

Only workspace admins can access and manage the Neptune API tokens of service accounts. If the service account is reactivated after being deactivated, the API token is refreshed.

Tip

You can also managage service accounts through the management API.

Most of the management operations can themselves be performed by service accounts.

Limitations#

  • You can have up to 50 service accounts per workspace.
  • A service account can't access a project without being specifically assigned to it, even if the project visibility is set to "workspace".

  • Service accounts can't delete projects or have the workspace admin role. As such, service accounts cannot use the following functions from the management API:

    Otherwise, service accounts can perform project actions according to their permissions.

Related