Jamf's API allows you to create clients with roles that are the same as the permissions you require the service account to have. There's no reason to not offer a choice to use that or user auth.