[docs] Service account: add doc (#314)

docs/administration/users.md

@@ -74,7 +74,37 @@ You can manage the users in `Settings > Security > Users`. If you are using [Sin
 
 To create a user, just click on the `+` button:
 
-![Create user](assets/create-user-new.png)
+![Create user](assets/create_user.png)
+
+# Service Account
+
+Service Account aims administrators to create technical users. Service accounts do not have any password which therefore prevent them from logging in via UI.
+
+## Create a Service Account
+It is possible to create `Service accounts`. These accounts are specifically designed for technical users, such as connectors.
+
+When creating a service account, an email address is automatically generated for the `Service account` if not provided by the user who creates the service account. A password is automatically generated for the `Service account` and it is not stored in the database. Technical users like connectors will authenticate using their API tokens.
+Although these accounts generally do not receive emails, it is possible to add a personalized email.
+
+## Main difference between a Service Account & a user
+
+- A Service Account will be considered to belong to the platform's organization to ensure it can access the data: service account when logging in, will be considered as users of the main platform organisation, in addition of their current organization. This will be done by manually adding **the platform org to the user's session**. It will not be possible to change this behavior. Therefore, even if you change your main platform organization, your service account will always be considered to be part of the main platform organisation, ensuring that you do not have any issue ingesting data. Removing your platform org will ensure that your service account does not belong anymore to the platform organisation, unless a specific relation between the organisation and the service account has been created.
+- A Service Account will not be able to log in via Email & Password since the password of the service account will not exists in DB.
+- A service account will not be able to receive emails.
+
+## Convert a User into a Service Account & vice-versa
+
+It is possible to convert a user into a service account and ice-versa.
+Two options are possible:
+- through massive operations.
+- directly in the user/service account overview.
+
+![Convert User](assets%2Fconvert_user.png)
+
+Converting a user into a service account will simply remove its password from our Database. The "new" service account will still have the same ID & same Token than the user, to preserve data consistency.
+
+Converting back a service account into a user will also be possible. However, if the service account has directly been created as a service account without adding a specific email address, the "new" user won't be able to trigger a password reset flow to get a new password. We therefore advise you to first provide a valid email address to your "new" user, so that the "new" user can trigger the reset password flow by himself/herself.
+
 
 ### Manage a user
 

docs/usage/import/csv-feed.md

@@ -5,16 +5,16 @@ CSV feed ingester enables users to import CSV files exposed on URLs.
 <a id="best-practices-section"></a>
 ## Best practices
 
-In OpenCTI, the "Data > Ingestion" section provides users with built-in functions for automated data import. These functions are designed for specific purposes and can be configured to seamlessly ingest data into the platform. Here, we'll explore the configuration process for the five built-in functions: Live Streams, TAXII Feeds, TAXII Push, RSS Feeds, and JSON/CSV Feeds.
+In OpenCTI, the "Data > Ingestion" section provides Service accounts with built-in functions for automated data import. These functions are designed for specific purposes and can be configured to seamlessly ingest data into the platform. Here, we'll explore the configuration process for the five built-in functions: Live Streams, TAXII Feeds, TAXII Push, RSS Feeds, and JSON/CSV Feeds.
 
 Ensuring a secure and well-organized environment is paramount in OpenCTI. Here are two recommended best practices to enhance security, traceability, and overall organizational clarity:
 
-1. Create a dedicated user for each source: Generate a user specifically for feed import, following the convention `[F] Source name` for clear identification. Assign the user to the "Connectors" group to streamline user management and permission related to data creation. Please [see here](../../deployment/connectors.md#connector-token-section) for more information on this good practice.
+1. Create a dedicated Service account for each source: Generate a technical user (or Service account) specifically for feed import, following the convention `[F] Source name` for clear identification. Assign the Service account to the "Connectors" group to streamline user management and permission related to data creation. Please [see here](../../deployment/connectors.md#connector-token-section) for more information on this good practice.
 2. Establish a dedicated Organization for the source: Create an organization named after the data source for clear identification. Assign the newly created organization to the "Default author" field in feed import configuration if available.
 
-By adhering to these best practices, you ensure independence in managing rights for each import source through dedicated user and organization structures. In addition, you enable clear traceability to the entity's creator, facilitating source evaluation, dashboard creation, data filtering and other administrative tasks.
+By adhering to these best practices, you ensure independence in managing rights for each import source through dedicated service account and organization structures. In addition, you enable clear traceability to the entity's creator, facilitating source evaluation, dashboard creation, data filtering and other administrative tasks.
 
-Under Settings > Policies, you can now define a default group for the ingestion user, allowing you to create a specific user when setting up the CSV Feed.
+Under Settings > Policies, you can now define a default group for the ingestion user, allowing you to create a specific Service accounts when setting up the CSV Feed.
 
 ![Select default group in settings](../assets/settings_default_group.png)
 
@@ -35,7 +35,7 @@ Here's a step-by-step guide to configure Csv Feeds:
 
 Additional configuration options:
 
-- User responsible for data creation: Define the user responsible for creating data received from this CSV feed. Best practice is to dedicate one user per source for organizational clarity by clicking on "Create automatic user". The name is not editable (unless you change the feed's name) but you must define a confidence level (between 0 and 100) to set this confidence to the user that will be automatically created. _Important_ : before clicking on "Create automatic user" you must define a default group for ingestion users, in the Settings part.
+- Service account responsible for data creation: Define the Service account responsible for creating data received from this CSV feed. Best practice is to dedicate one Service account per source for organizational clarity by clicking on "Automatically create a service account". The name is not editable (unless you change the feed's name) but you must define a confidence level (between 0 and 100) to set this confidence to the Service account that will be automatically created. _Important_ : before clicking on "Automatically create a service account" you must define a default group for ingestion users, in the Settings part.
 - Description
 
 ![csv-feeds-creation.png](../assets/csv-feeds-creation.png)