17 lines
1.1 KiB
Markdown
17 lines
1.1 KiB
Markdown
---
|
|
name: Cascades admin account ownership
|
|
description: Howard uses sysadmin@cascadestucson.com, Mike uses admin@cascadestucson.com — used for daily admin work, not break-glass.
|
|
type: project
|
|
---
|
|
|
|
At Cascades Tucson tenant (`207fa277-e9d8-4eb7-ada1-1064d2221498`):
|
|
|
|
- **`sysadmin@cascadestucson.com`** — Howard's working admin account (used the PIM portal click on 2026-04-28 for the CA Admin role assignment).
|
|
- **`admin@cascadestucson.com`** — Mike's working admin account.
|
|
|
|
As of 2026-04-29, neither is confirmed as cloud-only / FIDO2 / CA-excluded — Howard "doesn't think they are cloud-only." A break-glass admin still needs to be designed before the CA bypass policies go live.
|
|
|
|
**Why:** Avoid asking who owns which admin login again, and keep clear that these are *daily-driver* admin accounts, not the eventual break-glass.
|
|
|
|
**How to apply:** When discussing Cascades admin work or break-glass design, attribute correctly. Don't assume sysadmin@ or admin@ already meet break-glass criteria — verify against Graph (onPremisesSyncEnabled, authentication methods, CA exclusions) before relying on either.
|