0%

Service Accounts

Service Accounts

Overview

Service accounts in FinverityOS are dedicated system accounts designed for integrations and controlled support access. They are used for non-human interactions such as API access, host-to-host connections, middleware integrations, webhooks, and for Finverity Support-held access when explicitly authorized by the customer.

Service accounts are intentionally separated from human user accounts within your organization. This separation ensures integrations and support access remain secure, stable, auditable, and fully under customer control.

Why Service Accounts Are Used

Integration Authentication

External systems authenticate to FinverityOS using service accounts in combination with client credentials (Client ID and Client Secret). These credentials are used to obtain OAuth tokens, which allow the external system to securely interact with FinverityOS APIs.

Stability and Continuity

Service accounts can be configured to never deactivate. This prevents critical integrations from being interrupted due to employee off-boarding, password resets, or changes to human user accounts.

Least-Privilege Access

Each service account is assigned a dedicated service role that contains only the permissions required for the specific integration. This enforces the principle of least privilege and avoids granting unnecessary or broad administrative access.

Faster Support and Troubleshooting

Using service accounts allows the Finverity support and engineering teams to more easily diagnose, trace, and resolve integration-related issues. When used for support purposes, these accounts are held by Finverity Support but remain fully controlled by the customer. All activity is clearly separated from human user actions within your organization, improving auditability and accountability.

Access and Visibility Considerations

Service accounts can be used both for integrations and as controlled access accounts for Finverity Support. This approach ensures that any Finverity-held access is separate from your organization’s human users, while still allowing you to retain full control over permissions.

You explicitly define and manage:

  • Whether access is enabled

  • Which actions can be performed

  • Which data or views are available

This model allows Finverity Support to assist with troubleshooting, investigations, or operational queries without requiring access to individual user accounts. Service account access can be modified, disabled, or removed at any time.

How Service Accounts Are Managed

  • Service accounts are managed under My Organization → Service Account Management.

  • Only users with the Manage Service Accounts permission (typically Portal Admins) can create, modify, or update service accounts.

  • Service accounts use dedicated service roles, ensuring a clear separation from standard portal users and their roles.

Examples

Internal Finverity Modules

Accounts such as postings@finverity.com or billing@finverity.com are used to support internal Finverity modules and system-to-system operations.

Bank and Corporate Integrations

For each new bank or corporate integration, the following components are created:

  1. A service role with tightly scoped permissions

  2. A service account linked to that service role

  3. Client credentials or API keys provided to the counterparty’s middleware

This approach ensures secure, controlled, and reliable integration with external systems.

0%