Service Accounts

Service accounts in Noorle are non-human identities designed for programmatic access to the platform. They provide a secure way for applications and services to interact with Noorle's APIs without relying on user accounts.

Key Features

• Programmatic Access: Authenticate applications and services securely via service accounts.
• API Key Management: Each service account can manage multiple API keys, used for authenticating API requests.
• Granular Permissions: Service accounts use a grant-based permission model for fine-grained control.
• Resource-Specific Permissions: Permissions can be scoped to particular resources, such as Agents and MCP Servers.

Permission Model

• Service accounts are created with a default role of Restricted, meaning no permissions by default.
• Permissions must be explicitly granted to each service account.
• Permissions are defined at two levels:
  • Read: View access to a resource.
  • Write: Full access, including read, write, create, delete, and execute.

API Key Management

• Each service account can have multiple API keys.
• Keys include metadata such as label, expiration date, and optional rate limits.
• Keys are displayed only once at creation for security — users can copy them immediately.
• Keys can be deleted individually if compromised or no longer needed.

Managing Service Accounts

The Noorle console provides a simple interface for service account management, found under Settings → Service Accounts.

Available Operations

• Create service accounts with a name and optional description.
• List all service accounts associated with an account.
• Edit details such as name and description.
• Activate or deactivate service accounts.
• Manage API keys directly from the service account's view.

Configuring Permissions

Service account permissions can be configured in two modes:

1. Full Access
   • Grants Write access to all resources (all Agents and MCP Servers).
2. Restricted Access
   • Assign specific permissions (Read, Write, or None) per resource.
   • Configure access interactively through the console using resource selectors and permission toggles.
   • Permissions can be updated dynamically as project needs evolve.

Security Model

Noorle follows strict security best practices for service accounts:

1. Principle of Least Privilege: Service accounts always start with no access (Restricted) and must be granted explicit permissions.
2. Explicit Grants: Permissions are tied to specific resources and must be assigned intentionally.
3. Resource Scoping: Access can be controlled at the level of individual Agents and MCP Servers.
4. API Key Security: Secrets are shown only once at creation and stored securely (hashed) in the backend.
5. Account Isolation: Service accounts are bound to a single account and cannot span multiple accounts.

Next Steps

• API Keys - Detailed API key management
• Team Management - Managing users and principals
• MCP Gateway - Configure your gateway