> ## Documentation Index
> Fetch the complete documentation index at: https://docs.macstadium.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Orka Cluster: Manage Service Accounts

> Admin guide: create and manage Orka service accounts for CI/CD integrations. Service accounts use 1-year tokens and bypass browser SSO login.

(Admin-only) How to manage service accounts in your Orka cluster.

Service accounts are intended for use with CI/CD integrations. They don't require username/password credentials to log in and let CI/CD integrations bypass the browser login. The tokens for service accounts also have an extended duration of 1 year.

Administrators can manage service accounts only from the Orka cluster.

Administrators can manage users and other administrators only from the Customer Portal. See [Customer Portal: Manage Users](/orka/orka-cluster-access/customer-portal-manage-account-users).

## Before You Begin

1. Connect to your cluster via VPN. See [here](/orka/networking-with-orka-at-macstadium/vpn-connection).
2. [Log in](/orka/orka-cluster-access/orka-cluster-access-the-cluster) as an administrator.

## Create a Service Account

You can create a service account with access to the orka-default namespace or to another custom namespace. You can later add the service account to additional role bindings for other namespaces.

Run the following command:

#### **Orka CLI**

```
orka3 sa create <SERVICE_ACCOUNT_NAME> [--namespace <TARGET_NAMESPACE>]  
```

If `<TARGET_NAMESPACE>` is not provided, Orka creates the service account in the `orka-default` namespace.

#### **Orka API**

```
curl -X 'POST' \  
'http://<ORKA_API_IP>/api/v1/namespaces/<TARGET_NAMESPACE>/serviceaccounts/<SERVICE_ACCOUNT_NAME>' \  
-H 'accept: application/json' \  
-H 'Authorization: Bearer <TOKEN>' \  
-d ''
```

## Obtain a Service Account Token

To use a service account, you need to obtain a token for it. Service account tokens have a lifetime of 1 year.

Run the following command:

#### **Orka CLI**

```
orka3 serviceaccount token <SERVICE_ACCOUNT>
```

#### **Orka API**

```
curl -X 'POST' \  
'http://<ORKA_API_IP>/api/v1/namespaces/<TARGET_NAMESPACE>/serviceaccounts/<SERVICE_ACCOUNT_NAME>/token' \  
-H 'accept: application/json' \  
-H 'Authorization: Bearer <TOKEN>' \  
-H 'Content-Type: application/json' \  
-d '{  
  
}'
```

## Delete a Service Account

You can delete a service account that you no longer need or whose access you want to revoke. This operation invalidates all authentication tokens issued for the respective service account.

Run the following command:

#### **Orka CLI**

```
orka3 sa delete <SERVICE_ACCOUNT_NAME> [--namespace <TARGET_NAMESPACE>]  
```

If `<TARGET_NAMESPACE>` is not provided, Orka tries to delete the service account from the `orka-default` namespace.

#### **Orka API**

```
curl -X 'DELETE' \  
'http://<ORKA_API_IP>/api/v1/namespaces/<TARGET_NAMESPACE>/serviceaccounts/<SERVICE_ACCOUNT_NAME>' \  
-H 'accept: application/json' \  
-H 'Authorization: Bearer <TOKEN>'
```