You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/admin/concepts/identity-and-access-management/setup-user.md
+9-4Lines changed: 9 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,16 +15,21 @@ The setup user is **only** intended to be used for:
15
15
16
16
* Configuring authentication and provisioning
17
17
* SCIM provisioning via its {% data variables.product.pat_generic %}
18
-
* Regaining access to your enterprise in the event of an issue with your identity provider, by utilizing the enterprise's SAML recovery codes
18
+
* Regaining access to your enterprise in the event of an issue with your identity provider, by utilizing the enterprise's recovery codes
19
19
20
20
For other enterprise administration tasks, such as creating organizations, use a provisioned managed user account with the appropriate administrative role.
21
21
22
22
## How do I sign in as the setup user?
23
23
24
-
After we create your enterprise, you will receive an **email** inviting you to choose a password for the setup user.
24
+
After we create your enterprise, you will receive an **email** inviting you to choose a password for the setup user.
25
25
26
-
When you create the password, you should enable two-factor authentication (2FA) for the account. All subsequent login attempts for the setup user account will require a successful 2FA challenge response.
26
+
When you create the password, you should enable two-factor authentication (2FA) for the account.
27
27
28
-
If the enterprise account has enabled single sign-on and the setup user has **not** enabled 2FA, they must use an enterprise recovery code to authenticate. To avoid being locked out of your account, after enabling single sign-on, **save your enterprise recovery codes**. See [AUTOTITLE](/admin/managing-iam/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes#downloading-codes-for-an-enterprise-with-enterprise-managed-users).
28
+
Unlike provisioned managed users, the setup user cannot sign in via SSO. Instead, the following applies:
29
+
30
+
***With 2FA enabled**: All subsequent login attempts for the setup user account will require a successful 2FA challenge response. After completing the 2FA challenge, you will be prompted for a recovery code. You can skip this prompt and navigate directly to {% data variables.product.prodname_dotcom_the_website %} to access the setup user account. However, accessing your enterprise settings will always require a recovery code.
31
+
***Without 2FA enabled**: You must provide a recovery code every time you sign in.
32
+
33
+
We strongly recommend enabling 2FA on the setup user to avoid needing a recovery code for every sign-in attempt. To avoid being locked out of your account, after enabling single sign-on, **save your recovery codes**. See [AUTOTITLE](/admin/managing-iam/managing-recovery-codes-for-your-enterprise/downloading-your-enterprise-accounts-single-sign-on-recovery-codes#downloading-codes-for-an-enterprise-with-enterprise-managed-users).
29
34
30
35
{% data reusables.enterprise-accounts.emu-password-reset-session %}
0 commit comments