> ## Documentation Index
> Fetch the complete documentation index at: https://docs.macstadium.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication and User Management

> orka3 login, user get-token, logout, and service account token commands: the full authentication reference for Orka cluster access and CI/CD automation.

## Logging In

### orka3 login

Log in to your Orka cluster with your MacStadium Customer Portal credentials. This operation launches a browser window with a login form.

**Prerequisites:** You must be an administrator or a member of your company account in the MacStadium Customer Portal. If you can't access the MacStadium Customer Portal, contact your account administrator and request to be invited to the account.

After you log in successfully, Orka generates an authentication token and stores it in `~/.kube/config`.

**Syntax:**

```bash theme={null}
orka3 login [flags]
```

**Options:**

```bash theme={null}
-h, --help   Display help for login
```

**Examples:**

```bash theme={null}
# Log in to your Orka cluster with your MacStadium Customer Portal credentials
orka3 login
```

### orka3 user login

Alternative command for logging in. Functions identically to `orka3 login`.

**Syntax:**

```bash theme={null}
orka3 user login [flags]
```

**Examples:**

```bash theme={null}
# Log in to your Orka cluster
orka3 user login
```

### orka3 user logout

Log out of the Orka cluster.

**Syntax:**

```bash theme={null}
orka3 user logout [flags]
```

**Options:**

```bash theme={null}
-h, --help   Display help for logout
```

**Examples:**

```bash theme={null}
# Log out of your Orka cluster
orka3 user logout
```

## Managing Tokens

### orka3 user get-token

Print your authentication token from `~/.kube/config`. You can use this token to log in to the Web UI or work with the Orka API.

**Syntax:**

```bash theme={null}
orka3 user get-token [flags]
```

**Options:**

```bash theme={null}
-h, --help   Display help for get-token
```

**Examples:**

```bash theme={null}
# Print your authentication token from your ~/.kube/config
orka3 user get-token
```

### orka3 user set-token

Log in with a valid authentication token. This operation lets you bypass logging in through the browser.

You can obtain a token by:

* Printing your authentication token: `orka3 user get-token`
* Generating a service account token: `orka3 serviceaccount token SERVICE_ACCOUNT_NAME`

**Syntax:**

```bash theme={null}
orka3 user set-token VALID_TOKEN [flags]
```

**Options:**

```bash theme={null}
-h, --help   Display help for set-token
```

**Examples:**

```bash theme={null}
# Log in with a valid authentication token
orka3 user set-token VALID_TOKEN
```

## Service Accounts

Service accounts are intended for use by CI/CD integrations and automation. To use the cluster with one of the available Orka integrations, create a service account, obtain an authentication token for it, and configure the token in your preferred integration.

**Admin Only:** All service account operations require administrative privileges.

If `--namespace` is not set, operations default to the `orka-default` namespace.

### orka3 serviceaccount create

Create a service account with the specified name in the orka-default namespace or another specified namespace. After the service account is created, you cannot move it across namespaces.

**Service Account Name Requirements:**

* Does not exceed 253 characters
* Consists of lowercase alphanumeric characters, dashes (-) or periods (.)
* Begins and ends with a lowercase alphanumeric character
* Must be unique to the namespace

After creating a service account, obtain a token for it:

```bash theme={null}
orka3 serviceaccount token SERVICE_ACCOUNT_NAME
```

**Syntax:**

```bash theme={null}
orka3 serviceaccount create SERVICE_ACCOUNT_NAME [--namespace TARGET_NAMESPACE] [flags]
```

**Options:**

```bash theme={null}
-h, --help               Display help for create
-n, --namespace string   (Optional) Namespace scope (default "orka-default")
```

**Examples:**

```bash theme={null}
# Create a service account in the 'orka-default' namespace
orka3 serviceaccount create sa-jenkins

# Shorter alias
orka3 sa create sa-jenkins

# Create a service account in the specified namespace
orka3 sa create sa-jenkins-test --namespace orka-test
```

### orka3 serviceaccount list

List the service accounts in the orka-default namespace or another specified namespace. You can also use this command to check if a specific service account already exists.

**Syntax:**

```bash theme={null}
orka3 serviceaccount list [SERVICE_ACCOUNT_NAME] [--namespace TARGET_NAMESPACE] [--output wide|json] [flags]
```

**Options:**

```bash theme={null}
-h, --help               Display help for list
-o, --output string      (Optional) Output format: table (default)|wide|json
-n, --namespace string   (Optional) Namespace scope (default "orka-default")
```

**Examples:**

```bash theme={null}
# List the existing service accounts in the 'orka-default' namespace
orka3 sa list

# List the existing service accounts for the specified namespace
orka3 sa list --namespace orka-test

# Check if the specified service account already exists
orka3 sa list sa-jenkins

# Check if the specified service account exists in a specific namespace
orka3 sa list sa-jenkins --namespace orka-test
```

### orka3 serviceaccount token

Obtain an authentication token for the specified service account name.

* If `--duration` is not set, the token is valid for 8760 hours (1 year). Orka might return a token with a shorter or longer lifetime.
* If `--namespace` is not set, assumes the service account is in the orka-default namespace.

**Syntax:**

```bash theme={null}
orka3 serviceaccount token SERVICE_ACCOUNT_NAME [--duration DURATION] [--namespace TARGET_NAMESPACE] [flags]
```

**Options:**

```bash theme={null}
--duration duration      Token lifetime in minutes or hours (default 8760h0m0s)
-h, --help               Display help for token
--no-expiration          Create token with no expiration (mutually exclusive with --duration)
-n, --namespace string   (Optional) Namespace scope (default "orka-default")
```

**Examples:**

```bash theme={null}
# Obtain a token for the specified service account
orka3 sa token sa-jenkins

# Obtain a token for a service account in a specific namespace
orka3 sa token sa-jenkins-test --namespace orka-test

# Obtain a token with a custom duration (must be in minutes or hours)
orka3 sa token sa-jenkins --duration 1h

# Create a token with no expiration
orka3 sa token sa-jenkins --no-expiration
```

### orka3 serviceaccount delete

Delete one or more service accounts in the orka-default namespace or another specified namespace.

<Warning>Deleting a service account also invalidates any tokens associated with it. This cannot be undone.</Warning>

**Syntax:**

```bash theme={null}
orka3 serviceaccount delete SERVICE_ACCOUNT_NAME [SERVICE_ACCOUNT_NAME_2 ...] [--namespace TARGET_NAMESPACE] [flags]
```

**Options:**

```bash theme={null}
-h, --help               Display help for delete
-n, --namespace string   (Optional) Namespace scope (default "orka-default")
```

**Examples:**

```bash theme={null}
# Delete the specified service account in the 'orka-default' namespace
orka3 sa delete sa-jenkins

# Delete the specified service account in the 'orka-test' namespace
orka3 sa delete sa-jenkins --namespace orka-test

# Delete multiple service accounts
orka3 sa delete sa-jenkins sa-jenkins-test
```