diff --git a/internal/controllers/clusterextension_admission_test.go b/internal/controllers/clusterextension_admission_test.go
index 16629c410..59a3c8866 100644
--- a/internal/controllers/clusterextension_admission_test.go
+++ b/internal/controllers/clusterextension_admission_test.go
@@ -2,6 +2,7 @@ package controllers_test
 
 import (
 	"context"
+	"fmt"
 	"strings"
 	"testing"
 
@@ -45,6 +46,7 @@ func TestClusterExtensionAdmissionPackageName(t *testing.T) {
 			err := cl.Create(context.Background(), buildClusterExtension(ocv1alpha1.ClusterExtensionSpec{
 				PackageName:      tc.pkgName,
 				InstallNamespace: "default",
+				ServiceAccount:   "default",
 			}))
 			if tc.errMsg == "" {
 				require.NoError(t, err, "unexpected error for package name %q: %w", tc.pkgName, err)
@@ -134,6 +136,7 @@ func TestClusterExtensionAdmissionVersion(t *testing.T) {
 				PackageName:      "package",
 				Version:          tc.version,
 				InstallNamespace: "default",
+				ServiceAccount:   "default",
 			}))
 			if tc.errMsg == "" {
 				require.NoError(t, err, "unexpected error for version %q: %w", tc.version, err)
@@ -179,6 +182,7 @@ func TestClusterExtensionAdmissionChannel(t *testing.T) {
 				PackageName:      "package",
 				Channel:          tc.channelName,
 				InstallNamespace: "default",
+				ServiceAccount:   "default",
 			}))
 			if tc.errMsg == "" {
 				require.NoError(t, err, "unexpected error for channel %q: %w", tc.channelName, err)
@@ -224,6 +228,7 @@ func TestClusterExtensionAdmissionInstallNamespace(t *testing.T) {
 			err := cl.Create(context.Background(), buildClusterExtension(ocv1alpha1.ClusterExtensionSpec{
 				PackageName:      "package",
 				InstallNamespace: tc.installNamespace,
+				ServiceAccount:   "default",
 			}))
 			if tc.errMsg == "" {
 				require.NoError(t, err, "unexpected error for installNamespace %q: %w", tc.installNamespace, err)
@@ -235,6 +240,52 @@ func TestClusterExtensionAdmissionInstallNamespace(t *testing.T) {
 	}
 }
 
+func TestClusterExtensionAdmissionServiceAccount(t *testing.T) {
+	tooLongError := "spec.serviceAccount: Too long: may not be longer than 48"
+	regexMismatchError := "spec.serviceAccount in body should match"
+
+	testCases := []struct {
+		name           string
+		serviceAccount string
+		errMsg         string
+	}{
+		{"just alphanumeric", "justalphanumberic1", ""},
+		{"hypen-separated", "hyphenated-name", ""},
+		{"no service account name", "", regexMismatchError},
+		{"dot-separated", "dotted.name", regexMismatchError},
+		{"longest valid service account name", strings.Repeat("x", 48), ""},
+		{"too long service account name", strings.Repeat("x", 49), tooLongError},
+		{"spaces", "spaces spaces", regexMismatchError},
+		{"capitalized", "Capitalized", regexMismatchError},
+		{"camel case", "camelCase", regexMismatchError},
+		{"invalid characters", "many/invalid$characters+in_name", regexMismatchError},
+		{"starts with hyphen", "-start-with-hyphen", regexMismatchError},
+		{"ends with hyphen", "end-with-hyphen-", regexMismatchError},
+		{"starts with period", ".start-with-period", regexMismatchError},
+		{"ends with period", "end-with-period.", regexMismatchError},
+	}
+
+	t.Parallel()
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			cl := newClient(t)
+			err := cl.Create(context.Background(), buildClusterExtension(ocv1alpha1.ClusterExtensionSpec{
+				PackageName:      "package",
+				InstallNamespace: "default",
+				ServiceAccount:   tc.serviceAccount,
+			}))
+			if tc.errMsg == "" {
+				require.NoError(t, err, "unexpected error for service account name %q: %w", tc.serviceAccount, err)
+			} else {
+				require.Error(t, err)
+				require.Contains(t, err.Error(), tc.errMsg)
+			}
+		})
+	}
+}
+
 func buildClusterExtension(spec ocv1alpha1.ClusterExtensionSpec) *ocv1alpha1.ClusterExtension {
 	return &ocv1alpha1.ClusterExtension{
 		ObjectMeta: metav1.ObjectMeta{
diff --git a/internal/controllers/clusterextension_controller_test.go b/internal/controllers/clusterextension_controller_test.go
index 09608afbb..252781498 100644
--- a/internal/controllers/clusterextension_controller_test.go
+++ b/internal/controllers/clusterextension_controller_test.go
@@ -56,6 +56,7 @@ func TestClusterExtensionNonExistentPackage(t *testing.T) {
 		Spec: ocv1alpha1.ClusterExtensionSpec{
 			PackageName:      pkgName,
 			InstallNamespace: "default",
+			ServiceAccount:   "default",
 		},
 	}
 	require.NoError(t, cl.Create(ctx, clusterExtension))
@@ -98,6 +99,7 @@ func TestClusterExtensionNonExistentVersion(t *testing.T) {
 			PackageName:      pkgName,
 			Version:          "0.50.0", // this version of the package does not exist
 			InstallNamespace: "default",
+			ServiceAccount:   "default",
 		},
 	}
 	require.NoError(t, cl.Create(ctx, clusterExtension))
@@ -147,6 +149,7 @@ func TestClusterExtensionChannelVersionExists(t *testing.T) {
 	pkgVer := "1.0.0"
 	pkgChan := "beta"
 	installNamespace := fmt.Sprintf("test-ns-%s", rand.String(8))
+	serviceAccount := fmt.Sprintf("test-sa-%s", rand.String(8))
 
 	clusterExtension := &ocv1alpha1.ClusterExtension{
 		ObjectMeta: metav1.ObjectMeta{Name: extKey.Name},
@@ -155,6 +158,7 @@ func TestClusterExtensionChannelVersionExists(t *testing.T) {
 			Version:          pkgVer,
 			Channel:          pkgChan,
 			InstallNamespace: installNamespace,
+			ServiceAccount:   serviceAccount,
 		},
 	}
 	err := cl.Create(ctx, clusterExtension)
@@ -206,6 +210,8 @@ func TestClusterExtensionChannelExistsNoVersion(t *testing.T) {
 	pkgVer := ""
 	pkgChan := "beta"
 	installNamespace := fmt.Sprintf("test-ns-%s", rand.String(8))
+	serviceAccount := fmt.Sprintf("test-sa-%s", rand.String(8))
+
 	clusterExtension := &ocv1alpha1.ClusterExtension{
 		ObjectMeta: metav1.ObjectMeta{Name: extKey.Name},
 		Spec: ocv1alpha1.ClusterExtensionSpec{
@@ -213,6 +219,7 @@ func TestClusterExtensionChannelExistsNoVersion(t *testing.T) {
 			Version:          pkgVer,
 			Channel:          pkgChan,
 			InstallNamespace: installNamespace,
+			ServiceAccount:   serviceAccount,
 		},
 	}
 	err := cl.Create(ctx, clusterExtension)
@@ -265,6 +272,7 @@ func TestClusterExtensionVersionNoChannel(t *testing.T) {
 			Version:          pkgVer,
 			Channel:          pkgChan,
 			InstallNamespace: "default",
+			ServiceAccount:   "default",
 		},
 	}
 	require.NoError(t, cl.Create(ctx, clusterExtension))
@@ -313,6 +321,7 @@ func TestClusterExtensionNoChannel(t *testing.T) {
 			PackageName:      pkgName,
 			Channel:          pkgChan,
 			InstallNamespace: "default",
+			ServiceAccount:   "default",
 		},
 	}
 	require.NoError(t, cl.Create(ctx, clusterExtension))
@@ -363,6 +372,7 @@ func TestClusterExtensionNoVersion(t *testing.T) {
 			Version:          pkgVer,
 			Channel:          pkgChan,
 			InstallNamespace: "default",
+			ServiceAccount:   "default",
 		},
 	}
 	require.NoError(t, cl.Create(ctx, clusterExtension))
@@ -443,6 +453,7 @@ func TestClusterExtensionUpgrade(t *testing.T) {
 		pkgVer := "1.0.0"
 		pkgChan := "beta"
 		installNamespace := fmt.Sprintf("test-ns-%s", rand.String(8))
+		serviceAccount := fmt.Sprintf("test-sa-%s", rand.String(8))
 		extKey := types.NamespacedName{Name: fmt.Sprintf("cluster-extension-test-%s", rand.String(8))}
 		clusterExtension := &ocv1alpha1.ClusterExtension{
 			ObjectMeta: metav1.ObjectMeta{Name: extKey.Name},
@@ -451,6 +462,7 @@ func TestClusterExtensionUpgrade(t *testing.T) {
 				Version:          pkgVer,
 				Channel:          pkgChan,
 				InstallNamespace: installNamespace,
+				ServiceAccount:   serviceAccount,
 			},
 		}
 		// Create a cluster extension
@@ -543,6 +555,7 @@ func TestClusterExtensionUpgrade(t *testing.T) {
 		pkgVer := "1.0.0"
 		pkgChan := "beta"
 		installNamespace := fmt.Sprintf("test-ns-%s", rand.String(8))
+		serviceAccount := fmt.Sprintf("test-sa-%s", rand.String(8))
 		extKey := types.NamespacedName{Name: fmt.Sprintf("cluster-extension-test-%s", rand.String(8))}
 		clusterExtension := &ocv1alpha1.ClusterExtension{
 			ObjectMeta: metav1.ObjectMeta{Name: extKey.Name},
@@ -551,6 +564,7 @@ func TestClusterExtensionUpgrade(t *testing.T) {
 				Version:          pkgVer,
 				Channel:          pkgChan,
 				InstallNamespace: installNamespace,
+				ServiceAccount:   serviceAccount,
 			},
 		}
 		// Create a cluster extension
@@ -654,6 +668,7 @@ func TestClusterExtensionUpgrade(t *testing.T) {
 				}()
 
 				installNamespace := fmt.Sprintf("test-ns-%s", rand.String(8))
+				serviceAccount := fmt.Sprintf("test-sa-%s", rand.String(8))
 				extKey := types.NamespacedName{Name: fmt.Sprintf("cluster-extension-test-%s", rand.String(8))}
 				clusterExtension := &ocv1alpha1.ClusterExtension{
 					ObjectMeta: metav1.ObjectMeta{Name: extKey.Name},
@@ -663,6 +678,7 @@ func TestClusterExtensionUpgrade(t *testing.T) {
 						Channel:                 "beta",
 						UpgradeConstraintPolicy: ocv1alpha1.UpgradeConstraintPolicyIgnore,
 						InstallNamespace:        installNamespace,
+						ServiceAccount:          serviceAccount,
 					},
 				}
 				// Create a cluster extension
@@ -754,6 +770,7 @@ func TestClusterExtensionDowngrade(t *testing.T) {
 				}()
 
 				installNamespace := fmt.Sprintf("test-ns-%s", rand.String(8))
+				serviceAccount := fmt.Sprintf("test-sa-%s", rand.String(8))
 				extKey := types.NamespacedName{Name: fmt.Sprintf("cluster-extension-test-%s", rand.String(8))}
 				clusterExtension := &ocv1alpha1.ClusterExtension{
 					ObjectMeta: metav1.ObjectMeta{Name: extKey.Name},
@@ -762,6 +779,7 @@ func TestClusterExtensionDowngrade(t *testing.T) {
 						Version:          "1.0.1",
 						Channel:          "beta",
 						InstallNamespace: installNamespace,
+						ServiceAccount:   serviceAccount,
 					},
 				}
 				// Create a cluster extension
@@ -842,6 +860,7 @@ func TestClusterExtensionDowngrade(t *testing.T) {
 				}()
 
 				installNamespace := fmt.Sprintf("test-ns-%s", rand.String(8))
+				serviceAccount := fmt.Sprintf("test-sa-%s", rand.String(8))
 				extKey := types.NamespacedName{Name: fmt.Sprintf("cluster-extension-test-%s", rand.String(8))}
 				clusterExtension := &ocv1alpha1.ClusterExtension{
 					ObjectMeta: metav1.ObjectMeta{Name: extKey.Name},
@@ -851,6 +870,7 @@ func TestClusterExtensionDowngrade(t *testing.T) {
 						Channel:                 "beta",
 						UpgradeConstraintPolicy: ocv1alpha1.UpgradeConstraintPolicyIgnore,
 						InstallNamespace:        installNamespace,
+						ServiceAccount:          serviceAccount,
 					},
 				}
 				// Create a cluster extension
@@ -1461,6 +1481,7 @@ func TestClusterExtensionErrorGettingBundles(t *testing.T) {
 		Spec: ocv1alpha1.ClusterExtensionSpec{
 			PackageName:      "prometheus",
 			InstallNamespace: "default",
+			ServiceAccount:   "default",
 		},
 	}
 	require.NoError(t, cl.Create(ctx, clusterExtension))
diff --git a/internal/controllers/clusterextension_registryv1_validation_test.go b/internal/controllers/clusterextension_registryv1_validation_test.go
index 83b0157f1..7ea707427 100644
--- a/internal/controllers/clusterextension_registryv1_validation_test.go
+++ b/internal/controllers/clusterextension_registryv1_validation_test.go
@@ -121,12 +121,14 @@ func TestClusterExtensionRegistryV1DisallowDependencies(t *testing.T) {
 			}
 
 			installNamespace := fmt.Sprintf("test-ns-%s", rand.String(8))
+			serviceAccount := fmt.Sprintf("test-sa-%s", rand.String(8))
 			extKey := types.NamespacedName{Name: fmt.Sprintf("cluster-extension-test-%s", rand.String(8))}
 			clusterExtension := &ocv1alpha1.ClusterExtension{
 				ObjectMeta: metav1.ObjectMeta{Name: extKey.Name},
 				Spec: ocv1alpha1.ClusterExtensionSpec{
 					PackageName:      tt.bundle.Package,
 					InstallNamespace: installNamespace,
+					ServiceAccount:   serviceAccount,
 				},
 			}
 			require.NoError(t, cl.Create(ctx, clusterExtension))
diff --git a/test/e2e/cluster_extension_install_test.go b/test/e2e/cluster_extension_install_test.go
index b4260efb3..5af621917 100644
--- a/test/e2e/cluster_extension_install_test.go
+++ b/test/e2e/cluster_extension_install_test.go
@@ -75,6 +75,7 @@ func TestClusterExtensionInstallRegistry(t *testing.T) {
 	clusterExtension.Spec = ocv1alpha1.ClusterExtensionSpec{
 		PackageName:      "prometheus",
 		InstallNamespace: "default",
+		ServiceAccount:   "default",
 	}
 	t.Log("It resolves the specified package with correct bundle path")
 	t.Log("By creating the ClusterExtension resource")
@@ -132,6 +133,7 @@ func TestClusterExtensionInstallReResolvesWhenNewCatalog(t *testing.T) {
 	clusterExtension.Spec = ocv1alpha1.ClusterExtensionSpec{
 		PackageName:      pkgName,
 		InstallNamespace: "default",
+		ServiceAccount:   "default",
 	}
 
 	t.Log("By deleting the catalog first")
@@ -199,6 +201,7 @@ func TestClusterExtensionBlockInstallNonSuccessorVersion(t *testing.T) {
 		PackageName:      "prometheus",
 		Version:          "1.0.0",
 		InstallNamespace: "default",
+		ServiceAccount:   "default",
 	}
 	require.NoError(t, c.Create(context.Background(), clusterExtension))
 	t.Log("By eventually reporting a successful installation")
@@ -245,6 +248,7 @@ func TestClusterExtensionForceInstallNonSuccessorVersion(t *testing.T) {
 		PackageName:      "prometheus",
 		Version:          "1.0.0",
 		InstallNamespace: "default",
+		ServiceAccount:   "default",
 	}
 	require.NoError(t, c.Create(context.Background(), clusterExtension))
 	t.Log("By eventually reporting a successful resolution")
@@ -290,6 +294,7 @@ func TestClusterExtensionInstallSuccessorVersion(t *testing.T) {
 		PackageName:      "prometheus",
 		Version:          "1.0.0",
 		InstallNamespace: "default",
+		ServiceAccount:   "default",
 	}
 	require.NoError(t, c.Create(context.Background(), clusterExtension))
 	t.Log("By eventually reporting a successful resolution")
diff --git a/test/extension-developer-e2e/extension_developer_test.go b/test/extension-developer-e2e/extension_developer_test.go
index 7de5f3fd7..50643188b 100644
--- a/test/extension-developer-e2e/extension_developer_test.go
+++ b/test/extension-developer-e2e/extension_developer_test.go
@@ -39,6 +39,7 @@ func TestExtensionDeveloper(t *testing.T) {
 			Spec: ocv1alpha1.ClusterExtensionSpec{
 				PackageName:      os.Getenv("REG_PKG_NAME"),
 				InstallNamespace: "default",
+				ServiceAccount:   "default",
 			},
 		},
 	}