EBS: Single Sign-On (SSO) Break Glass Access in Everbridge Suite

Topic

Single Sign-On (SSO) Break Glass Access.

Description

When setting up Single Sign-On (SSO) access, it is important to consider how you will gain access to Everbridge should there be an SSO outage. Creating Break Glass Access is the best answer for scenarios like this.

What is Break Glass Access?

'Break Glass Access',  'Break Glass Credentials', or 'Break the Glass' (BTG) are all terms that refer to a set of backup credentials that allow users to sign into the Everbridge platform directly without using Single Sign-On (SSO). 

Why do we need to set up Break Glass Access?

Break Glass Access can be used in the following scenarios:

  • Your Organization's SSO Identity Provider is encountering an outage, but you may still need to access Everbridge.

  • There is an emergency in the area and you need to launch a message via the Emergency Live Operator (ELO).

  • You need to re-configure and/or update the SSO configuration because the metadata has expired.

Everbridge Technical Support uses the security questions that are established when a user establishes their Break Glass Credentials to verify users who call in to support seeking login assistance or use of the Emergency Live Operator line. Everbridge Technical Support cannot provide any login assistance for Single Sign-On accounts as they are managed by the client-side Identity Provider.

Who should have Break Glass Access?

Break Glass Access should be set up for key Manager Portal stakeholders who may need access to the system in any of the situations listed above. There should always be at least one active Account Administrator with Break Glass Credentials to assist in emergencies.

Note: Users who need access to the Emergency Live Operator feature must have Break Glass Credentials. These credentials are necessary for verifying identity when using the Emergency Live Operator functionality.

How do we set up Break Glass Access?

Break Glass Access is set up by having a User register with Everbridge directly. Please review these articles for more information about Everbridge user registration:

Note: Existing Users with Everbridge credentials will still be able to use their 'break the glass' (BTG) passwords even after SSO is configured. However, if a BTG user account is deleted and a new account is created with SSO-only access, that User will no longer have the ability to access the system with their prior Break Glass Credentials.

Can users with Break Glass Access still sign in with Single Sign-On?

Yes. Users with Break Glass Access can use Single Sign-On as their primary login method and only use their Break Glass Credentials in case of emergencies.

Can Break Glass Access be revoked?

Yes. Please review these articles for steps to remove Break Glass Access:

Can Break Glass Access be removed for SSO-only users?

No. It is not possible to remove Break Glass passwords for Users who are set up for SSO-only access. However, new Users added with SSO-only access will not be able to create their own Break Glass passwords.

Was this article helpful?
0 out of 0 found this helpful

Article Feedback


While we can’t respond to you directly, we’d love to know how we can improve the article.

Please sign in to leave a comment.

  • The note in the How do we set up Break Glass Access? section needs to be clarified.  From my inquiries, I recommend it to be changed as follows.

    Note: Existing Users with Everbridge credentials (accounts) will still be able to use their BTG passwords even after SSO is configured. However, if the BTG accounts are deleted and a new account is created with SSO-only access, then they will not have the ability to access with their prior Break Glass Credentials.

    0
  • change made. Thank you!

    0