You may have noticed break-glass boxes in buses, trains, or buildings. There is a big possibility that most of us haven't had to use them at any point in time, but they are a comforting security measure. On the same lines, you can create a break glass account for emergencies in Azure Active Directory.
In this blog, we will be reading about break-glass accounts and the benefits of break-glass accounts. We will also read about how to set up a break glass account.
It is highly recommended that you should set up at least 2 secure fall-back accounts to protect your organization at all times. This can be highly useful and comforting in scenarios where all other accounts may lose access because of multifactor authentication issues, permission/password expiration, conditional access measures, or any other reason.
You may have to count on break-glass accounts in the following situations:
If the identity provider host in your environment has gone down.
The user accounts are federated, and the federation is currently unavailable.
If there is a cell-network break or an identity provider outage.
The administrators are registered through Azure AD Multi-Factor Authentication (MFD) and their individual devices are unavailable or the service is unavailable.
The individual with the most recent Global Administrator access has left the organization.
In case of unforeseen circumstances such as a natural disaster emergency.
Let us now learn about how to create an emergency access account.
You will need to sign into the Azure portal or Azure AD admin center as an existing Global Administrator.
Choose Azure Active Directory > Users. Then, click on New user and select Create user.
You will now have to give the account a User name and the account a Name.
To safeguard the account, you will have to create a complex and long password for the account.
Under Roles, assign the Global Administrator role and under Usage location, select the appropriate location.
You can select Create and store account credentials safely.
It is highly recommended that you monitor sign-in and audit logs and ensure that accounts are validated regularly.
We hope that this informative guide on how to set up a break glass account was useful to you.