Service Accounts

Service Accounts allow for programmatic access to strongDM resources. This is useful for continuous-integration pipelines, extract-transform-load jobs or any automated function that would need resource access. To create service accounts, you'll need to have admin access to the strongDM Admin UI.

Creating new accounts

Creating a service account can be done from the Users page

  1. Click the add service button
  2. Enter a name
  3. Click create
  4. Copy the token somewhere safe, you won't be able to see it again.

Granting access to resources

On the Users page, you can see both user accounts and service accounts. Service accounts are marked with a service tag. They are granted access to resources in the same way user accounts, either directly or by inheritance.

Direct Access Grants can be assigned to accounts when they reside in No Role. Click the service name to reveal its configuration, here you will see resources separated in tabs by type. Click on any resources that you wish to grant to the account.

Inherited Access occurs when service accounts are assigned to a Role. Roles work the same for service accounts as they do for user accounts. Any grants assigned to a role are inherited by all members of the role.


Now that you have a service account token, you need to get it into your environment to use.

Auto connect

For fully automated configurations, you will want to enable auto-connect to ensure your clients are connected by default. Auto-connect is dependant on port overrides being enabled and can be configured from the same settings panel. Settings > Port Overrides

General Usage

With auto-connect disabled, usage mimics regular user accounts. Once authenticated users will specify which resources they wish to connect to via the CLI or GUI.