Understand the Service Account
Type: Reference Module: Permissions (bonus) Template: v0.5
Changelog: v3 strips the Waste Dashboard baseline claim that v2 reconciled from an earlier Permissions rubric inference. The dedicated Service Account PDF (source for v2 and v3) describes the baseline as "view-only access" and does not mention Waste capabilities. Aligning strictly to the PDF: baseline is view-only plus anonymous checklist completion plus the cowboy-hat gateway. The Waste gotcha has been removed. All other v2 content preserved. If the Permissions rubric table ever confirms Add Waste as a Service Account default, this can be restored in a future revision with that source cited.
v2 changelog (for history). v2 corrected v1's inferred direct-permission model from the Turn 34 draft, added the Create-an-Account setup flow, added the PIN-on-profile detail, added multi-unit clarification, and reframed the baseline to match the PDF's "view-only access" language.
At a glance
The Service Account is a shared, view-only login that lets a store keep OneClick signed in on a shared device (store iPad, back-office terminal, kitchen display) without using any leader's personal credentials. The Service Account itself runs at a minimal-privilege baseline; individual leaders and team members use the cowboy hat Guest sign-in with their PIN to temporarily act with their own personal permissions.
Before you start
Every store gets one Service Account by default. The sign-in convention is the store number followed by @chick-fil-a.com, for example 01234@chick-fil-a.com. If your Service Account credentials have not been created yet, visit the OneClick Create an Account flow, use your store email, and assign a password. Once created, those credentials work on any device in your store.
Treat the Service Account password like any other shared credential: rotate it when a leader with access leaves the store, rotate team member PINs on a regular cadence, and never use the Service Account on a personal device.
What the Service Account is for
Shared devices create a problem. If every leader signed in with their personal OneClick account on the store iPad, actions logged from that device would be attributed incorrectly, personal contact info would be exposed to anyone near the screen, and the leader's personal notifications would fire on store hardware.
The Service Account solves this by being a store-owned identity with a deliberately thin permission set. Day-to-day shift-floor visibility works (see shift assignments, view checklists, see daily notes), and anonymous checklist completion is allowed. Anything beyond that (Chat, destructive actions, moderation, personal-profile edits, and most configuration surfaces) requires a cowboy-hat Guest sign-in with a PIN, which temporarily elevates the session to the individual's personal permissions.
Baseline Service Account permissions
Out of the box, the Service Account can:
- View daily notes
- View shift assignments
- View checklists and complete checklist items (completed items are logged as anonymous when no guest sign-in is active)
- View personal information on shift assignments (names for display purposes)
- Show the Guest sign-in option (cowboy hat icon)
Out of the box, the Service Account cannot:
- Access Chat (privacy: shared device cannot participate in messaging channels)
- Edit sign-in PINs, profile information, or permissions
- Delete history (ratings, infractions, checklist completions, and so on)
- Reset passports, reset breaks, or perform other destructive actions
- Create, edit, or delete most configuration surfaces
For anything beyond this baseline, the person at the shared device taps the cowboy hat icon and enters their PIN. See the next section.
See Understand Permission Levels for the full default permission table.
The cowboy hat Guest sign-in (PIN-gated)
The Service Account is the only default role with the Guest sign-in option enabled. In the app, a cowboy hat Sign-In button appears in the left menu. Tapping it prompts for a PIN.
When a team member enters their PIN, the session temporarily elevates from the Service Account baseline to the individual's full personal permissions. While signed in as a guest, the team member can:
- Access their full profile
- Complete checklists with their name stamped on each item (not anonymous)
- Exercise every capability their role grants: assign positions, submit training ratings, manage accountability (infractions), manage breaks, manage checklists, and any other role-level action
- Adjust their own sign-in PIN
The PIN lives on each team member's profile, shown as a small key icon next to a 4-digit number. A leader with the Edit sign-in PIN permission can assign or change it from the same card.
Default login convention
Service Account emails follow the pattern <store-number>@chick-fil-a.com. The store number is the same number used across HotSchedules, CFA Home, and Vendor Bridge. Operators can request a password reset from OneClick Support using the store number.
In multi-unit operations, each store has its own Service Account. Store A and Store B do not share one shared-device identity, and Switch Account does not apply to Service Accounts. Every store's iPads sign in with that store's own Service Account credentials.
Using the Service Account effectively
Three habits keep the Service Account useful:
- Train the team. A team member who does not know what the cowboy hat icon does will either sign in with their personal credentials on the store device (a privacy mistake) or complete work anonymously when they should have been stamped. Walk new team members through the Guest sign-in flow during onboarding.
- Rotate PINs periodically. PINs are the only gate between the shared device and personal permissions. Treat them like any other credential: rotate on a predictable cadence and whenever someone leaves the store.
- Raise issues through another channel. The Service Account cannot itself send Chat messages, so any issue a team member spots while signed in as the Service Account needs to surface through a different channel (Chat under a personal account, the Voice Matters feedback forum, or a huddle conversation). Make that channel explicit.
Common gotchas
Leaders sign in with their personal account on the store iPad. Actions attribute correctly, but the leader's personal profile, emergency contacts, and Chat history become visible to anyone walking past the screen. Always use the Service Account on shared devices.
Checklist items completed under the Service Account show as anonymous. This is correct, not broken. If you need a named stamp on each completed item, the team member must first tap the cowboy hat icon and enter their PIN.
The Service Account cannot open Chat. By design. Chat requires a personal account because messages are attributed to individuals and read receipts imply a specific reader. If a store iPad needs to be part of a channel, the leader signs in with their personal account briefly, reads or replies, and signs back out to the Service Account.
The cowboy hat icon is missing on the sign-in screen. The Guest sign-in permission has been turned off for the Service Account at this store. Contact Support to re-enable it.
A team member does not know their PIN. The PIN is on their own OneClick profile, next to a small key icon. They can see it under their personal account. If they cannot see it, a leader with Edit sign-in PIN permission can assign or reset it from the same profile card.
New team members trying to sign in through the Service Account. New team members must sign in with their own email (synced from HotSchedules or Vendor Bridge) the first time, not through the Service Account. Once their personal account is active and their PIN is set, they can use the cowboy hat shortcut on the Service Account for routine shift-floor actions.
Video
Video placeholder.
Related articles
- Understand Permission Levels
- Sign In to OneClick
- Understand OneClick Sign-In
- Troubleshoot Sign-In Errors
- Request a Permission Change
Still stuck?
Contact OneClick Support from the Chat menu, or email support@oneclickapp.com.