Interesting name of the functionality 🙂 . I guess the break-glass metaphor came from the emergency situation when one needs to break the glass to pull a fire alarm.
Break-glass access enables administrators to request emergency access to privileged accounts they are not normally entitled to. Such a situation may happen when a critical server is down and the designated server administrator is not available. In this
case, the administrator goes through the Identity Governance platform’s request process indicating this is a break-glass emergency request. Submission of the request kicks off a break-glass workflow with minimal or automatic approval (based on the customer’s processes and policies). The administrator is provisioned to the OPAM LDAP group and can access privileged credentials. A special alert is generated and audited for the event and is sent to security administrators. The access is automatically de-provisioned based on the security policies defined by the customer.