ZAC - creating a second admin users

I was in dialog with @TheLumberjack who mentioned that you can create a new admin user using the following command

ziti edge create identity user Admin3 -A --updb newAdminpwd

This worked… but then… I tried to log into ZAC using that account… which did not work.

do you need to enrol the admin user for this to happen?

Chris also mentioned the the password was unable to be changed for the new admin user that was created

would this happen if the user was not enrolled

The reason for doing this is… that one of the standard practices is to delete/disable the admin user once the system is setup…

can you disable identities rather than deleting them?
what is the recommended identity lifecycle?