In our environment, admin users typically have their primary AD account along with admin accounts with elevated rights. How are you managing secondary accounts in your environment? Are you letting 1ID handle them at all? Are you setting IsPrivilegedAccount / automating any aspects?
I was looking to possibly implement "To prevent privileged user accounts from inheriting the entitlements of the default user, define a mapping rule for the IsGroupAccount column with a default value of 0 and set the Always use default value option." in our environment but still trying to determine best way to handle.