Modifying and deleting service accounts
You can modify the settings for Access Management service accounts, including each account's client secrets and roles. In addition, you can delete a service account if it is no longer in use.
Before you begin
Before making changes to service accounts, it is important to know that accounts can be added to Access Management either through the user interface or programmatically using bootstrap files (one per application API). The bootstrap files contain predefined data for the environment, including definitions of applications, roles, and service accounts.
There are different approaches to using the bootstrap, which can affect how and whether you should update the data through the user interface.
- Scenario A: The bootstrap files are used for a one-time quick setup and then removed from Access Management's configuration. In this scenario, you can update and delete service accounts through the user interface with no special considerations.
- Scenario B: The bootstrap files are used for initial setup but also kept in place to update the environment each time Access Management restarts. If this is the case, we advise that you make all changes in the bootstrap file rather than in the user interface.
- If you edit a setting that is also defined in a bootstrap file, the setting will not be overwritten by the bootstrap data. Existing data in defined in the user interface will remain as is.
- If you delete a service account that is defined in a bootstrap file, you must delete the service account from the bootstrap file and also in the user interface. If you delete a service account only in the user interface, it will return after the next system restart. If you delete the account only in the bootstrap file, it will remain in the user interface.