Break Glass setup Process
search cancel

Break Glass setup Process


Article ID: 41338


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)



The Break Glass process:

A user performs a break glass check out when they need immediate access to an account that they are not authorized to manage.

Break Glass accounts are privileged accounts that are not assigned to the user according to the user role. However, the user can obtain the account password if the need arises.

In a Break Glass check out process, a notification message is sent to the role administrator, informing the administrator that a Break Glass check-out process occurred, however, the administrator cannot approve nor stop the process.

The checked out Break Glass account is added to the user's My Checked-out Privileged Accounts tab in the Break Glass option of the Home tab.

Note: Only users with the break glass privileged access role can perform the break glass process.


Instructions: Following are the steps to configure the break glass.

To enable Break Glass, need to login to the system, as Administrator. Go to users and Groups -> Roles->Privileged Access Roles->Modify Roles->Choose Break Glass->Click on Members Tab.

It would show this

Privileged Account
where (Account Name = "nosuchaccount4"
and Account Name = "nosuchaccount3")

nosuchaccount4 and nosuchaccount3 needs to be replaced with the specific account name which would have the Break Glass privilege or "*"


Additional Information:

More information on Break Glass is available at:


Release: ACP1M005900-12.9-Privileged Identity Manager