Service Accounts

The service account is used by projects to facilitate automation. For example, a project would configure a Bamboo build pipeline to access other Secure DevOps (SDO) resources (Bitbucket, Artifactory) using the service account instead of a user account. By using the service account projects can control access to resources (i.e. allow project users to fetch artifacts but not upload artifacts, but allow the service account to upload/create artifacts). This way they have known provenance for all the artifacts that have been generated in their repositories.

The service account is a member of a Leidos Active Directory (AD) group so each application can take advantage of the AD group when applying permissions within the application. For example in Bitbucket the service account may be able to fetch source code but not commit source code, or the service account could push artifacts to repositories in Artifactory, but normal users can only pull artifacts.

The project designates two responsible parties, primary and secondary, for managing the service account credentials.  Check with your project lead for service account credentials.

Benefits:

• Build plans can be automated to access resources based on the service account and not a project user.
• As users transition from project to project or separate from Leidos, service accounts simplify user management.

1. When service accounts expire (annually)
2. Who will be notified the service account is expiring (account owner via Splunk email alert from: Splunk-EMGTalerts@splunk.leidos.com)
3. How to reset the password (link to Leidos Password Manager below) here: https://prism.leidos.com/technology/cio_services/authentication_and_access/leidos_username_password_accounts/leidos_username__password_accounts_folders/leidos_password_manager_service_accounts_qrcdocx

Additional policy details for the Service accounts can be found SDO-PO-005 Service Accounts Policy.