Allow setting of `external` flag for users created via the Service Accounts API

Proposal

Related customer ticket: ZD-673094 (Internal)

The security fix on #509324 (closed) can cause problems in environments where external users are allowed to rotate tokens for internal service accounts.

Exposing an external flag on the Service Accounts API would allow automation to ensure this flag is properly set (such as via the GitLab Terraform provider, etc) in environments where a service account ends up with the wrong external status.

Edited Dec 09, 2025 by 🤖 GitLab Bot 🤖

Allow setting of external flag for users created via the Service Accounts API

Proposal

Allow setting of `external` flag for users created via the Service Accounts API