We enabled SAML SSO for the org. Now the internal service account used for the batch scripts can’t get a token via POST /oauth/token. It returns 401 Invalid Grant. The client ID and secret are correct. Tried passing scope=offline_access but same error. SAML users log in fine, but the machine-to-machine auth is dead. Need to keep SAML for agents but allow the service account to use client credentials. Any config trick to whitelist the client for OAuth while SAML is on?