Files
claudetools/.claude/memory/project_cascades_admin_accounts.md
Mike Swanson 0daa7951b3 sync: auto-sync from GURU-5070 at 2026-06-02 07:25:49
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-02 07:25:49
2026-06-02 07:25:55 -07:00

17 lines
1.1 KiB
Markdown

---
name: Cascades admin account ownership
description: Howard uses sysadmin@cascadestucson.com, Mike uses admin@cascadestucson.com — used for daily admin work, not break-glass.
type: project
---
At Cascades Tucson tenant (`207fa277-e9d8-4eb7-ada1-1064d2221498`):
- **`sysadmin@cascadestucson.com`** — Howard's working admin account (used the PIM portal click on 2026-04-28 for the CA Admin role assignment).
- **`admin@cascadestucson.com`** — Mike's working admin account.
As of 2026-04-29, neither is confirmed as cloud-only / FIDO2 / CA-excluded — Howard "doesn't think they are cloud-only." A break-glass admin still needs to be designed before the CA bypass policies go live.
**Why:** Avoid asking who owns which admin login again, and keep clear that these are *daily-driver* admin accounts, not the eventual break-glass.
**How to apply:** When discussing Cascades admin work or break-glass design, attribute correctly. Don't assume sysadmin@ or admin@ already meet break-glass criteria — verify against Graph (onPremisesSyncEnabled, authentication methods, CA exclusions) before relying on either.