You may have noticed when setting up an integration with Google that we strongly recommend using a dedicated service account rather than your own users account - but what is a service account, why do you need one, and how do you set one up?

Service acccounts, also known as robot accounts, are accounts specifically created to act within a limited capacity and often for a single purpose. They usually have an obvious name that highlights them as a non-human account. Something like incidentio-robot@<yourdomain>.com is usually good!

They are not tied to a single real user and are often created with limited permissions compared to what you would normally allow a user to do.

In the context of incident.io the service account is the account you will give us permissions to use or act through for things like creating calendar events, meetings and calls, and post-mortem documents.

You might be tempted to just sign in using your own account or another users when you click to set up the integration but there are some very good reasons why you would want to avoid doing so.

When the connection is made and the integration installed it will belong to the user that installed it. If the installing user leaves the organisation or changes their settings this can lead to the integration breaking and needing to be re-installed (and preventing us from doing anything in the mean time!).

In the case of calendars we use the connected users calendar to monitor and create calendar events. If you signed in as yourself we will potentially create calendar events for debriefs in your calendar along with inviting your user to every meeting! You can see why this might start to be inconvenient.

There's a few ways to create new accounts within Google and it might depend a little on what setup you have.

This article covers most of the basics though and is a good starting point for learning more about how to do it.

At a basic level you will need to: