Guide: Access Control

Break Glass Access Control Systems: The Essentials

A Break Glass Access Control System is a concept that originates from emergency alarms, such as fire alarms guarded by “break glass” stations. These stations secure an alarm lever or button behind glass to ensure use only during extreme emergencies. It is important to note that the alarm cannot be “turned off” without physically removing and replacing a component in the station.

In computing, “break glass” refers to a technique used to access a system in urgent conditions for bypassing standard security measures.

This article will explore Break Glass Access Control Systems by covering the following topics:

What is a Break Glass Access Control System?

Access control models are typically very rigid, so permissions based on a specific policy rarely change. However, in many cases, it is necessary for access control, or the underlying policy, to provide additional flexibility. This applies especially to health care and disaster management industries.


In such contexts, break glass is one strategy for providing flexible policy assistance to prevent system stagnation that could endanger lives or cause other losses.


A Break Glass Access Control System refers to a quick and simple way for someone, who has the correct access privileges, to access restricted data in an emergency. Break glass procedures must be created, documented, implemented, and tested in systems that store electronically protected sensitive information. These procedures are necessary so that in the case of an emergency it is possible to gain necessary access to this critical information. 


It is crucial that break glass control procedures are well-documented and easily understood; so that there is a clear policy for facilitating alternative and/or manual access to data.


For more information read about: 

The 3 Parts of a Break Glass Access Control Process

There are three essential parts to address before implementing a break glass access control solution:

1. Create Virtually Secure Emergency Accounts in the Cloud

You can initiate a break glass operation with as little as two emergency accounts in the cloud. The emergency accounts should not be connected to any local systems and the credentials should be shared with only those authorized to use break glass access.

2. Establish Password Security

One way to increase password security is to split your emergency access account password into at least two parts and store them in separate fireproof safes. Then if a break glass scenario occurs, an administrator with the credentials can reconnect the two halves.

3. Set Initial Configuration Options

You should allocate permanent global administrator roles to several well-trusted individuals within the organization. Further, you should ensure that all administrations use multi-factor authentication (MFA). However, the MFA should not be required for break glass accounts if the employees with break glass privileges only have access to their own devices. 

Examples of Break Glass Access Control

Here are some examples of typical break glass access control scenarios:


  • MFA Required Accounts: In this example, administrators require MFA to gain access to a new set of privileges. The verification is via either phone or text message; however, due to a cellular network outage, this is not possible. If the company has authentication override mechanisms, the system administrator can start “breaking the glass” and enable the necessary roles.
  • Privileged Account Management (PAM): Ordinarily, privileged administrator credentials are stored in an encrypted vault within a PAM system. However, there are several situations in which losing access to the vault might make retrieving credentials for administrative accounts difficult. Emergency break glass protocols are in place if the sole system administrator who can access the password vault leaves the company or a DDoS assault prevents anyone from logging in.
  • Emergency ePHI access: Credentials for ePHI accounts that are lost or stolen might delay or even prevent emergency treatment. A break glass method allows an unprivileged or visiting caregiver to access a restricted account and provide the necessary treatments.¬†

Break Glass Access Control Best Practices

To leverage break glass access control to your organization’s advantage, there are some best practices you can follow:

Require MFA in Most Cases

You should implement MFA for all users to limit the chance of an attack originating from a compromised password. However, there should be break glass authentication overrides that are not dependent on phone or text MFAs. 

At Least One Non-Conditional Access Account

There should be at least one account with emergency access that is exempt from all conditional access rules. This will ensure that there is at least one access point during an emergency.

Keep Your Account Credentials Secure

Organizations should ensure that only authorized personnel can access emergency access account credentials.


As mentioned earlier, a password for an emergency access account is usually broken up into two or three parts and maintained in secure, fireproof safes located in secure places that are separate from one another.


If you choose to implement password protection, be sure to use strong, randomly generated non-expiring passwords that are at least 16 characters long.

Keep an Eye on Audit Records and Sign-in Activity

In an emergency, companies should keep tabs on who signs in and what they do once logged in and alert the appropriate people in charge. You can monitor break glass accounts to ensure they are only used for testing and actual situations.

Federation Guidance

It is important to keep the emergency access to on-premises systems and the emergency access to cloud services separate and independent. In the event of a system outage, it is not worth the extra risk introduced by mastering or sourcing authentication for accounts with emergency access privileges from other systems.


Business continuity planning is based on preparing for and responding to disruptions in operations. Any difficulty, including losing access to a system or server, is just as bad. It is important to have a comprehensive recovery plan, and break glass access solutions are a key ingredient.


Satori provides easily implemented attribute-based access controls. Using Satori’s data fine-grained access control policies you can simply and easily implement a break glass access control system. 


To find out more about Sator’s access control options:

Last updated on

October 12, 2022

The information provided in this article and elsewhere on this website is meant purely for educational discussion and contains only general information about legal, commercial and other matters. It is not legal advice and should not be treated as such. Information on this website may not constitute the most up-to-date legal or other information. The information in this article is provided ‚Äúas is‚ÄĚ without any representations or warranties, express or implied. We make no representations or warranties in relation to the information in this article and all liability with respect to actions taken or not taken based on the contents of this article are hereby expressly disclaimed. You must not rely on the information in this article as an alternative to legal advice from your attorney or other professional legal services provider. If you have any specific questions about any legal matter you should consult your attorney or other professional legal services provider. This article may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites.