Creating an API Service Account
This guide will walk you through on how to create an Alation API Service account regardless if you have SAML, Active Directory, SSO (e.g. Okta), or Alation's native authentication.
Requirements
Permissions Needed
You will need a Server Admin role to do these steps.
Service Account Permissions
Before creating the service account, make sure you check which APIs by Roles you're accessing and the required Alation role(s). Alation API roles are based on the Alation Catalog roles, e.g. Server Admin, Catalog Admin, and etc.
Steps
- In a text editor/excel file copy the below template and paste it into the document
user,display_name,email,title,role,password
[email protected],API Service Account,[email protected],API Service Account,SERVER_ADMIN,PasswordHere
-
Change the fields to be what you need it to be and save the file
- user – username. Recommend this be the same as email
- display_name – The name that users will see in the UI
- email – email. Recommend this be the same as user but is not required
- role – The Alation Account role. Check the API by Roles guide to figure out permissions scope. Can be one of the below and IS case sensitive.
- SERVER_ADMIN
- CATALOG_ADMIN
- SOURCE_ADMIN
- STEWARD
- COMPOSER
- VIEWER
-
In Alation, go to
alationdomain/admin/user_profiles/
-
Click
Drag & Drop or Click to Upload
, select the user_profile_template.csv file, and upload it
- Alation will update and show a confirmation page that will verify the account that you're about to make. Click confirm
- Test creating tokens with that user account and password via RefreshToken api.
Updated about 1 year ago