The use of Super Admin should be used or given extremely sparingly.
Super Admin is a special role in Admin role. Super Admin has full permissions for all users and features within the dashboard.
Some best practices for using/giving Super Admin privileges:
- Do not use Super Admin for daily use
- Super Admins must have a separate account for daily use
- Give to limited users
- Must have MFA enabled for users with Super Admin role
- Set roles with specific permissions for specific scenarios
Do not use Super Admin for daily use
Super Admin accounts should not be used for daily use, Super Admin accounts should only be used when specific task requiring Super Admin privileges are required.
This is to reduce the risk of accidental changes that may occur with daily usage of an administrator account.
Super Admins must have a separate account for daily use
Since Super Admin accounts must not be used for daily use, a Non-Super Admin account should be created for daily use.
Only use the Super Admin accounts for the required task then log out of the Super Admin account.
This limits the risk of accidental changes that may occur with daily use of an administrator account.
As well as limit the chance of phishing attacks.
Give to limited users
Due to the nature of the Super Admin role, it is best to give the Super Admin privileges to a select few users.
This reduces the number of potential breaches for your school's dashboard.
Must have MFA enabled for users with Super Admin role
Since having a compromised Super Admin account would leave your entire school's dashboard vulnerable.
To reduce the risk of having a Super Admin account compromised, having MFA enabled adds an extra layer of security for the Super Admin account.
Set roles with specific permissions for specific scenarios
To limit the use of Super Admin privilege, it is best to create roles that do a specific task.
Such as specific role that only allows for the creation of users.
This limits the chances of users making unauthorised changes.