In IDM 14.4 with SAML 2.0 Authentication enabled, the Break Glass url is accessible.  For example

Is there a way to secure the link for example:

Can the url be accessible only by Admin Users? If not, how can you restrict access to end-users? After Enabling SAML Authentication is it possible to Integrate IDM with AD for Authenticating Admins or privileged users Authentication, so End users will go through SAML Authentication and Admin Users need to authenticate against AD instead?

Release : 14.4

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

The BreakGlass URL option is the URL used by System Administrators to log into Identity Manager, if the SAML federation breaks. The System Administrator must provide their local login password to log in.  The BreakGlass URL cannot be limited by Identity Manager (IM) itself and the out of the box functionality only allows you to use one authentication module at a time.

Broadcom recommends securing the BreakGlass url at the Proxy level, used to front IM, allowing only certain users (group members, etc.) access. 

Note:

The BreakGlass URL is available regardless of whether the SAML authentication module is configured. 

For more information on configuring SAML please refer to the product documentation.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/administrating/Using-SAML-2_0-Authentication/Configure-SAML-2_0-Authentication.html