Set up a dedicated service account for API keys and tracking
Splunk Intelligence Management integrations and user management allows users to set-up a service account to utilize when configuring with the Splunk Intelligence Management API. This practice enables companies to have a dedicated account for affiliated API keys and tracking.
It is best practice to set up a separate service account for each integration and/or script. This prevents integrations from competing with each other for the per-minute API limit.
Set up a service account
You must be a company administrator to set up a service account.
To create a dedicated service account, follow the steps below.
- Select User Settings on the navigation bar, then select Settings from the dropdown menu.
- Click Users on the Settings menu.
- Click Add User in the Users panel.
- Fill out the fields below:
Field Description Name Create a name that clearly indicates the purpose of the account. For example, if you are going to use this account with a Splunk integration, create an account with first name of Splunk and last name of Integration. This enables you to quickly locate integration accounts, either in the Users panel or when you export the user list to a .csv file. Email address You can't use an email address already credentialed on Splunk Intelligence Management, so either you or your organization's mail administrator must create a new email address. Carrying on with the example above, you can create the email address firstname.lastname@example.org. Role Choose User, not Company Administrator for service accounts. Enclave permissions Settings here depending on the integration, as each integration may require a different level of permission to be used effectively. Splunk Intelligence Management recommends checking the documentation for the integration to understand what permissions levels required to access the enclave for that integration. Choices for this setting are
- No Access
- View Only: Can only see reports but can not create nor modify data for that enclave
- Submission Access: Can submit and see data in the enclave but cannot delete or modify data.
- Full Access: Can read, write, delete, and modify anything in the enclave
- Click Save User to send the new credentials to the email account you specified in step 4 above.
If you change the email address for a service account is updated, you must regenerate the API keys in the Splunk Intelligence Management Web App.
Example Splunk service account
The following screenshot show an example Splunk service account.
Activity on a service account is counted against your organization's user limit. To discuss increasing this limit, contact your Splunk Intelligence Management account executive.
To read more on user management, see the Managing Users article.
Set up multi-factor authentication to secure access to your Splunk Intelligence Management environment
Update your user settings
This documentation applies to the following versions of Splunk® Intelligence Management (Legacy): current