Question

Can the break-glass (username/password) login option be disabled or edited without removing the user account?

Answer

The break-glass login option cannot be removed or edited independently of the user account. To remove break-glass credentials for a user, the user account must be deleted.

If a user has registered a username and password, that login method remains available for that account. A user account can exist without registered break-glass credentials and still access the system via SSO if configured for SSO.

There is no way to remove a user's breakglass credentials without deleting and re-adding the user. As an alternative, disable the breakglass user record and perform a user upload that adds the SSO user ID.