Requirements/Approval:
• Must be approved or submitted by an Amazon title owner
• Application access must also be approved for new or existing Originals Access email accounts
Must meet use case criteria:
- Required for Tier 0 or Tier 1 productions, unless business domain/email has been approved for appropriate level Tier and is current/active in START (All applications)
- Required for applications that require originalsaccess.com email account. A full list can be found on the Technology Services Tech Menu, denoted by the “OA” icon
- Required for Cloud production applications
- Required for WorkMail shared inboxes (e.g. Payroll, Accounts Payable)
Applications:
All Originals Access email accounts will be provisioned with the following applications:
• Amazon WorkMail
• Amazon Chime
• Access to Production Portal and Production Manual
Optional apps that require Originals Access domain email:
• Originals Access Box
• Docusign
• Airtable (Please note that Amazon Studios Support provides application access but not base access).
• Flow Production Tracking (fka Shotgrid)
• Adobe Creative Cloud. User region where they will be working from is required at time of request (e.g. US, MX, GB)
General Policy/Content Security Requirements:
- One account per individual. If an individual has an existing Okta account for access to applications such as Flow Capture or Aspera, an Originals Access account will be the primary account and other account(s) will be deactivated
- Amazonians are not issued Originals Access email accounts with exceptions that require additional business justification and approval from Studios TechOps Management
- Applications that require Originals Access domain email are not granted access with a non-Originals Access email account (Box, Docusign, Adobe, Airtable, Flow Production Tracking). This includes START approved domains Tier 0/Tier 1 productions
- Multi-factor authentication is required using Okta Verify app (iOS/Android). Devices must have OS PIN/Code setup
- Emails that are sent to an Originals Access email account should not be forwarded (via rules or manually) to any other accounts
- If there is an existing account with a non-Originals Access email, alternative account will be consolidated and deactivated, with Originals Access being primary
Frequently Asked Questions:
What applications are automatically provided with an Originals Access account upon creation?
• Chime
• Production Portal and Manual
• WorkMail
Is it possible to issue an Originals Access email account to Amazon contractors?
Amazon contractors should be onboarded through the Contingent Workforce Program rather than being issued an Originals Access email account.
Can Contingent Workers be granted admin rights?
The Contingent Worker policy does not allow admin access for contingent workers. As a workaround, a blue badge employee can generate a report and share the audit results.
Here is a summary of Amazon's Contingent Worker Policy
Amazon engages Contingent Workers (CWs) through third-party services (3P) or as Independent Contractors (ICs) to provide services globally across Americas, APAC, and EMEA regions. CWs are categorized into five engagement types (Type A: Direct oversight by Amazon, paid per time worked / Types B-D: Indirect oversight, paid based on milestones or deliverables / Type E: No payment but requires system or building access), each with specific oversight, payment structure, and duration. These workers may require access to Amazon facilities, systems, or customers. Departments using CWs are responsible for policy adherence, with non-compliance leading to disciplinary action or termination. Offboarding must occur on the same day a worker's assignment ends to protect Amazon's security. CWs include Temporary Workers (TEMP), Independent Contractors (IC), Project-Based Contractors (PBC), Outsourced Service Providers (OSP), and Non-Employee Affiliates (NEA). However, part-time, temporary blue badge, or fixed-term employees are not considered CWs.
Is there any cost or fee associated with requesting the Originals Access account?
There is no fee or cost involved in requesting the account.
Who can have Originals Access account ?
Anyone working as a production contractor or approved vendors
How do I reset my password if I forgot it?
Please follow the steps provided in the following guide to reset or by contacting Support at: support.amazonstudios.com
How do I get a new QR code for Okta Verify (MFA)?
• Send a request to Support at: support.amazonstudios.com
• Follow this setup guide with step-by-step guidance
Can I setup WorkMail in my Outlook or Mail app?
Yes, you can setup your WorkMail account on Outlook or Mail (macOS/Windows) and mobile device apps. Please refer to the guide linked below:
Setting up email clients for Amazon Workmail
Note for mobile app setup, the server (AWS region) is:
US West (Oregon)
mobile.mail.us-west-2.awsapps.com
I have been added to a shared inbox, how do I add this to my WorkMail?
• WorkMail Web Portal: Add Mailbox to Workmail. You must be granted access prior to adding.
• Outlook (macOS/Windows): Please refer to Microsoft documentation. Note that you must have the password for the account that you are adding and must have been granted access prior to adding.
Originals Access account in Outlook is persistently prompting for a password or redirecting users to the Microsoft sign-in page.
• User to log in to the OKTA portal first to check if their password has expired.
• If password has not expired, please send a request to Support at: support.amazonstudios.com