What is a service account?
A service account is a regular account created in any SaaS tool with a few key differences. For one, the account is not tied to a human user. Service accounts also have elevated permissions compared to other users. They are created this way due to how some SaaS marketplace installations work. When installing an app, oftentimes that app inherits the permissions of the user that installed the app. This causes problems if the app is attempting to read/write data to the SaaS app in locations where the user that installed doesn’t have those permissions.
Why use service accounts?
Service accounts are important for many reasons. For one, granting one user all permissions isn’t ideal, especially when trying to follow lease-privilege protocols. Another reason is that it doesn’t cause any interruption of service when the SaaS administrator moves on from the company. What usually happens in that situation is the 3rd party applications lose their connection to the SaaS platform when the user that installed no longer has an account on the platform.
How to setup a service account for Jira
- First, create an email address within your organization that will be tied to the service account within Jira. This email address might look something like serviceaccount@[company.name].com.
-
In the Jira web page, click on the settings icon on the top right corner and click on User management.
-
Next, input the service account email that you created and click Add team members.
- Go to the service account’s email inbox and accept the invitation. You should now be able to see the service account as a user in your Jira instance.
-
Next, we need to ensure that the service account is an administrator within the Atlassian apps you are backing up. Going back to the User management page, click on Show details next to the newly created service account.
-
From the user's details page, locate the Jira Administration row for your site and confirm App admin is selected in the Roles column.
-
If you are also backing up Confluence, repeat the previous step for Confluence by locating the Confluence Administration row, and selecting App admin in the Roles column.
- Next, grant the service account the Organization Admin role. This step is required for the service account to install apps from the Atlassian Marketplace:
- Click the more actions menu (•••) in the top right corner
- Select Assign organization admin role.
Note: Only an existing Organization Admin can complete this step.
- Once done, the service account is now ready to install Rewind from the Atlassian Marketplace.
Finally, review all existing space permissions and permission schemes to ensure the newly provisioned service account user has access to all resources.
Atlassian has some additional resources on this subject that may be of interest: