We have some Rally accounts that we use as "service accounts" for the generation of API keys and we're about to implement Ping SSO (SSO only- with exceptions). We hope to create domain accounts with non-expiring passwords to use for our service accounts in order to make the API keys and account credentials durable without manual password changes. The plan would be:
- Create a domain account like DOMAIN\rallyservice with a non-expiring password
- Create a Rally account for the domain account like email@example.com
- Use that Rally account (not on the SSO exceptions list) to create an API key
- Use that API key indefinitely without password change.