• In VMware Aria Automation, you may find that you cannot natively create service accounts directly within a Project.
• API tokens are generated on a per-user basis, which presents challenges for teams using Terraform or other CI/CD tools that require a persistent, non-personal "machine" identity for deployments.

• Product: VMware Aria Automation (part of VCF 9.0.2)

• Identity Provider: Entra ID (SAML)

• VCF Automation identity management requires all project members to be valid Users or Groups synchronized from the configured Identity Source (Access Control). API tokens are then bound to these individual identities.

To achieve service account-like functionality for your projects, use the following workaround:

1. Create a Dedicated Identity: In your external identity provider (e.g., Entra ID), create a specific user account intended for service use (e.g., [email protected]).

2. Assign Project Permissions:

   • Log into Aria Automation as an Administrator.

   • Navigate to Infrastructure > Projects.

   • Select your project and add the dedicated service user under the Users tab with the appropriate project role.

3. Generate the API Token:

   • Log into the Aria Automation UI as the new service user.

   • Go to your Profile > API Tokens.

   • Generate a new token and record it securely.

4. Configure Automation: Use this token in your Terraform providers or scripts. This ensures deployments are not tied to an individual employee's lifecycle