Open
Description
The support for service accounts was mentioned originally in #849 but didn't make it to the MVP IAM implementation. The need has come up again based on recent internal/external user requests.
There are a few aspects that distinguish service accounts from regular user accounts:
- shouldn't be allowed to use the web UI
- is strictly tied to an application/service identity (should not be auto-provisioned via IdP?)
- supports frictionless key rotation to allow continuous use
There are probably more to the service account requirements and will need to be further defined/scoped when this feature is being implemented.