Require to create Breakglass account on removing local accounts
All the three (Development,Staging, and Production) environments are Client Active Directory (AD) integrated.
When the Single Sign-On (SSO) does not work, a Breakglass type local Pega account is required on these environments. The client's information security requirement is for this account to be created only when SSO does not work. That is, the requirement is to create Breakglass account on removing all the local (Non-AD integrated) accounts.
Steps to Reproduce
Here's the explanation for the reported behavior:
The user has the credentials for [email protected] that is sent at initial provisioning. This must be stored in a secure location at the client.
The procedure to create Breakglass accounts is to break open the 'safe' which stores these to obtain the credentials and log on using these credentials.
Alternatively, Pega retains the overall [email protected] account credentials and creates a 'ClientAdmin' account for which the client stores the credentials.