What is a one sentence summary of your feature request?
Add UI/API to create, disable, delete multiple local Administrator users.
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
ENVIRONMENT: My organisation’s infrastructure is run jointly by an MSP (24×7 ops, DR) and an internal Infrastructure team (IAM governance). Each team needs its own named local break-glass admin.
CURRENT LIMITATION: Only the built-in “SystemAdmin (sa)” account exists locally; every other admin role must be mapped through AD groups or OUs (confirmed by Netwrix support 29 May–04 Jun 2025).
BUSINESS IMPACT
Single-point-of-failure – loss of sa or an AD outage blocks both teams from recovery.
Segregation of duties – MSP and internal staff cannot have separate audit trails.
BC/DR and compliance – ISO 27001, SOC 2, FCA require two independent privileged identities.
Contractual SLAs – MSP cannot meet RTO/RPO when customer AD is unavailable.
REQUESTED ENHANCEMENT
Add UI/API to create, disable, delete multiple local users.
EXPECTED BENEFITS
• Removes AD dependency for break-glass access.
• Lets MSP meet SLAs while keeping customer AD offline.
• Gives internal team its own credential for investigations and change control.
• Improves auditability and satisfies regulator expectations for dual custody of privileged access.
• Matches competitor IDM platforms that already support multi-local-admin models.
SUPPORT CASE REFERENCES
23 May 2025 – initial inquiry
27 May 2025 – AD-group admin roles explained
29 May 2025 – confirmed only one local admin exists
04 Jun 2025 – advised to submit feature request
PRIORITY: High – critical for resilience, compliance, and operational segregation.
How do you currently solve the challenges you have by not having this feature?
Only MSP has access to the breakglass account.