Service Account Configuration
AI for Work integrates with external identity providers through service accounts. These accounts authenticate the application and grant access to user directories, groups, and organizational data. You can configure multiple service accounts and designate one as the default for system-wide operations.
Supported Service Account Types
The platform supports three identity provider types:- Google: Connects to Google Workspace for user and group management.
- Microsoft Azure: Integrates with Azure Active Directory for organizational data access.
- LDAP: Links to on-premises directory services.
Add a New Service Account
Navigate to the Service Account under Connections. The system displays options for all supported service account types. Click the type of service account you want to configure. The platform displays a form with fields specific to that provider.Configure Google Service Account
Before configuring Google, complete the setup process in Google Cloud Console and Google Admin Console. Refer to the Google Cloud Setup Guide for detailed instructions. Enter the following information in the form:- Account Name: Enter a descriptive name to identify this service account.
- Client Email: Paste the service account email from your Google Cloud JSON key file.
- Admin Email: Enter the Google Workspace administrator email address.
- Private Key: Paste the complete private key from your JSON key file (includes the BEGIN and END markers).
Configure Microsoft Azure Service Account
Before configuring Azure, complete the app registration and permission setup in the Azure Portal. Refer to the Microsoft Azure Setup Guide for detailed instructions. Enter the following information in the form:- Account Name: Enter a descriptive name to identify this service account.
- Client ID:Paste the Application (Client) ID from your Azure app registration.
- Tenant ID:Paste the Directory (Tenant) ID from your Azure app registration.
- Client Secret:Paste the client secret value you copied when creating the secret in Azure.
Configure LDAP Service Account
LDAP service accounts connect the platform to on-premises directory services. Enter the following information in the form:- Account Name: Enter a descriptive name to identify this service account.
- URL: Enter your LDAP server URL.
- Base DN: Enter the base distinguished name for directory searches.
- Authentication Type: Select your LDAP authentication method from the dropdown.
- Person Filter: Enter the LDAP filter to identify user objects.
- Group Filter: Enter the LDAP filter to identify group objects.
Manage Service Accounts
The platform displays all configured service accounts in a list. Each account includes a three-dot menu that provides access to management options.Edit Service Account Details
Update the configuration of an existing service account:- Click the three-dot menu next to the service account you want to modify.
- Select Edit from the menu.
- Update the configuration fields as needed.
- Click Save to apply your changes.
Set Default Service Account
The platform uses the default service account for specific features, including user suggestions when inviting users to the account or workspace. The system suggests users who aren’t part of the account but belong to the organization’s Active Directory. Only one service account can be set as the default at a time. To designate a service account as default:- Click the three-dot menu next to the service account.
- Select Set as Default.
Delete Service Account
Remove a service account:- Click the three-dot menu next to the service account.
- Select Delete.
- Confirm the deletion when prompted.