This policy establishes the requirements for enforcing Single Sign-On (SSO) MFA Account Separation within Admin By Request (ABR) for UK customers to ensure compliance with Cyber Essentials Plus.

The objective is to prevent privileged access using a primary account and enforce multi-factor authentication (MFA) for secondary accounts where applicable.

This policy applies to all organizations in the UK using ABR (Windows version 8.5.1 and later), requiring privileged access management (PAM). It further applies to any organization using ABR outside the UK that wishes to maintain compliance with Cyber Essentials Plus.

The scope includes:

• Users who require elevated permissions.

• IT administrators managing privileged access.

• Security and compliance teams enforcing Cyber Essentials Plus guidelines.

The following definitions are used in this document:

• User: a person logging-in with standard privileges using a primary account.

• Administrator: a person logging-in with elevated privileges using a secondary account.

• Primary account: the main account used by a person for day-to-day activities.

• Secondary account: another account available to a person which has different (typically elevated) privileges from the primary account.

• MFA: Multi-Factor Authentication - using more than one mechanism to verify identity.

This policy may refer to, and should be read in conjunction with, the following:

• Commitments and responsibilities in ABR's Data Processing Agreement

• Support provisions in ABR's Terms and Conditions and Customer Support Services

• Collection, use and disclosure of personal data in ABR's Privacy Policy and Data Privacy Settings

Refer also to ABR's Trust Center documents.