ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Break Glass setup Process

book

Article ID: 41338

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Introduction:

The Break Glass process:

A user performs a break glass check out when they need immediate access to an account that they are not authorized to manage.

Break Glass accounts are privileged accounts that are not assigned to the user according to the user role. However, the user can obtain the account password if the need arises.

In a Break Glass check out process, a notification message is sent to the role administrator, informing the administrator that a Break Glass check-out process occurred, however, the administrator cannot approve nor stop the process.

The checked out Break Glass account is added to the user's My Checked-out Privileged Accounts tab in the Break Glass option of the Home tab.

Note: Only users with the break glass privileged access role can perform the break glass process.

 

Instructions: Following are the steps to configure the break glass.

To enable Break Glass, need to login to the system, as Administrator. Go to users and Groups -> Roles->Privileged Access Roles->Modify Roles->Choose Break Glass->Click on Members Tab.

It would show this

Privileged Account
where (Account Name = "nosuchaccount4"
and Account Name = "nosuchaccount3")

nosuchaccount4 and nosuchaccount3 needs to be replaced with the specific account name which would have the Break Glass privilege or "*"

 

Additional Information:

More information on Break Glass is available at:

https://support.ca.com/cadocs/0/CA%20ControlMinder%2012%208-ENU/Bookshelf_Files/HTML/idocs/index.htm?toc.htm?Implementation_Guide.html

Environment

Release: ACP1M005900-12.9-Privileged Identity Manager
Component: