Directory Administration

Scope

Directory administration is the day-two identity work that determines whether Portal stays clean as the company grows. This guide focuses on the human operating model behind tenant membership, user administration, guest collaboration, and authentication hygiene.

What this guide covers

Portal has to answer a few practical questions well:

• Who belongs in which tenant and under what administrative boundary.
• How user accounts, memberships, and delegated authority are maintained without confusion.
• How external collaboration is allowed without turning guest access into shadow administration.
• How recovery, stronger authentication, and emergency access are handled without weakening the model.

Core operating motions

The routine work in this area usually falls into four buckets:

• Adding, removing, and reviewing tenant membership as teams change.
• Managing user records and administrative actions without blurring self-service and admin-only workflows.
• Running guest access as a governed collaboration path rather than a workaround.
• Keeping passkeys, recovery methods, and emergency identities deliberate enough that supportable access does not become risky access.

Tenant membership and user administration

Healthy directory administration starts with clear tenant boundaries. Operators should be able to explain why a person belongs in a given tenant, what role or group grants their access, and which actions are reserved for operator context versus tenant-admin context.

Good operating practice here means:

• Membership changes are driven by real team structure rather than ad hoc exceptions.
• Administrative actions remain attributable after the fact.
• Bulk changes are reviewed before they are applied.
• Self-service profile work stays separate from higher-risk administrative recovery actions.

Guest and external collaboration

Guest access should remain a governed relationship, not an alternate directory model. The important public story is not the invitation plumbing. It is that external collaboration can be granted, reviewed, suspended, reissued, and removed without collapsing into unmanaged access.

Teams evaluating this area should look for:

• Clear distinction between guest access and true tenant membership.
• Explicit delegated administration rather than implied privilege.
• Enough visibility to understand which guests still have usable access and why.
• A recovery path for failed invitation or onboarding moments that does not create ambiguity about the underlying grant.

Recovery and stronger authentication

Recovery workflows are where many identity systems quietly lose discipline. Portal treats recovery as a controlled path, not as a convenience feature layered on top of weak identity hygiene.

The operator expectation should be:

• Emergency identities are rare, deliberate, and separately controlled.
• Recovery codes and passkeys strengthen account resilience without obscuring who did what.
• Password reset, MFA reset, unlock, and session revocation remain high-signal administrative actions.
• Authenticator posture changes are visible enough that support, security, and audit stakeholders can all understand them later.

What healthy operation looks like

• Tenant membership remains understandable after org changes, new teams, or acquisitions.
• Guest collaboration stays bounded and never becomes the easiest way to bypass normal administration.
• Recovery access is available when needed but does not become an informal privilege path.
• Operators can explain the difference between account ownership, membership, delegation, and emergency access without hand-waving.

Pressure-test questions

• Can a team distinguish clearly between membership administration, guest collaboration, and support-sensitive recovery?
• Are emergency identities and stronger-authentication workflows deliberate enough for real operational use?
• Will the directory still make sense after team growth, partner access, and repeated admin turnover?