A break-glass account is a highly privileged emergency access account that provides limited, controlled access to the Commvault software as a last resort option. It is intended to restore secure access when administrators are locked out due to critical system failures, configuration errors, or external identity provider outages.
Note
-
A break-glass account is not intended for routine administrative use. It provides limited access to identity provider configuration and user management functions only.
-
Only one break-glass account can be created per company.
Use Cases
-
Recovery of locked administrator accounts – Restores tenant administrative access when the company’s primary administrator accounts are disabled, locked, misconfigured, or when passwords are forgotten.
-
Identity provider (IdP) or SSO failures: Using the restrictive access recovers administrative accounts when external identity systems (for example, SSO providers) are unavailable or unreachable.
-
MFA/TFA misconfigurations: Provides a recovery path when incorrect multi-factor or two-factor authentication settings prevent legitimate access.
-
Emergency access scenarios: Enables immediate administrative action during outages, security incidents, or operational emergencies.
-
Company recovery: Restores administrative control in multi-tenant environments to prevent prolonged service disruption and maintain business continuity.
Capabilities
-
For login, password regeneration, account creation, and secret key actions, triggers an email notification for registered tenant administrators of the company.
-
Password is regenerated on every login to maintain a high level of security.
-
Prevents repeated use of password to reduce risk of misuse or exposure.
-
All actions are recorded in the audit trail.