Service accounts

Available on Asana Enterprise and Enterprise+ tiers, as well as legacy tier Enterprise. Visit our pricing page for more information.

Service accounts are not available to divisions.

Service accounts enable Asana super admins to have complete access to all data in their organization and export it through the Asana API, allowing for more powerful reporting options and building automations and integrations more easily.

Admins can also limit service accounts access to specific uses, such as user provisioning through SCIM. This limited access reduces security risks associated with the API token’s usage.

Find more information on how to use Asana API here.

Use service accounts to:

  • Create periodic data backups
  • Automate user and access management based on your company's policies
  • Provide automation for recurring administrative tasks like team member management and cleaning up inactive projects
  • Add customized business rules triggered by actions within Asana
  • Export your organization's data using the Asana API
  • Build organization-specific integrations between other internal tools and Asana, and much more

Super admins can view the list of service accounts through the Apps tab of their admin console at any time and rename or deauthorize accounts that are no longer needed. You can provide service accounts with a name and profile picture, and action items as you would from a regular user account.

Use service account tokens as organization-level substitutes for Personal Access Tokens.

Adding service accounts

add service account

To add a service account:

  1. Click the Apps tab from with your admin console
  2. Click Service accounts
  3. Click the Add Service account button
From here you can choose scoped or full permissions.Permission scopes window.png
  1. Click scoped permissions to limit access and check the boxes you want the app to have access to. Read more about the scoped permissions below.
  2. Click full permissions to give access to all data.

Scoped permissions overview

User provisioning (SCIM)

This set of permissions allows access to Asana’s system for cross-domain identity management (SCIM) API endpoints. Identity provider integrations use SCIM to manage a user’s lifecycle in Asana, including provisioning and deprovisioning users, updating user attributes in Asana, and syncing Asana team memberships. Read Asana’s SCIM documentation for more detail.

  • Users: Read
  • Users: Create and modify
  • Teams: Read
  • Teams: Create and modify

Exports

This set of permissions is available to Enterprise+ domains and gives access to organization exports and object exports over the API. These endpoints can be used to extract information from Asana and power some Reporting and eDiscovery tools.

  • Organization Export API
  • Object Export API

Audit logs

The Audit logs permission is available to Enterprise+ domains and gives access to the audit log events API endpoint. This API powers Security information and event management (SIEM) tools like Splunk and Sumo Logic which can monitor and alert on suspicious activity in Asana.

Managing service accounts

View of service accounts and permissions.png
Click the three dot icon next to an existing service account and click Edit.Service accounts with full permissions have full programmatic access to your organization's data. Make sure not to hardcode service account tokens into your programs, and regularly review and deauthorize tokens no longer in use.
delete service account
From the Edit service account window, you can save your edits or delete the service account.
You will not be able to log in to Asana as a service account. Service accounts only interact with your organization through the Asana API. 

Was this article helpful?

Thanks for your feedback