Gateway service accounts

​

Two types of service accounts

• Created and managed entirely within Gateway using the admin API
• No external identity provider required
• Gateway generates credentials with configurable time-to-live
• Ideal for sharing data with external partners without managing a separate identity provider
• Only available in Gateway-managed authentication mode

• Managed by external identity providers (OIDC, mTLS certificates)
• Can be mapped to friendly names in Gateway for better readability
• Original identity from provider (like Azure UUID) is preserved but aliased
• Used when integrating with existing enterprise identity systems
• Works in both Gateway-managed and Kafka-managed modes

​

Benefits

• Flexible identity management: choose between self-managed or provider-managed identities
• Simplified access control: apply ACLs and Interceptors using friendly names
• Audit trail: all service account activity logged in Gateway audit logs
• Virtual Cluster association: link service accounts to specific Virtual Clusters for multi-tenancy

​

Related resources

• View Gateway service account reference
• Manage service accounts and ACLs using Console
• Manage service accounts using Gateway
• Gateway authentication and authorization
• Give us feedback/request a feature