When Tool Authentication is enabled for an instance using Aura Agent, the Aura user for that project can log in via SSO. For instances where Tool Authentication is not enabled, users can only log in with credentials unless instance-level SSO is enabled. This behavior is not what most users expect; the ability of an agent to access an instance and the ability of an Aura user to log in via SSO should be considered separately. Moreover, Neo4j Aura does not have the concept of a service user or service account like other cloud providers, and there are no access permissions for the agent. A concept of service accounts assigned to agents should be introduced, allowing permissions to be configured for what the agent can do. https://neo4j.com/docs/aura/security/tool-auth/
