> ## Documentation Index
> Fetch the complete documentation index at: https://docs.conduktor.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Gateway service accounts

> Manage Kafka client identities in Conduktor Gateway. Use local service accounts for isolated access or external accounts from OIDC, mTLS.

<Tooltip tip="A Kafka proxy that deploys extensible plugins for encryption, filtering, and data processing.">Gateway</Tooltip> service accounts are identities used to authenticate clients connecting to Conduktor Gateway.

## Two types of service accounts

Gateway supports two types of service accounts, each suited for different use cases:

**Local service accounts**

* Created and managed entirely within Gateway using the admin API
* No external identity provider required
* Gateway generates credentials with configurable time-to-live
* Ideal for sharing data with external partners without managing a separate identity provider
* Only available in Gateway-managed authentication mode

**External service accounts**

* Managed by external identity providers (OIDC, mTLS certificates)
* Can be mapped to friendly names in Gateway for better readability
* Original identity from provider (like Azure UUID) is preserved but aliased
* Used when integrating with existing enterprise identity systems
* Works in both Gateway-managed and Kafka-managed modes
* In Kafka-managed mode, external service accounts can rename identities and be referenced in Interceptors

## Benefits

* **Flexible identity management**: choose between self-managed or provider-managed identities
* **Simplified access control**: apply <Tooltip tip="Access Control List.">ACLs</Tooltip> and <Tooltip tip="Conduktor Interceptors are Gateway plugins that transform and manipulate data.">Interceptors</Tooltip> using friendly names
* **Audit trail**: all service account activity logged in Gateway audit logs
* **Virtual Cluster association**: link service accounts to specific <Tooltip tip="A logical representation of a Kafka cluster in Gateway.">Virtual Clusters</Tooltip> for multi-tenancy

## Related resources

* [View Gateway service account reference](/guide/reference/gateway-reference#gatewayserviceaccount)
* [Manage service accounts and ACLs using Console](/guide/manage-kafka/kafka-resources/service-accounts-acls)
* [Manage service accounts using Gateway](/guide/tutorials/manage-gateway-service-accounts)
* [Gateway authentication and authorization](/guide/conduktor-concepts/gateway-authentication-authorization)
* [Give us feedback/request a feature](https://conduktor.io/roadmap) <Icon icon="up-right-from-square" />