To automate aspects of DX-APM SaaS tenant configuration we need to make APIs calls with a token linked to a service account (a service account is not tied to a specific user). The tenant is configured to use SSO authentication and therefore the only accounts that can authenticate are personal accounts.
The DX-APM Settings > Security UI only appears to let user create a token linked to their own account. Is it possible to create a token related to another account? If so, how would roles for a service account be configured, since roles a user holds for any session are defined by the roles the SSO SAML response when user's session starts and I assume that an API call with a valid token is not passed to IdP for authentication.
Release : SAAS
The DX OI 'SERVICE-ACCOUNT-USER' is not a special case. It will only be treated as a USER role in APM. For admin tasks that require Admin roles privileges via API in APM side you would need to generate a token from a Tenant Admin account.
Public API tokens inherit the user id and privilege of the user which created them