โ Frequently Asked Questions
โ Why Do We Need a Super Admin Account?
๐ฏ The Short Answer
You need a Super Admin account (using an onmicrosoft.com email) to:
โ Federate your domain with IDEE
โ Maintain emergency access if something goes wrong
โ Avoid being locked out of your own tenant
๐งฉ Why Canโt We Use a Regular Domain Account?
Issue | Explanation |
|---|---|
๐ Lockout Risk | If you federate your domain and all admins use accounts within that domain, a misconfiguration could lock everyone out โ including you! |
๐ซ Federation Limitation | You cannot federate an onmicrosoft.com domain. Thatโs a good thing! It stays managed by Microsoft and always works as a fallback. |
๐ Break Glass Account | The onmicrosoft admin account acts as your โbreak glassโ account. In an emergency, you can use it to switch your domain back from federated to managed and regain control. |
๐ฅ Important Note About Admin Access
Every admin has their own separate integration portal experience.
Example:
admin1@domain.com creates an integration in the AuthN Portal.
admin2@domain.com logs in โ but cannot see or manage that integration.
๐น To give admin2 access, admin1 must share the integration using the portal's sharing feature.
๐น This ensures secure, role-based access to integrations.
