To Create a Workload Identity Management or Discovery Agent Built-in Account

1. Sign in to Next-Gen Trust Security.
2. Click System Settings > Built-in Accounts.
3. Click New.
4. Choose the desired use case from the Use case list, and click Continue. The use cases available for you to choose depend on which Next-Gen Trust Security components you have licenses for.
5. Enter a Name for your new built-in account.
6. (Conditional) Enter the number of days for which you want the account to remain valid in the Validity (days) field. You can select any number from 1 to 365 days. This step doesn't apply when creating a Custom API Integration built-in account.
7. Select the desired Scope, and click Continue. Learn more
8. Select one of the following key generation options as required:
   1. Click the Auto-generate a keypair and download the private key radio button, and click Create.
   2. In the Credentials section, copy the public and private keys.
      Important: Copy and store this private key securely as it cannot be recovered if lost. This is your only opportunity to copy this private key.
      Or:
   3. Click the Generate your own keypair and upload the public key radio button, and click Continue.
   4. In the Credentials section, provide the public key corresponding to the private key that your service will use. For your public key to be valid, it must be in PEM format and no longer than 2000 characters. The supported key algorithms are:
      • RSA in 2048, 3072, or 4096 key lengths
      • ECDSA: P256, P384, or P521
      • EDDSA: ED25519
9. Click Finish to create the built-in account and return to the Built-in Accounts page.

Related Links

• Toggling Built-in Accounts on or Off
• Editing Built-in Account Settings
• Deleting Built-in Accounts
• Overview of Built-in Accounts

• Reference: Service Account API endpoint
• Reference: creating built-in accounts