Our approach uses a mix of Service Accounts and Service Principals.
Using Service Accounts provides greater security for your tenant through permission segregation, implementation of conditional access policies, and helps avoid disruptions related to credential rotation.
Tenant segregation
Service Accounts (user and password) are limited to a single tenant. This ensures that permissions do not extend across multiple tenants. Service Principals (Enterprise Applications managed by the provider) are multi-tenant, which does not align with our need for strict separation.
Conditional Access Policies
By configuring Conditional Access Policies on our Service Accounts, we can enforce security rules like MFA or IP restrictions.
Credential Management
If configured, the platform can rotate Service Account passwords, ensuring the best security practices. With Service Principals (applications managed by the customer), you need to manage app secrets or certificates. If these are not renewed, access can be interrupted, and CoreView features such as management actions cannot be performed.