When your organization connects one SaaS app to another (maybe it’s a handy backup!), a person usually does it. That person automatically becomes the authorization bridge between these two applications.
Once that’s done, everything should run smoothly. But what happens when that person leaves your organization for a new opportunity? Proper security and IT practices dictate that their email account must be deactivated. In doing so, that link will be broken, instantly disabling the integration. This likely has a huge impact on your recovery point objective (RPO). If we’re talking about a backup, it’s bad.
We’re using backups as an example, but this scenario applies to any SaaS application. That’s why it’s imperative that you onboard your SaaS applications using what’s called a “service account.”
A service account is owned and managed by many users or applications, not just one person. It’s the difference between an account like james@rewind.com and backups@rewind.com.
Aside from someone leaving your organization, here are other examples of when the connection between you and your SaaS app might get broken:
- When an individual’s access rights are revoked or reduced for any reason
- When an individual goes on extended leave and has their access revoked temporarily
- When someone changes roles, for example, by joining the IT team from another team
As a SaaS provider, we can say with certainty that these scenarios will impact our ability to work on that person’s behalf.
Why a service account?
When you onboard a SaaS application, the user and the SaaS provider form a relationship. The service cannot detect who is onboarding it or whether that account has an individual owner or multiple.
Using a service account is the best way to safeguard that relationship.
Not using a service account is risky. If the person who set up the platform leaves your company, the service you have been paying for will stop, although this may not be obvious.
This causes two serious problems:
- You won’t get the benefits of the solution that you spent so long choosing. In our case, backups and restores won’t work anymore, so if you encounter a data disaster, we can’t help you resolve it.
- The trust between you and the provider gets broken because you may be paying for a service you aren’t receiving.
This is why using a service account is widely considered best practice. Use one whenever you’re onboarding a new SaaS application.
How do I set up a service account?
The process of setting up a service account is dependent on the size of your business. Smaller organizations likely have the power to do it themselves by using their email provider (Outlook, Google, or other). For a mid-sized or larger organization, you’ll likely need to submit a ticket to the IT department or similar department and they will create the account for you.
Best practices for setting up a service account
It’s important to ensure that more than one person is linked to a service account. We recommend at least three users. This ensures the resiliency of your connection. We also suggest auditing the account regularly to monitor who has access. If you don’t check often, you may miss someone leaving and unknowingly break the link between your organization and your SaaS provider.
Read more about the importance of auditing your SaaS applications.
A word of warning
As a SaaS provider, we are committed to growing and fostering the relationships we’ve built with all of our customers. We are so happy when someone onboards our product, but let this be a warning: you may run into trouble if you onboard a SaaS application and grant authorization from a personal account. Make sure you use a more general service account!
James Ciesielski">
