Create and Manage Service Accounts

Create and manage service accounts on BrowserStack

What are service accounts?

A service account is an access key token that your systems can use to make authorized API calls. Service accounts can be created at organization or at any team level.

Benefits of service accounts

• Any real user’s access keys does not need to be shared across the organization.
• Your Jenkins CI/CD pipeline can be run on BrowserStack using a service account. It will use the Automate/App Automate product parallels assigned to the team/organization that the service account is created for.
• It ensures that resources and accesses available to the service account can be controlled without compromising any real user’s account.

Permissions to create and manage service accounts

The table below shows what other user roles can do with a service account, depending on who created it. For example, if an Owner creates a service account, the table shows whether the Owner, Group Admin, and Team Admin can modify it.

How to create service accounts?

1. Log in to your BrowserStack account.
2. Click the User Profile icon in the top-right corner, and select Settings. Select Product.

3. Under Service Accounts the Owner can view all the service accounts created within the organization. Each service account has a username and access key used to connect your CI/CD pipelines, or access BrowserStack via APIs. Service accounts keys can be reset, similar to user access keys, via REST APIs.

4. To create a new service account, click Add Accounts

5. Enter the unique identifier for the service account. You can select the organization or team(optional) for which you want to create the service account.
   • Identifier: The identifier is used to mark the service account on product dashboards and user reports.
   • Team: Like users, a service account can be assigned a team. All the team management access rules apply to the service account once it is part of a team. If a team is not assigned, the service account will be considered an organization level service account.
6. Click Submit.

Differences between a service account and a real user account

The differences between a user account and service account are:

• A user’s account can access product dashboards and login into the BrowserStack whereas the service account does not have dashboard privileges. Service accounts do not have passwords, and cannot log in via browsers or cookies.
• Service accounts are not considered part of your user licenses.
• Service accounts will not receive any emails like daily reports or alerts.

Similarities between a service account and a user account

• Service accounts get access to parallels and APIs akin to a user, either as a Group User or Team User, depending upon the service account configuration.
• Tests run by service account will be visible on product dashboards with the service account identifier being used as the user’s name.
• Manage Data Access applies to service accounts. If the organization is on Team View, a service account which has a team assigned, will not be able to access data of other teams.

What happens to the service account when the user (who created a service account) shifts their team?

The service account is always visible to the Owner of the organization. The owner can modify or delete the service account. In case of the team change of the user (that created the service account), those service account(s) remains part of the team assigned to it.