Docs
Search K

Appearance

Service Accounts

Service Accounts provide preconfigured credentials that allow workflows to execute actions on behalf of an organization or user without requiring each workflow designer to manage individual secrets.

1. Overview

A Service Account centralizes authentication details (client IDs, secrets, tokens, and permissions) for external services like Microsoft Azure, Autodesk, or AI providers. Once set up, any user with workflow creation rights can select the account in Task or Trigger Nodes, ensuring consistency and security across automations.

2. Configuring a Service Account

  1. Navigate to the Console: Log in to the administration console and open the Service Accounts section.

  2. Create a New Account: Click New Service Account, then:

    • Enter a Name and Description.
    • Provide required credentials (e.g., Client ID, Client Secret, Tenant ID for Azure).
    • Assign the necessary Permissions or Scopes in the external service’s portal.

  3. Save: Click Create or Save. The account appears in the console list and becomes available for workflows.

Important: You must configure each Service Account before attempting to select it in a node; unconfigured accounts will not appear.

3. Selecting a Service Account in a Node

  • In the Task or Trigger Configuration dialog’s header, open the Service Account dropdown.
  • Choose the desired account. The node will use these credentials when executing.
  • If the action requires no authentication or uses only a third-party login, the Service Account field may be optional or omitted.

4. Execution Context

When a node runs with a Service Account:

  • Impersonation: The workflow performs actions using the account’s identity and permissions.
  • Auditability: All operations are logged under the Service Account, simplifying auditing and troubleshooting.
  • Consistency: Central credential management ensures all workflows use the same version of secrets and permissions.

5. Use Case Examples

  • Microsoft Azure: A Service Account configured with Azure App registration (Client ID, Secret, Tenant) grants permissions to manage storage, send emails via Office365, or manipulate resources.
  • OpenAI / ChatGPT: Create multiple Service Accounts to manage different models (e.g., GPT-3.5 for speed, GPT-4 for accuracy). Updating the model in one account instantly applies across all workflows.
  • Autodesk Construction Cloud: A Service Account stores the ACC credentials and permissions needed to create or delete webhooks, access file versions, and manage folders.

6. Best Practices

  • Least Privilege: Grant only the necessary permissions for each Service Account.
  • Rotate Secrets: Update client secrets or tokens regularly to maintain security.
  • Naming Conventions: Use clear names (e.g., Azure-Storage-Reader, OpenAI-GPT4) to indicate purpose.
  • Central Updates: When external services release new features (e.g., a new AI model), update the relevant Service Account so all workflows benefit immediately.

Service Accounts ensure secure, auditable, and maintainable authentication across your workflows.

Tentech 2024