Super-Administrator as 'Break Glass Account' in Password Manager Pro
In the previous post, we were discussing how to manage emergency access to IT resources when an administrator is away. The 'Super-Administrator' role in Password Manager Pro (with the privilege to access all passwords) comes in handy to tackle this.
In the latest release (v 6.6), an option has been provided to keep the super-administrator role purely as a break-glass account for emergency access to passwords. So far, any administrator could change the role of another administrator (not himself) as super-administrator. PMP now provides the option to prevent administrators from creating super-administrators. The objective is to have only one super-administrator for emergency access.Super-administrator role can be used as break glass account as explained below:
- Create a new administrator account in PMP and designate the new account as the Super-Administrator
- The new super-administrator will login and enforce the option of denying other administrators from creating super-administrators. Once this restriction is enforced, super-administrators cannot be created further.
- The login credentials of this super-administrator will be sealed and kept in a safe to be opened only for emergency access
Comments