At the moment the only way to recover access for the Administrator account is to have a non-domain account email setup. With Identity Manager this same feature exists. What I'm proposing is that the feature be added to allow for a master account be configured that exists outside of SSO. This master account could/should require MFA to still log in, but this would allow administrators to setup an account that will have access to their instance in the event SSO breaks.

There are plenty of other examples where cloud service providers offer the option of allow a non-SSO account, from the same domain, that uses MFA be setup to manage their instance.