Agent service account
Agent service account defined for AI agent teams building runtime authorization, approval, and audit controls.
Page audit
- Cited source ledger with May 27, 2026 access dates.
- Action-time policy, approval, and evidence model.
- Primary conversion path points to a demo; developer pages also point to install.
A non-human credential used by an agent to reach systems on behalf of users, tenants, or workflows.
Why it matters
Agent systems fail differently from traditional apps because the next action may be generated from context, tools, and goal state. The control has to sit where the action becomes executable.
| Term | Operational test |
|---|---|
| Agent service account | Can an engineer point to the exact runtime boundary where this concept is enforced? |
| Decision record | Can a reviewer reconstruct who or what attempted the action and why it was allowed? |
| Approval path | Can the right reviewer stop the side effect before it happens? |
Practical example
A support agent may have the capability to refund an order. It only has authority when policy allows that amount, customer, reason, and actor at this moment.
Sources
FAQ
What should a team authorize before agent service account?⌄
Authorize the exact tool name, arguments, actor, tenant, environment, and review requirement before the side effect reaches the upstream system.
Why not rely on prompts for this?⌄
Prompts guide model behavior, but they do not reliably stop a tool dispatch. Runtime authorization sits after the model proposes an action and before the tool executes.
What evidence should the page produce?⌄
Keep a decision record with the actor, tool, arguments summary, policy version, verdict, reviewer when required, timestamp, and source system context.
Related paths
Govern the next agent action