---
id: "action-use-service-accounts"
type: "action-item"
source_timestamps: ["00:15:19", "00:15:25"]
tags: ["security", "governance"]
related: ["concept-least-privilege-agents", "claim-governance-drives-adoption"]
speakers: ["Nate B. Jones"]
action: "Use dedicated, least-privilege service accounts instead of personal credentials for agent deployment."
outcome: "A secure, auditable agent deployment that complies with enterprise IT governance standards."
sources: ["s06-openai-free-employee"]
sourceVaultSlug: "s06-openai-free-employee"
originDay: 6
---
# Provision Service Accounts for Agents

## Action

**Use dedicated, least-privilege service accounts instead of personal credentials for agent deployment.**

## Expected Outcome

A secure, auditable agent deployment that complies with enterprise IT governance standards.

## Detail

**Never** publish an enterprise agent using the personal, authenticated app connections of the individual who built it. This creates a massive security risk where other users **inherit elevated privileges** — a 'blast radius' problem.

Instead, work with IT to:

- Provision **dedicated service accounts** for the agent
- Scope the permissions down to the absolute minimum required for the specific workflow
- Use **read-only** access where possible; **append-only** for write paths
- Audit configurations regularly

See [[concept-least-privilege-agents]] and [[claim-governance-drives-adoption]]. The required baseline knowledge is captured in [[prereq-enterprise-governance]]. The single sentence that summarizes why this matters: [[quote-permission-model]].