# Set up Service Accounts #### Why Use a Service Account? * Keeps auto-provisioning activity separate from day-to-day user actions * Avoids confusion in app logs or audit trails * Ensures consistent execution of provisioning tasks * Can be tightly scoped and monitored #### Requirements To work properly, your service account must: * Have the **permissions required** to create users and assign roles in the third-party app * Authenticate using **username and password** (not Single Sign-On), so Agent Cake can reliably log in * Be **active** in the target application (not suspended, pending invite, or limited access) #### How to Create a Service Account You have two options: **1. Create a dedicated user** * Set up a separate user in your Identity Provider (e.g. Google Workspace, Entra ID) * Example: `agent.cake@company.com` * Assign the account to the third-party app with the required permissions **2. Use an email alias of an existing user** * If you prefer not to create a new user, you can use an alias * Example: `john.doe+agent.cake@company.com` * This still allows separation in the app but uses an existing mailbox {% hint style="info" %} **Note:** Be aware that some third-party tools may charge for the additional seat used by the service account. For less security-critical apps, you may choose to use a real user account instead. {% endhint %} #### Additional Tips * You can often **reuse a single service account** across multiple apps, as long as access rights are properly configured * Always review the permission levels in each third-party app to make sure the account can complete the necessary actions * Keep service accounts clearly named and auditable for easier tracking --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.getcakewalk.io/how-to-guides/auto-provisioning/how-it-works/set-up-service-accounts.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.