My organization is using parent and sub-account pattern with SAML enabled at parent.
This means all my users must authenticate towards my enterprise identity.
My user id is enabled at parent as I am admin “globally” and at the same time I am responsible for a sub-account too operationally for my business unit.
I want to create an API key so that other users (different sub-account) can create alerts from the my sub-account data. I want to achieve this by having a user id with “alert manager” only.
My possible options:
- Reuse my userid in the sub-account - this is risky 'cos I am admin for the sub-account.
- Constraint my user id in the sub-account to “alert manager” only - this is constraining myself not able to do other operations.
- Create another user “e.g. robot” in the sub-account - but I am not able to see the API keys.
Can you please comment what is the best way to create a user that is restricted to “alert manager” and I can have the api keys for that user?