docs: service accounts (#2881)

https://linear.app/unleash/issue/2-545/documentation-service-accounts

-
[reference/service-accounts](https://unleash-docs-git-docs-service-accounts-unleash-team.vercel.app/reference/service-accounts)
-
[how-to/how-to-create-service-accounts](https://unleash-docs-git-docs-service-accounts-unleash-team.vercel.app/how-to/how-to-create-service-accounts)

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>

website/docs/how-to/how-to-create-service-accounts.mdx

@@ -0,0 +1,45 @@
+---
+title: How to create service accounts
+---
+
+:::info availability
+
+Service accounts is an upcoming enterprise feature, and is scheduled to become available in one of the next few releases.
+
+:::
+
+[Service accounts](../reference/service-accounts.md) enable Unleash admins to create accounts that act as users and respect the same set of permissions, however they do not have a password and cannot log in to the Unleash UI. Instead, they are intended to be used to access the Unleash API programatically.
+
+## Step 1: Navigate to the service accounts page {#step-1}
+
+Navigate to the _service accounts_ page in the admin UI (available at the URL `/admin/service-accounts`). Use the _settings_ button in the navigation menu and select "service accounts".
+
+![The admin UI navigation settings submenu with the Service accounts item highlighted.](/img/service-account-1.png)
+
+## Step 2: Click the "new service account" button {#step-2}
+
+Use the "new service account" button to open the "new service account" form.
+
+![The "service accounts" table with the "new service account" button highlighted.](/img/service-account-2.png)
+
+## Step 3: Fill in the service account form {#step-3}
+
+Give your new service account a name. After leaving the name field, the username field is pre-filled with a suggestion based on the name you entered, but you can change it to whatever you like.
+
+Select a [global role](https://docs.getunleash.io/reference/rbac#standard-roles) for your service account, which will define what your new service account will be allowed to do. The roles that you can assign to service accounts are the same ones that are available for regular users.
+
+![The service account form filled with some example data, and the "add service account" button highlighted at the bottom.](/img/service-account-3.png)
+
+You can optionally generate a token for the new service account right away. Give your token a description and optionally set an expiry date. By default the expiry date is set to 30 days. The token will be generated when you submit the form.
+
+![The service account form with the token section highlighted and the "generate a token now" option selected](/img/service-account-4.png)
+
+![The token details with the "copy token" element highlighted.](/img/service-account-5.png)
+
+## Managing service account tokens
+
+You can later manage service account tokens by editing the respective service account. This allows you to add new tokens to that service account or delete existing ones.
+
+![The service account table with the "edit" button highlighted.](/img/service-account-6.png)
+
+![The service account form with the tokens table highlighted](/img/service-account-tokens.png)

website/docs/reference/service-accounts.md

@@ -0,0 +1,33 @@
+---
+title: Service accounts
+---
+
+:::info
+
+Service accounts is an upcoming enterprise feature, and is scheduled to become available in one of the next few releases.
+
+:::
+
+Service accounts are accounts that act as normal Unleash users and that respect the same set of permissions, but that don't represent real users. These accounts do not have a password and cannot log in to the Unleash UI. Instead, they are intended to be used to access the Unleash API programmatically, providing integrations an identity.
+
+![Service account table](/img/service-account-table.png)
+
+Use service accounts to:
+
+- Provide a user-like identity to an integration or automation and manage it within Unleash
+- Give access to the Unleash API without giving access to the Unleash UI
+- Provide more fine-grained permissions than an admin token provides
+
+In order to create a service account, you can follow the [how to create service accounts](../how-to/how-to-create-service-accounts.mdx) guide.
+
+## Service account tokens
+
+Service account tokens allow service accounts to use the Admin API as themselves with their own set of permissions, rather than using an admin token. See [_how to use the Admin API_](../how-to/how-to-use-the-admin-api.md) for more information.
+
+These tokens act just like [personal access tokens](./api-tokens-and-client-keys.mdx#personal-access-tokens) for the service accounts, except that they are managed by Unleash admins.
+
+When using a service account token to modify resources, the event log will display the service account name for that operation.
+
+Service account tokens can be managed by editing the respective service account: 
+
+![Service account tokens](/img/service-account-tokens.png)

website/sidebars.js

@@ -68,6 +68,7 @@ module.exports = {
                     items: [
                         'how-to/how-to-create-api-tokens',
                         'how-to/how-to-create-personal-access-tokens',
+                        'how-to/how-to-create-service-accounts',
                         'how-to/how-to-use-the-admin-api',
                         'how-to/how-to-enable-openapi',
                     ],
@@ -327,6 +328,7 @@ module.exports = {
                         'reference/projects',
                         'reference/rbac',
                         'reference/segments',
+                        'reference/service-accounts',
                         'reference/sso',
                         'reference/stickiness',
                         'reference/strategy-constraints',