1.1 KiB
1.1 KiB
name, description, type
| name | description | type |
|---|---|---|
| Cascades admin account ownership | Howard uses sysadmin@cascadestucson.com, Mike uses admin@cascadestucson.com — used for daily admin work, not break-glass. | project |
At Cascades Tucson tenant (207fa277-e9d8-4eb7-ada1-1064d2221498):
sysadmin@cascadestucson.com— Howard's working admin account (used the PIM portal click on 2026-04-28 for the CA Admin role assignment).admin@cascadestucson.com— Mike's working admin account.
As of 2026-04-29, neither is confirmed as cloud-only / FIDO2 / CA-excluded — Howard "doesn't think they are cloud-only." A break-glass admin still needs to be designed before the CA bypass policies go live.
Why: Avoid asking who owns which admin login again, and keep clear that these are daily-driver admin accounts, not the eventual break-glass.
How to apply: When discussing Cascades admin work or break-glass design, attribute correctly. Don't assume sysadmin@ or admin@ already meet break-glass criteria — verify against Graph (onPremisesSyncEnabled, authentication methods, CA exclusions) before relying on either.