Managing service accounts

AI Hub supports creating service accounts, which are AI Hub accounts not tied to a particular user and used only for interacting with the AI Hub API and SDK. Service accounts can be added to groups and workspaces and assigned group-level and workspace-level roles just like a standard member account. Service accounts are commonly used for programmatic interactions, such as triggering runs as part of a continuous development pipeline or performing automated tasks on a set schedule.

Adding service accounts

Organization admins can create any number of service accounts.

1. In the header, click the initials icon and select Settings.

2. Click Members, then select the Service accounts tab.

3. Click Add service account.

4. Add a display name for the service account, reflecting the account’s intended usage.

5. Select an organization-level role.

6. Click Create.

7. Add the account’s first OAuth token or click Skip.

   Creating OAuth tokens

Managing service account tokens

From a service account’s details page, you can manage its OAuth tokens.

Adding OAuth tokens

One service account can have multiple OAuth tokens. Consider using one token per programmatic interaction for fine-grained controls. All OAuth tokens created for a service account share the same role-based access.

1. In the header, click the initials icon and select Settings.

2. Click Members, then select the Service accounts tab.

3. In the service accounts list, select the service account.

4. Click Add token.

5. Enter a name and description for the token. Use the description to note the token’s purpose or intended usage.

6. Select or define a custom expiration date for the token. The default setting is Never expires.

7. Click Add.

8. Copy the token. After closing the create token dialog, the token’s value is encrypted and can’t be copied again.

Refreshing tokens

You can refresh a token as needed. Refreshing a token updates its value.

1. In the header, click the initials icon and select Settings.

2. Click Members, then select the Service accounts tab.

3. In the service accounts list, select the service account.

4. In the OAuth tokens table, click the refresh icon

   
   of the token to refresh.

5. Select or define a custom expiration date for the token. The default setting is Never expires.

6. Click Refresh token.

7. Copy the token. After closing the refresh token dialog, the token’s value is encrypted and can’t be copied again.

Deleting tokens

If a token is no longer needed or you wish to revoke the access it grants, you can delete it.

1. In the header, click the initials icon and select Settings.

2. Click Members, then select the Service accounts tab.

3. In the service accounts list, select the service account.

4. In the OAuth tokens table, click the delete icon

   
   of the token to delete.

5. Enter the confirmation text and click Delete token.

Disabling service accounts

Disabling a service account lets you revoke the account’s access and permissions without also removing the account from any groups or workspaces to which it was added. When disabling a service account, all OAuth tokens associated with the account are permanently deleted. You can re-enable service accounts later, though previously created API tokens aren’t restored.

1. In the header, click the initials icon and select Settings.

2. Click Members, then select the Service accounts tab.

3. In the service accounts list, click the overflow icon

   
   of the account to disable, then select Disable.

4. Click Disable to confirm.

Deleting service accounts

Deleting a service account permanently deletes the account and all associated tokens.

1. In the header, click the initials icon and select Settings.

2. Click Members, then select the Service accounts tab.

3. In the service accounts list, click the overflow icon

   
   of the account to disable, then select Delete service account.

4. Click Remove to confirm.