IDEE
← Production Deployment Guide (M365 Only)

Acknowledgment

We are about to create an account on the AuthN Integrations Portal

We strongly recommend having two admin accounts before creating an integration with IDEE.

  1. It is recommended to use the super admin(owner) account only for emergencies.
    Example - admin@onmicrosoft.domain.com

  2. You should create an admin account (if you have not done so) for the day-to-day management of your integrations and users.
    Example - admin@domain.com

Please confirm that you have a super admin account that can be used to manage the domain in case the integration admin account becomes inaccessible.

❓ Frequently Asked Questions

Q: Why is a Super Admin account required?

A: The primary objective of our integration is to ultimately federate the domain with the AuthN service. To ensure uninterrupted administrative access, it is strongly recommended to create a Super Admin account using an email address from a non-federated domain, such as the default .onmicrosoft.com domain.

If an admin account is created using a user within the domain that is intended to be federated, there is a risk of losing administrative access to the federation settings in the event of a lockout. .onmicrosoft.com domains cannot be federated, making them ideal for use as a break-glass account. Such an account can be used to revert the domain from federated to managed status in case of emergencies, ensuring you always retain control.

πŸ“Œ Important Note: Integration Portal Access

Each administrator has their own distinct instance of the AuthN Integration Portal. For example, if admin1@domain.com creates an account on the portal and sets up an integration, that integration is tied specifically to admin1's account.

If admin2@domain.com subsequently creates a separate portal account, they will not automatically have access to the integration created by admin1. To grant access, admin1 must explicitly share the integration with admin2 through their own portal interface. This ensures that access to sensitive integration configurations remains controlled and auditable.

  • I consent to having super admin account