Service Account Best practices

Hi all

I’m wondering if there are some best practices around service accounts.

I have following use case:

We want to use the REST API to create new users as we want to create an integrated registration from. The service account would be used to call the /users endpoint.
Is it common to e.g. enable the service account for the client_id realm-management or creating a new client_id specifically to be used with a service account?

Looking forward to get some insights.


It is always best to create a separate Client that is locked-down as completely as you can make it. I’d suggest making a dedicated Client with a service account with only the *-users Roles you need.

1 Like