Service Accounts - Access Tokens uncoupled from users

Created by: DaedalusG

Feature request description

Many Sourcegraph users would like access to the ability to create a service account, or generate Sourcegraph access tokens uncoupled from a user account.

Is your feature request related to a problem? If so, please describe.

• Access tokens can currently only be generated by user accounts, making it harder to track tooling which programmatically consumes the Sourcegraph API. For instance via a src-cli client running a search on a chronjob.
• Creating a service account user to provide access tokens from takes up a seat of license usage. (This is currently the advised practice)
• Managing integrations and services that are associated to users can present operational challenges when users move jobs and must be removed from a Sourcegraph instance.

Describe alternatives you've considered.

Create an access token from a Service Account User (this doesn't get around headcount concerns)

Additional context

I'm opening this issue as a placeholder in addition to other feature request tracking tooling. Anecdotally it seems like theres a lot of desire for the ability to create a service account or have access tokens that are unbound from user. For Sourcegraph team members below are some links to requests in this area:

https://sourcegraph.slack.com/archives/C02M9ASQ2LC/p1660341571051619 https://sourcegraph.slack.com/archives/C0338UN8GKZ/p1660255874644769 https://sourcegraph.slack.com/archives/C01EJ09NR8S/p1660328548603729 https://sourcegraph.slack.com/archives/C01S5DM6NG7/p1652202871264599 The above three requests were all fielded in the same week. I know that further requests have been presented in the past, but I don't have time to track them down 😢

/cc @sourcegraph/iam