Set up Service Accounts
Service accounts are recommended to ensure reliable, auditable provisioning activity—separate from individual user behavior.
Last updated
Was this helpful?
Service accounts are recommended to ensure reliable, auditable provisioning activity—separate from individual user behavior.
Keeps auto-provisioning activity separate from day-to-day user actions
Avoids confusion in app logs or audit trails
Ensures consistent execution of provisioning tasks
Can be tightly scoped and monitored
To work properly, your service account must:
Have the permissions required to create users and assign roles in the third-party app
Authenticate using username and password (not Single Sign-On), so Agent Cake can reliably log in
Be active in the target application (not suspended, pending invite, or limited access)
You have two options:
1. Create a dedicated user
Set up a separate user in your Identity Provider (e.g. Google Workspace, Entra ID)
Example: agent.cake@company.com
Assign the account to the third-party app with the required permissions
2. Use an email alias of an existing user
If you prefer not to create a new user, you can use an alias
Example: john.doe+agent.cake@company.com
This still allows separation in the app but uses an existing mailbox
Note: Be aware that some third-party tools may charge for the additional seat used by the service account. For less security-critical apps, you may choose to use a real user account instead.
You can often reuse a single service account across multiple apps, as long as access rights are properly configured
Always review the permission levels in each third-party app to make sure the account can complete the necessary actions
Keep service accounts clearly named and auditable for easier tracking
Last updated
Was this helpful?
Was this helpful?