The Unlimited Admin Mode can be very helpful to recover passwords when you need access due to staff leaving, outside of hours or just when incorrect permissions have been applied on certain Secrets.
One option is to limit the Role Permissions - "Administer Unlimited Admin Configuration
", "Administer Role Assignment", "Administer Role Permissions
", "Unlimited Administrator". If you assign these Role Permissions to groups (AD or local), then you will also need to consider who has access to the "Administer Groups" Role Permission. (Many customers opt to assign the Unlimited Admin Role Permissions on a per user basis to limit any group membership problems).
Another recommendation is to set up an Event Subscription so that email alerts are sent whenever Unlimited Admin is turned on.
Here is a screenshot showing the conditions you can target to be alerted for Unlimited Admin.
Administrators and Users will still be able to do all the typical functions within the system without the Unlimited Admin Role Permissions.