Identifying Service Accounts

Learn how to identify service accounts within your Reltio environment, a critical step in transitioning to client credentials.

Identifying service accounts within your Reltio environment is a critical step in transitioning to client credentials. This process can be performed manually or semi-automatically, and this page provides detailed instructions for both methods.

Identify non-SSO Users
Review your user list to identify users who were manually created in Reltio and are currently non-SSO users.
- From the UI, see Managing User Accounts to review all your users and identify non-SSO users by looking at the SSO column (SSO=N).
- From API, with Get Users, you can get all your users with a single API call. You will see a JSON definition for each user. Users with the attribute externalUser=false are your non-SSO users.
Review each user to determine if they are service accounts
Manually review the identified non-SSO users to confirm if they are service accounts.
Track and document service accounts manually
We recommend adding each identified service account to the group SERVICE_ACCOUNTS for tracking and allowing for a temporary MFA exemption.
- From the UI, follow the steps described in Working with Existing User Accounts and assign the user to the group “SERVICE_ACCOUNTS”.
  - If the group does not exist, you can create a new group called SERVICE_ACCOUNTS. Make sure you don’t add any roles to this group. We will use it only as a reference to exclude these service accounts from MFA.
- From API:
  - Get the current user definition as described in View User.
  - Identify the groups attribute and add SERVICE_ACCOUNTS in it.
  - Update the user definition with this API endpoint.
Review temporary exemption process
Note: We plan to enhance our UI to flag service accounts, but this feature is currently under development.
Note:
ROLE_ADMIN_CUSTOMER is required to perform these operations.

Semi-Automatic Identification

Reltio offers semi-automatic identification of service accounts through behavioral analysis of login patterns. This method classifies users based on their login behavior.

Behavioral Analysis: we perform behavioral analysis on login patterns. Users identified as potential service accounts should be assigned to the SERVICE_ACCOUNTS group.
Exclusion from MFA: Users in the SERVICE_ACCOUNTS group will be temporarily excluded from the MFA process.
Detailed Reporting: If needed, we can provide a report detailing the behavioral analysis. This report classifies users as potentially automation, potentially human, or both.

Behavioral Analysis Report Sample

Below is a sample of what the behavioral analysis report might look like:


User	Email	SSO	Enabled	First Login Date	Last Login Date	Active Days	Total Logins	Avg Logins Per Day	Human Login Count	SSO Logins	Login Pattern	Criteria
data_sync	data_sync@fakecompany.com	FALSE	TRUE	2024-01-01	2024-07-31	91	142765	411.426513	0	0	automation	High activity, low/none human logins in 90 days
backup_service	backup_service@fakecompany.com	FALSE	TRUE	2024-02-06	2024-07-30	62	9853	108.2747253	0	0	automation	High activity, low/none human logins in 90 days
api_connector	api_connector@fakecompany.com	FALSE	TRUE	2024-01-01	2024-07-31	91	17961	65.79120879	0	0	automation	High activity, low/none human logins in 90 days
report_generator	report_generator@fakecompany.com	FALSE	TRUE	2024-01-01	2024-07-31	13	20	1.111111111	0	0	unknown	No matching criteria
john.doe	john.doe@fakecompany.com	FALSE	TRUE	2024-02-01	2024-06-07	5	5	1	5	0	human	At least one human/SSO login, no automation pattern
jane.smith	jane.smith@fakecompany.com	TRUE	TRUE	2024-04-29	2024-04-30	2	2	1	2	2	human	At least one human/SSO login, no automation pattern

If you require additional assistance or guidance, then please contact us. See topic Need some help?

Accelerate the Value of Data

Identifying Service Accounts

Footer