TrademarkTrademark
Features
Documentation

Introducing Scalr's "Break the Glass" Feature: Ensuring Emergency Access for AdministratorsSMASH GLASS, GET IN CAVE: EMERGENCY DOOR FOR CHIEFS

An overview of the latest feature designed to help administratorsWhen magic door break, chosen chiefs smash glass and enter cave anyway. Caveman explain how.
Alistair HeysAugust 18, 2022
Introducing Scalr's "Break the Glass" Feature: Ensuring Emergency Access for Administrators

When something breaks, the last thing you want is to be locked out of the system you need to fix it. Scalr built the "Break the Glass" feature for exactly that situation, so administrators can still get in during an incident.

The "Break the Glass" feature lets selected users skip the regular Single Sign-On (SSO) process and log in directly with their administrator credentials. Because they're exempt from the IDP login restrictions, these users can get in and fix an emergency fast, so your operations stay up.

A few guidelines will help you use the feature well:

  1. Configuration with Care: Whoever sets up the SSO should be on the "break the glass" list. That way, if something is misconfigured and locks people out, you still have a way back in to fix it quickly.
  2. Preparedness for IDP Downtime: IDP providers sometimes go down or hit configuration problems, like an expired SAML certificate. When that happens, regular users can get locked out of login. Designated "break the glass" users keep their access, so they can update configs or take critical actions even while the IDP is down.
  3. Secure Emergency Access: The "break the glass" feature gives you emergency access, but be careful about who you grant it to. Keep the list to the people who genuinely need this level of access. And make sure those accounts are locked down with strong passwords and multi-factor authentication.

With "Break the Glass" set up ahead of time, an IDP outage or a botched SSO change doesn't lock your team out of Scalr. Add a couple of trusted admins to the list now, secure their accounts, and you have a way back in when you need it.

To learn more about this feature and what Scalr can do for your organization, sign up today!

When cave on fire, chiefs must get inside cave. No excuses. That why Scalr build "Break the Glass" — special emergency entrance made just for tribe chiefs.

Normal tribe members enter cave through magic SSO door (identity spirit check who you are, then open door). "Break the Glass" let chosen chiefs skip magic door and enter with their own chief password instead. When magic door break, chosen chiefs still get in, fix problem fast, tribe keep hunting.

But emergency door must be set up wisely. Caveman share three rules from elders:

  1. Door builder must hold spare key: Chief who set up the SSO door must be on break-the-glass list. Why? If chief fumble door setup and lock whole tribe out, chief can still get in and fix own mistake. No spare key, no fix. Tribe stand outside cave in rain.
  2. Magic door spirits get sick sometimes: Identity spirit (IDP) sometimes go down or door magic expire (SAML certificate become old and die). When that happen, normal tribe members stuck outside. Break-the-glass chiefs still get in, renew the magic, push important rocks even while spirit sick.
  3. Few keys, strong keys: Emergency door powerful, so be careful who get key. Only give to chiefs who truly need it. And chiefs with keys must guard them hard — strong password, multi-factor grunt check. Key falling into wrong hands very bad for tribe.

With Break the Glass, tribe ready for surprise disasters. Cave stay reachable, work keep moving, chiefs sleep well on rock pillow.

Want learn more about what Scalr do for tribe? Sign up today!

About the author
Alistair HeysVP of Marketing at Scalr
Alistair Heys is the VP of Marketing at Scalr, writing about Terraform, OpenTofu, and infrastructure-as-code platform engineering for DevOps teams.