Aura user access when enabled tool authentication for instances
under review
Yohei Onishi
- When Tool Authentication is enabled for an instance using Aura Agent, the Aura user for that project can log in via SSO. For instances where Tool Authentication is not enabled, users can only log in with credentials unless instance-level SSO is enabled. This behavior is not what most users expect; the ability of an agent to access an instance and the ability of an Aura user to log in via SSO should be considered separately.
- Moreover, Neo4j Aura does not have the concept of a service user or service account like other cloud providers, and there are no access permissions for the agent. A concept of service accounts assigned to agents should be introduced, allowing permissions to be configured for what the agent can do. https://neo4j.com/docs/aura/security/tool-auth/
Ed Sandoval
Thanks for your feedback, Yohei Onishi
Thanks for raising this — you’re pointing out an important mismatch in how SSO behaves today.
During the Aura Agent Preview, we rely on Tool Authentication so the agent can act on behalf of the user using their project-assigned role. For safety, we block all write operations, even if that role normally allows them.
As the product evolves, we’re exploring more flexible approaches — including service-account-style models or letting organizations explicitly choose which role(s) an agent should use — so that SSO access for users and permissioning for agents can be cleanly separated.
Aman Singh
marked this post as
under review
Aman Singh
Hi Yohei Onishi service users are on our roadmap for 2026! I will investigate the issues with the Agent user and get back to you.