A break-glass account is a tightly controlled emergency account kept for exceptional situations when normal identity systems or administrative paths are unavailable.
A break-glass account is a tightly controlled emergency account kept for exceptional situations when normal identity systems or administrative paths are unavailable. In plain language, it is the emergency override account an organization uses only when standard access methods cannot support urgent recovery or administrative action.
Break-glass accounts matter because resilience sometimes requires a last-resort path. If identity infrastructure is down, misconfigured, or unavailable during a serious incident, responders may still need a way to restore control safely.
They also matter because emergency access is high risk. A break-glass account usually holds powerful privileges, so poor governance around it can create exactly the kind of standing access problem the organization is trying to avoid elsewhere.
Break-glass accounts appear in Privileged Access Management, identity-provider resilience planning, disaster recovery, and high-severity incident response. Teams connect them to Authentication, Just-in-Time Access, Just Enough Administration, Audit Log, and Incident Response Plan.
Security teams usually protect these accounts with strong storage controls, restricted use conditions, explicit approval rules, and mandatory review whenever the account is accessed.
An organization’s main identity provider suffers a severe outage during a production incident. A designated emergency administrator uses a sealed break-glass account to restore critical access and stabilize the environment, and the use is documented and reviewed immediately afterward.
A break-glass account is not the same as an ordinary privileged admin account. It exists for exceptional fallback conditions, not for everyday convenience.
It is also different from Just-in-Time Access. Just-in-time access is a normal governance model for temporary elevation. A break-glass account is an emergency recovery control for situations where the normal model may not be available.