When external identity providers, such as SAML or Active Directory, fail and prevent user authentication, a tenant admin can log on using the break-glass account to correct configuration issues and restore access for all tenant users.
Log in with the break-glass account
-
Open the Command Center login page.
-
Enter the break-glass account username and the password that you saved during the account generation.
-
Set up the authenticator app using the QR code shown on the screen.
For subsequent logins, you can enter either the OTP shown in the authenticator app or the one received over the email. All tenant admins of the company will receive an OTP over the email.
-
Click Login.
-
Reset the password as prompted.
Note
The break-glass account requires a new password during every login. You must copy and securely save the new password for the next emergency use.
-
Click Proceed.
Update your identity provider configuration
-
From the Command Center navigation pane, go to Manage > Account > Security.
-
Click the Identity servers tile.
-
Open and configure the identity server/SAML that you want to fix.
For example, upload a new keystore file, or update metadata for your identity provider or service provider.
-
Test and save the changes.
Reset password for administrator accounts
-
From the Command Center navigation pane, go to Manage > Account > Security.
-
Click the Users tile.
-
Click the administrator account.
-
In the User summary section, click the Edit button
. -
To reset the password, in the Password box, enter a new password.
-
To update the email address, in the Email box, enter the email address, and then click Save.
Related Topics
For detailed steps about how to configure your identity provider, see Identity Provider Use Cases.