Creating an API Service Account

This guide will walk you through on how to create an Alation API Service account regardless if you have SAML, Active Directory, SSO (e.g. Okta), or Alation's native authentication.

Requirements

Permissions Needed

You will need a Server Admin role to do these steps.

Service Account Permissions

Before creating the service account, make sure you check which APIs by Roles you're accessing and the required Alation role(s). Alation API roles are based on the Alation Catalog roles, e.g. Server Admin, Catalog Admin, and etc.

Steps

  1. In a text editor/excel file copy the below template and paste it into the document
user,display_name,email,title,role,password
[email protected],API Service Account,[email protected],API Service Account,SERVER_ADMIN,PasswordHere
  1. Change the fields to be what you need it to be and save the file

    • user – username. Recommend this be the same as email
    • display_name – The name that users will see in the UI
    • email – email. Recommend this be the same as user but is not required
    • role – The Alation Account role. Check the API by Roles guide to figure out permissions scope. Can be one of the below and IS case sensitive.
      • SERVER_ADMIN
      • CATALOG_ADMIN
      • SOURCE_ADMIN
      • STEWARD
      • COMPOSER
      • VIEWER
  2. In Alation, go to alationdomain/admin/user_profiles/

  3. Click Drag & Drop or Click to Upload, select the user_profile_template.csv file, and upload it

793793
  1. Alation will update and show a confirmation page that will verify the account that you're about to make. Click confirm
817817
  1. Test creating tokens with that user account and password via RefreshToken api.