Skip to content

Test and manage cloud accounts

Creating a cloud account is only the first boundary. Administrators must test the provider identity, review capability probes, explicitly activate it, and keep its health and workspace links current.

Typical time
5–15 minutes
You need
An existing cloud connection
Outcome
A reviewed lifecycle state

Open Cloud Accounts and use Account Library search, provider, status, page size, and backend-owned Previous/Next controls. Choose Refresh cloud accounts when you need current backend state, then open the row action menu and choose View details.

Manage 1 of 4 · Screenshot placeholder

Find the organization cloud account

Show Account Library filters, safe status columns, and the row action menu.

Future capture briefUse synthetic connection names and mask organization, account, subscription, tenant, and workspace identifiers.

Choose Test connection. Review:

  • Verified account and authentication method;
  • Last tested, Last healthy, and connection health;
  • Capabilities and permission probes; and
  • the requested permission level.

A partially passed test needs review. Terraform plan or apply can remain unverified until a reviewed workspace plan exercises those permissions.

Manage 2 of 4 · Screenshot placeholder

Review health and permission probes

Show a synthetic identity review with health timestamps, capability status, and bounded probe results.

Future capture briefDo not show complete provider identities, raw errors, request IDs, role ARNs, tenant IDs, subscription IDs, or resource inventory.

For a pending connection:

  1. choose Review and activate;
  2. confirm the returned provider identity;
  3. select the activation acknowledgement; and
  4. choose Activate connection.

An active account can be selected when an eligible workspace is linked. The details drawer shows Linked workspaces; activation does not automatically link every workspace.

Manage 3 of 4 · Screenshot placeholder

Future capture briefUse a staged workspace and hide cloud account, project, organization, and workspace IDs.

The row menu can expose these administrator actions:

  • Edit settings: change the safe display, environment, permission, region, or service scope, then retest.
  • Suspend account: temporarily block use without deleting the record.
  • Reactivate account: return a suspended account to reviewed use.
  • Revoke account: intentionally revoke ScrinCloud access.
  • Rotate credential: replace an Azure service-principal secret and expiry.
  • Remove account: delete the ScrinCloud connection record. This never deletes cloud resources.

Edit settings can update account name, environment, permission level, allowed regions, and service scope. Provider identity fields are read-only in this drawer; reconnect when the AWS role, External ID, Azure identity, tenant, subscription, or stored credential identity must change.

Each high-impact action uses a confirmation. Rotate credential is available only for an Azure service-principal connection and requires Test and replace credential. Re-test after identity, role, credential, or scope changes.

Manage 4 of 4 · Screenshot placeholder

Choose a lifecycle action

Show the row actions and one safe confirmation for suspend, reactivate, revoke, rotate, or remove.

Future capture briefUse a synthetic connection. Do not capture credentials, provider console data, or real resource names.

Confirm the connection has the intended lifecycle state, health, version, permission and scope, and only the expected linked workspaces. Record the approved operational evidence without copying provider credentials or raw customer metadata.

Run Test connection, confirm identity verification succeeded, review the required probes, and select the acknowledgement.

The connection changed while you were reviewing it

Section titled “The connection changed while you were reviewing it”

Refresh the connection and review the new version before retrying. Lifecycle updates use version checks to prevent stale changes.

Confirm the account is active, uses the same provider, includes the workspace region, and is eligible for that organization and project.

Removal deletes the ScrinCloud connection record, not AWS or Azure resources. Also remove or revoke provider-side trust when your organization policy requires it.