FRR-RSC-01 - Top-level administrative accounts guidance

Providers must create and maintain guidance that includes instructions on how to securely access, configure, operate, and decommission top-level administrative accounts that control enterprise access to the entire cloud service offering.

The guidance should explain how top-level administrative accounts are named and referred to in the cloud service offering.

CSP supported

Yes

CSP secure configuration guidance

  • Administrators can get started quickly by setting up the organization hierarchy, adding users, and checking data quality after data is added to the platform.
  • When IBM Envizi ESG Suite is first provisioned for a client organization, it contains a single group and a location called Unallocated accounts, which is provisioned to capture data from automated uploads where no matching account is found.
  • Decommissioning: Administrators must maintain the accuracy of access lists by removing or updating outdated contacts and users when roles change.

Prerequisites for administering the platform at provisioning

  • Single sign-on is implemented by integration with client IdP.
  • Password policy is managed and owned by client organization admin.

Related information