How do we create a non-user, service account when we're SSO and identity managed through Azure AD?

Brief context: I need to create an API token for integration with our ServiceNow instance (we looked at third-party apps, but the decision was made to use the API). Because we need both admins to have access, and we don't want it taking on our permissions, we know that we need to have a service account from which we create the token. Currently, we have one identity provider (Azure AD) and a default Authentication Policy that forces SSO. So, I don't know how I could log into that service account with the current set up.

I understand that I need to create a secondary authentication policy with does not require SSO, so that we can log in with a username/password, and apply it to that new user account. Did that. BUT, there is no option to change the authentication policy on a user and I'm guessing maybe that's because we just have the one identity provider?

This is the first time we've ever needed an account that wasn't for a real person within our network and I'm just a little stumped as to my next step... I've been reading documentation, Googling, asking A.I., etc and my brain is melting a little. Any help at all would be greatly appreciated!