Create and Manage Service Accounts

Create and manage service accounts on BrowserStack

What are service accounts?

A service account is an access key token that your systems can use to make authorized API calls. Service accounts can be created at organization or at any team level.

Benefits of service accounts

• Any real user’s access keys does not need to be shared across the organization.
• Your Jenkins CI/CD pipeline can be run on BrowserStack using a service account. It will use the Automate/App Automate product parallels assigned to the team/organization that the service account is created for.
• It ensures that resources and accesses available to the service account can be controlled without compromising any real user’s account.

Who can create and manage service accounts?

• Service accounts can be created by the Owner or Admins.
• Owner can view and manage all the service accounts created within the organization or teams. If the ownership is transferred the new owner will get access to all service accounts.
• Admins can only view and manage the service accounts created by them.
• User cannot view or manage service accounts.

How to create service accounts?

1. Go to Settings & Permissions > Product tab

2. Under Service Accounts the Owner can view all the service accounts created within the organization. Each service account has a username and access key assigned to it which is used to connect your CI/CD pipelines, or access BrowserStack via APIs. Service accounts keys can be reset similar to a user’s access keys, via REST APIs.

3. To create a new service account, click Add Accounts

4. Enter the unique identifier for the service account. You can select the organization or team(optional) for which you want to create the service account.
   • Identifier: The identifier is used to mark the service account on product dashboards and user reports.
   • Team: Like users, a service account can be assigned a team. All the team management access rules apply to the service account once it is part of a team. If a team is not assigned, the service account will be considered an organization level service account.
5. Click Submit.

Differences between a service account and a real user account

The differences between a user account and service account are:

• A user’s account can access product dashboards and login into the BrowserStack whereas the service account does not have dashboard privileges. Service accounts do not have passwords, and cannot log in via browsers or cookies.
• Service accounts are not considered part of your user licenses.
• Service accounts will not receive any emails like daily reports or alerts.

Similarities between a service account and a user account

• Service accounts get access to parallels and APIs akin to a user, either as a Group User or Team User, depending upon the service account configuration.
• Tests run by service account will be visible on product dashboards with the service account identifier being used as the user’s name.
• Manage Data Access applies to service accounts. If the organization is on Team View, a service account which has a team assigned, will not be able to access data of other teams.

What happens to the service account when the user (who created a service account) shifts their team?

The service account is always visible to the Owner of the organization. The owner can modify or delete the service account. In case of the team change of the user (that created the service account), those service account(s) remains part of the team assigned to it.

Note: Once a user is removed/deleted from your organization account on BrowserStack, we recommend you to delete all the service accounts created by that user in order to prevent any uninteneded use.