Idea ID: 2843691

Server Automation: Option to disable access to the SA Client, but still allow API access

Status : New Idea
10 months ago

Background: In addition to regular user accounts, we have a number of user accounts which are solely for integration between 3rd party tools and Server Automation.  Those tools do not need to log into the SA Client, only make API calls.

For auditing purposes, we are required to report on all user accounts to all of our applications, and we're required to classify whether the are are "interactive" or "non-interactive".  It would seem intuitive that these integration accounts should be classified as "non-interactive", however for auditing purposes we are required to prove that someone can't "log onto" the application using the account.  That proof usually consists of a screenshot showing an error message at the login dialog saying the user does not have access to log in, or a screenshot of a setting screen that shows that login is disabled.

As a technical user, I understand that the SA Client is simply an interface layer that is ultimately making API calls on the back end.  However, from an auditor's perspective, anything that facilitates human interaction is considered "interactive".

Adding the ability to restrict SA Client login but still allow API access would allow us to satisfy this auditing requirement for these 3rd party integration accounts.

Labels:

Server Automation
Security