Service Account Setup
Accessing the Service Account Section
To create a Service Account:
Log in to Launchpad.
Go to Client Management
Click on Service Account.
Creating a New Service Account
To create a new service account:
Click on “+ Add Services”
Enter a Name for your service account.
Select the Credential Type
- Private JWT
- Client SecretAdd a Description.
Select the Site/s where the service account should have access:
Choose All Sites or a Specific Site.
Click Save to finalize the setup.
For improved security, it is recommended to use Private Key JWT over the traditional Client Secret
method. Private Key JWT avoids transmitting shared secrets over the network and uses
asymmetric cryptography, making it more suitable for secure, automated, or production-grade
client authentication scenarios.Generating and Managing Keys
Click Generate Private Key
Choose to:
Generate a new key, or
Paste your own key in JSON Representation
When generating a key, both a Public Key and a Private Key will be created. The Private Key is shown only once and we do not store or save it. Ensure you copy and store it safely.- Use the Copy button to quickly store the key in a secure location.
Click Save to complete the key setup.
Key and Account Management Options
Multiple Keys per Service Account
A single service account can have multiple keys.
Each key can have its own expiration date and notification settings.
Click on the 3 dots icon at the far right of the key row.
Select Edit from the drop down menu.
Expiration and Notifications
Configure how long a key is valid.
Specify notification recipients to be alerted before expiration.
Key Lifecycle Actions
Disable a key to revoke its access temporarily.
Re-enable a disabled key if needed.
Delete a disabled key to remove it permanently.
Service Account Lifecycle
Similar actions apply to the service account itself:
Disable the account.
Delete it after disabling it.
Service Account Permissions
You can customize the permissions set for each Service Account created. This enables better security, allows developers to manage specific scopes per integration, and provides visibility into who is doing what across different services.
Granular Permissions with Access Levels
Below are some examples of available scopes:
Read Buildings (Required for all other permissions to function)
Read Devices, Add Devices
Read Building Areas
Read Point Metadata, Add Points, Write Points
Read Timeseries, Create Timeseries
Each permission can be enabled independently to give developers just the right level of access needed for their integrations.
Steps to Review and Customize Permissions
Go to the specific Service Account you want to manage.
Click on the Permissions tab to view the current available permissions.
By default, no permissions are enabled for new Service Accounts.
Click the Edit button at the top right of the page to begin customizing.
Use the checkboxes to enable Read or Write permissions for each group (e.g., PointsPublic,
TimeseriesPublic, DevicesPublic, etc.).
Once your desired permissions are selected, click Save at the bottom right corner of the screen.
You can quickly identify which sections have active permissions by checking the color indicators:🟢 Green = Read enabled
🟠 Orange = Write enabled
Review and Add Sites to Service Account
To review and add additional sites for a specific Service Account, follow these steps:
Go to KODE OS.
Click on Settings from the main left sidebar.
Click on Users.
Search and select by Service Account name.
Click on Buildings at the top right of the page.
Existing sites will show up on the list.
To add more sites click + Assign Buildings.
Select the sites that you want to add.
Click on Save.
Conclusion
The Service Account feature in Launchpad allows you to securely manage system integrations and control access through keys and permissions. Proper setup and key management ensure secure and streamlined API interactions.
Related Articles
Tutorial: Get started: Activate your KODE OS account and explore Launchpad
Welcome to KODE OS! This tutorial helps new users activate their accounts, set up their passwords, and sign in to Launchpad for the first time. Launchpad serves as the central hub for KODE OS, providing access to all features and management tools. ...Activate your account
In order to begin using KODE OS you need to set up and activate your account. To activate your account, Once your account is created you will receive an email with instructions to set up your account. You will need to set up your password in order to ...Single Sign-On (SSO)
KODE Labs platforms use industry standard procedures for active SSO integration. This enables organizations to integrate their existing authentication platforms with their KODE Labs organization in order to have SSO functionality. If your KODE Labs ...Navigate Launchpad as a User
Launchpad is an integral component of KODE OS. Any instance or user can be added, changed, or deactivated in a matter of seconds. Sign in and Authentication In order to sign in to your instance of Launchpad, you need to access a link that is provided ...Authentication & Security
The Authentication & Security panel is available via Security Settings. There are three tabs: MFA, Password, and Timeout Settings. Multifactor Authentication (MFA) Upon your initial sign in to an account using a new device or application, the MFA ...