Home Compliance & Certification Admin Account Screenshot Guide

Admin Account Screenshot Guide

Last updated on Sep 23, 2025

1. Purpose of this Guide

This artefact proves that admin rights aren’t handed out like free samples. It shows that any administrator account access was:

  • Properly requested,

  • Approved by senior management, and

  • Documented with oversight.

Admin accounts are the “master keys” of your systems — if they fall into the wrong hands, dragons get in.

2. What You Will Submit

You will need:

  • screenshot that shows administrator account approval.

  • The screenshot must clearly display:

    • The admin account being created/assigned.

    • The approval or authorisation trail (e.g. manager approval, ticket approval, or workflow confirmation).

    • Context that ties the account to a legitimate business purpose.

3. How to Collect / Obtain / Generate This Evidence

Here are some common ways to capture the right screenshot:

Microsoft 365 / Azure AD (Entra):

  1. Go to Microsoft Entra Admin Center → Users.

  2. Select the user → check Roles and administrators.

  3. Screenshot the page showing the Global admin / privileged role assignment.

  4. If approval was logged in your ticketing/email system (e.g. ServiceNow, Jira, Outlook), screenshot the approval note or email.

Google Workspace:

  1. Log into Google Admin Console → Directory → Users.

  2. Select the user → open Admin roles and privileges.

  3. Screenshot the role assignment with timestamp.

  4. If approval was logged in your ticketing/email system (e.g. ServiceNow, Jira, Outlook), screenshot the approval note or email.

AWS IAM:

  1. Log into AWS Console → IAM → Users.

  2. Select a user with AdministratorAccess policy.

  3. Screenshot the attached policy and creation/modification date.

  4. If approval was logged in your ticketing/email system (e.g. ServiceNow, Jira, Outlook), screenshot the approval note or email.

Other systems (Atlassian, GitLab, etc.):

  • Go into the system’s user management / role assignment screen.

  • Take a screenshot showing admin rights and approval/authorisation notes.

4. Evidence Format

  • Accepted file types: PNG, JPG, PDF.

  • Suggested naming format:
    YourCompanyName_AdminAccountApproval_YYYY-MM-DD.png
    Example: AcmeCorp_AdminAccountApproval_2025-07-01.png

5. What “Good” Looks Like

A strong submission will include:

  • The specific admin account (username visible).

  • The system or tool (e.g. Microsoft 365, AWS, Atlassian).

  • Proof of approval (manager or senior-level authorisation).

  • date/timestamp to show recency.

Why this matters: Auditors want to see that admin rights weren’t just quietly granted by IT — but signed off at the right level.

6. Tips

  • Redact sensitive info before uploading (e.g. personal email addresses, full internal ticket numbers).

  • Pair the screenshot with an approval note or workflow log if the system doesn’t show approval inline.

  • Keep screenshots recent (within the audit cycle) to prove the process is active, not just historic.