^{Translated with DeepL.com}

KIT service account
A KIT service account is used to uniquely identify a service in the IT environment of an organizational unit (OU).
For this purpose, the OU administrator / ITB or the OU management applies for a neutral service account for a service, under which this service can then be executed.

Contact:servicedesk@scc.kit.edu

General information

A KIT service account (also KIT service account) makes it possible to establish services in an OU's IT environment using a separate account. This means that a service account is not considered a "personal account", but is in any case assigned to both an organizational unit and a responsible owner.

These accounts are required if, for example, central services of the SCC are to be used, such as when a scanner is to automatically save documents in a folder on the central file servers of the SCC.

It is recommended to set up a separate service account for each service.

Such an account cannot be renamed at a later date; instead, please set up a new account and then change the service.

General case

All service accounts receive an entry in the central directory services of the KIT and are automatically assigned to the group "OE-Users-IDM" of the respective organizational unit. The setup of resources for this account must be ordered separately, e.g. databases or similar. The administration of the account, e.g. the assignment of authorizations in the group administration, is carried out by the responsible ITB of the OU.

To facilitate assignment, the name of a service account always begins with the abbreviation of the organizational unit and ends with a consecutive number, e.g. "OU-Scanner-0001", "OU-Scanner-0002", "OU-Printer-0001".

Setup/commissioning

Request by sending an e-mail to the SCC Service Desk. ITBs can apply for a service account directly using the application form.

The following information is required: OU abbreviation, service name, responsible owner of the account, KIT login of the ITB of the OU (i.e. the applicant), short description of the service to be established under this account, e.g. "Service account for fax server" or "Network scanner" ...

Once the service account has been entered, the ITB distribution list of the requesting OU receives an e-mail with the important parameters of the account and how, for example, the password can be changed.

Unsubscribe

Information about the deregistration / deactivation is also sent to the SCC Service Desk via the ticket application form, which then blocks the corresponding account.

Special cases

Service accounts for websites (web service accounts)

For websites that are operated on the central web servers of the KIT, for example when using OpenText, a service account is mandatory for operation and is considered part of the service.

Therefore, setting up and decommissioning the web service account goes hand in hand with setting up and decommissioning the service.

Since March 2024, the naming scheme for new web service accounts is "SVC-web-00001", so the abbreviation of the organizational unit is not part of the name. The assignment is created as an attribute in the directory services. In addition to its own unixUidNumber, each account also receives its own group according to the scheme "SVC-WEB-00001-g" with its own unixGidNumber and is not automatically assigned to the OU groups. This improves security and makes it easier to switch between organizational units or rename organizational units.

Each web service account is assigned a person responsible for the account, which can currently only be changed by the ServiceDesk.

When using the "Request for virtual web server" form, a web service account is also set up automatically; such an account cannot be requested independently.

A special deregistration of a web service account is not possible without simultaneously decommissioning the web presence provided by this account. Please therefore first contact webmaster@kit.edu to cancel the service and the associated account.

Included services

Entry as a separate account in KIT-AD and KIT-LDAP with its own user ID (unixUidNumber) and the corresponding unixGidNumber. The account is added to the global AD group "Domain Users".

Services not included

No administration of the account, i.e. no adjustments to the "neutral" account by SCC, the ITB of the organizational unit is responsible for this. There is no KIT.edu e-mail address / KIT e-mail inbox associated with this account.

Organizational requirements

Applicant must be the ITB of the requesting OU

Technical requirements

OU must also be available as an organizational unit in the Active Directory.