Topic
Single Sign-On (SSO) Break Glass Access.
Description
When setting up Single Sign-On (SSO) access, it is important to consider how you will gain access to Everbridge should there be an SSO outage. Creating Break Glass Access is the best answer for scenarios like this.
What is Break Glass Access?
'Break Glass Access' or 'Break Glass Credentials' refer to a set of backup credentials that allow users to sign into the Everbridge platform directly without using Single Sign-On (SSO)
Why do we need to set up Break Glass Access?
Break Glass Access can be used in the following scenarios:
Your Organization's SSO Identity Provider is encountering an outage, but you may still need to access Everbridge.
There is an emergency in the area and you need to launch a message via the Emergency Live Operator (ELO).
See knowledge article EBS: How a User With Single Sign-On (SSO) Credentials Can Launch a Notification Using the Emergency Live Operator (ELO) Procedure
You need to re-configure and/or update the SSO configuration because the metadata has expired.
Everbridge Technical Support uses the security questions that are established when a user establishes their Break Glass Credentials to verify users who call in to support seeking login assistance or use of the Emergency Live Operator line. Everbridge Technical Support cannot provide any login assistance for Single Sign-On accounts as they are managed by the client-side Identity Provider.
Who should have Break Glass Access?
Break Glass Access should be set up for key Manager Portal stakeholders who may need access to the system in any of the situations listed above. There should always be at least one active Account Administrator with Break Glass Credentials to assist in emergencies.
It's important to note that Users who need access to the Emergency Live Operator feature must have Break Glass Credentials. These credentials are necessary for verifying identity when using the Emergency Live Operator functionality.
How do we set up Break Glass Access?
Break Glass Access is set up by having a User register with Everbridge directly. Please review these articles for more information about Everbridge user registration:
EBS: How to Determine if a User is Registered in Everbridge Suite
EBS: How to Send a Registration Email to Contacts in Everbridge Suite
EBS: How to Send a Registration Email to Users in Everbridge Suite
Note: Existing Users with Everbridge credentials will still be able to use their 'break the glass' passwords even after SSO is configured. However, new Users added with SSO-only access will not have the ability to create Break Glass Credentials.
Can users with Break Glass Access still sign in with Single Sign-On?
Yes. Users with Break Glass Access can use Single Sign-On as their primary login method and only use their Break Glass Credentials in case of emergencies.
Can Break Glass Access be revoked?
Yes. Please review these articles for steps to remove Break Glass Access:
Can Break Glass Access be removed for SSO-only users?
No. It is not possible to remove Break Glass passwords for Users who are set up for SSO-only access. However, new Users added with SSO-only access will not be able to create their own Break Glass passwords.
Article Feedback
While we can’t respond to you directly, we’d love to know how we can improve the article.
Please sign in to leave a comment.