Set up Service Accounts
Service accounts are recommended to ensure reliable, auditable provisioning activity—separate from individual user behavior.
Why Use a Service Account?
Keeps auto-provisioning activity separate from day-to-day user actions
Avoids confusion in app logs or audit trails
Ensures consistent execution of provisioning tasks
Can be tightly scoped and monitored
Requirements
To work properly, your service account must:
Have the permissions required to create users and assign roles in the third-party app
Authenticate using username and password (not Single Sign-On), so Agent Cake can reliably log in
Be active in the target application (not suspended, pending invite, or limited access)
How to Create a Service Account
You have two options:
1. Create a dedicated user
Set up a separate user in your Identity Provider (e.g. Google Workspace, Entra ID)
Example:
[email protected]
Assign the account to the third-party app with the required permissions
2. Use an email alias of an existing user
If you prefer not to create a new user, you can use an alias
Example:
[email protected]
This still allows separation in the app but uses an existing mailbox
Additional Tips
You can often reuse a single service account across multiple apps, as long as access rights are properly configured
Always review the permission levels in each third-party app to make sure the account can complete the necessary actions
Keep service accounts clearly named and auditable for easier tracking
Last updated
Was this helpful?