Support Article
Require to create Breakglass account on removing local accounts
SA-87751
Summary
All the three (Development,Staging, and Production) environments are Client Active Directory (AD) integrated.
When the Single Sign-On (SSO) does not work, a Breakglass type local Pega account is required on these environments. The client's information security requirement is for this account to be created only when SSO does not work. That is, the requirement is to create Breakglass account on removing all the local (Non-AD integrated) accounts.
Error Messages
Not Applicable
Steps to Reproduce
Not Applicable
Root Cause
Not Applicable
Resolution
Here's the explanation for the reported behavior:
The user has the credentials for [email protected] that is sent at initial provisioning. This must be stored in a secure location at the client.
The procedure to create Breakglass accounts is to break open the 'safe' which stores these to obtain the credentials and log on using these credentials.
Alternatively, Pega retains the overall [email protected] account credentials and creates a 'ClientAdmin' account for which the client stores the credentials.
Published December 2, 2021
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.