You may have noticed when setting up an integration with Google that we strongly recommend using a dedicated service account rather than your own user account - but what is a service account, why do you need one, and how do you set one up?
What are service accounts?
Service accounts, also known as robot accounts, are accounts specifically created to act within a limited capacity and often for a single purpose. They usually have an obvious name that highlights them as a non-human account. Something like incidentio-robot@<yourdomain>.com is usually good!
They are not tied to a single real user and are often created with limited permissions compared to what you would normally allow a user to do.
In the context of incident.io, the service account is the account you will give us permissions to use or act through for things like creating calendar events, meetings and calls, and post-mortem documents.
Why do I need one?
You might be tempted to just sign in using your own account or another user's when you click to set up the integration, but there are some very good reasons why you would want to avoid doing so.
When the connection is made and the integration installed, it will belong to the user that installed it. If the installing user leaves the organization or changes their settings, this can lead to the integration breaking and needing to be re-installed (and preventing us from doing anything in the meantime!).
In the case of calendars, we use the connected user's calendar to monitor and create calendar events. If you signed in as yourself, we will potentially create calendar events for debriefs in your calendar, along with inviting your user to every meeting! You can see why this might start to be inconvenient.
What will the service account have access to?
A single account will be used for Google Meet, Google Calendar, and Google Docs. Note: You cannot use separate accounts for each integration.
Scope
For Google Docs: we need access to
drive.file
For Meet + Calendar: we need access to
calendar.events
How do I make a service account?
There are a few ways to create new accounts within Google, and it might depend a little on what setup you have.
This article covers most of the basics, though, and is a good starting point for learning more about how to do it.
At a basic level, you will need to:
create a new account within your organization
name it something obvious and simple that highlights it as a robot account
store the details (such as the password / 2fa key) somewhere secure that can be shared with others, such as a password manager