Menu Close

Enterprise Cloud Admin Forest

About

The Enterprise Cloud Admin Forest (ECAF) provides cloud admin identities. These can be used to manage any cloud service or application.

There are multiple ECAF account types. These are separated to manage different cloud environments.

All ECAF accounts currently require multi-factor login. Support multi-factor methods are Alt-Token, Yubikey, Authy, Microsoft or Google Authenticator.

ECAF accounts can be used across multiple tenants. They can be added to a new tenant by adding the UPN as a guest user.

Account Types

Azure US Gov Cloud

  • us.adm.mil
    • Primary account for managing Azure Gov. These can also be used to manage AWS or any other cloud that accepts SSO/OIDC/OAUTH/SAML.
  • dod365.adm.mil
    • Used to manage DoD365-Joint O365 Tenant
  • uscg.adm.mil
    • Used to manage USCG O365 Tenant

Azure Commerical Cloud

  • com.adm.mil
    • Primary account for managing Azure Commerical. These can also be used to manage AWS or any onther cloud that accepts SSO/OIDC/OAUTH/SAML.

How To Request An Account

Accounts are requested via the DEAS Admin Self Service Portal. Accounts are auto approved and emailed to your enterprise email address within 30 minutes. These accounts are however permissionless. They must be granted permissions by an existing admin.

Accounts that are not used in 30 days are disabled. However, the Admin Self Service Portal can be used to re-enable them.