Skip to content

Updating Emergency Access Administrators

When an identity profile uses a flat file source as its account source, the admins listed in that flat file have special emergency, or break glass, access so they can sign in when your site is having connectivity issues to troubleshoot and repair problems.

When you first gain access to your orgs, you're granted one emergency access administrator. You can add or remove emergency access admins by editing the file containing the emergency access administrator identity information.

Note

Emergency access administrators are frequently referred to as break glass administrators.

Prerequisites:

  • SailPoint has created your org and given you access to an initial administrator account.
  • At least one identity profile exists with a flat file account source.

Updating Emergency Access Administrators List

Download the emergency access administrator file to add, remove, or update information in the file.

To download the list of emergency access administrators:

  1. Go to Admin > Connections > Sources.

  2. Select or edit the Identity Security Cloud Administrators source.

  3. In the Account Management section, select Accounts.

  4. Select Export to download the current list of emergency access administrators.

  5. Open the .csv file and review the list of accounts.

    Each administrator has one row under each column header. Column headers represent account attributes.

  6. Update, add, or remove rows for each administrator as needed. Do not add or remove any column headers. Save the .csv file.

    Important

    • When this file is uploaded, the identities provided are used as the complete set of emergency access admins for the site. Removing an account from this file and uploading the file removes that identity from Identity Security Cloud.
    • Do not include the SailPoint Support identities slpt.support or slpt.services in this file. These identities are used to allow the SailPoint support team to troubleshoot your site. To grant or disable access to these identities, visit Granting Support Access to Your Site.
    • Do not delete the slpt.support or slpt.services identities from your site. If these accounts are deleted, SailPoint Support might be unable to sign in to your site to help with implementation or troubleshooting.

  7. In the Account Management section, select Account Aggregation.

  8. Under Upload Accounts, select the Upload icon and choose the .csv file of accounts.

While an aggregation is running, the Start Aggregation button will be disabled. You can view the progress of this aggregation in the Latest Account Aggregation section on this page. You can cancel the aggregation by selecting Cancel at the top of the aggregation card.

You can also view aggregation activity on the Aggregation History page. You can also cancel the aggregation from this page.

Setting Up Emergency Access Administrators

After adding users to the emergency access admins flat file, grant them admin access.

  1. Go to Admin > Identity Management > Identities and find the identities you have designated as emergency access administrators.
  2. Select Actions > Set User Levels.
  3. Enable the toggle for the Admin user level and select Save.

Inviting New Emergency Access Administrators

Invite new emergency access admins who are also new users to Identity Security Cloud. Refer to Inviting Users to Register for instructions.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.