Break Glass Account for Emergency Access

(Available in Professional and Enterprise Editions)

Enterprise passwords are mission-critical for all businesses. Imagine, when a team member goes out on a vacation or falls sick or didn't turn up for the day without any prior intimation and if the company requires immediate access to the enterprise passwords owned by that user, it will directly affect their day to day operations. The break glass account for emergency access helps you proactively tackle such crucial situations.

How it works?

  • Super admins can empower themselves or designate  one or more trusted users as emergency contacts .

  • Whenever there arises an emergency need, those designated as emergency contacts can declare an emergency and view all the enterprise passwords for a specific period.

  • All the events,  including the new emergency contact addition and deletion, emergency declaration, and access are captured as audit trails.

  • Notifications will be sent to all users when someone declares an emergency.

Note: Only super admins can add and delete emergency contacts. Only those users who have completed the sharing handshake process (the mandatory step during Zoho Vault Sign Up) would be able to declare emergency after being designated as an emergency contact. You can check the sharing handshake status by navigating to Settings >> Share Secrets page.

How to Configure Emergency Access?

  • Go to Settings. In the left-hand side menu, click "Emergency Access."

  • Read the instructions carefully in the "Emergency Contacts" tab and click the "Add" button.

  • Select the user(s)  who are to be designated as  trusted contacts for emergency access.

  • Specify the emergency access session validity period in terms of hours. This configuration represents the maximum time period up to an emergency access session would remain valid after declaration. After the specified time limit, a declared emergency will automatically end.

  • Save the configuration.

  • Emergency access setting for a trusted contact will become effective only after an initial waiting period of twenty-four hours.

Note: As mentioned earlier, super administrator(s) can only add those contacts who have already configured the 'handshake' by clicking the 'Initiate Sharing' button (Settings --> Share Secrets). When the super administrator adds or deletes an emergency contact, all users will receive email alerts about the addition/deletion.

How to Declare an Emergency?

Super admin or trusted user(s) can declare an emergency by following the steps mentioned below.

  • Go to Settings. In the left-hand side menu, click "Emergency Access."

  • In the page that opens, click "Emergency Access" tab and read the instructions carefully.

  • Click "Declare Emergency" button.

  • Enter the reason for declaring an emergency in the reason field and click "Declare Emergency."

  • Once you declare an emergency, you will be able to view all the enterprise passwords in your organization for the time period as specified by the super administrator.

  • All users in the organization would be notified via an email automatically when you declare an emergency.

Terminate Emergency Access

  • Super administrators can also validate the reason for declaring an emergency. If the super admin finds the reason for declaring an emergency unnecessary, then the super admin can forcefully end the emergency access and can also remove that user from emergency access contact list if needed.

  • You can view the reason for the emergency by navigating to Settings -> Emergency Access -> Emergency Contacts -> Click 'Emergency Declared.' If you feel that the reason for the emergency declaration is not valid, click 'End Emergency.'

  • If you wish to delete an emergency contact at any time, navigate to Settings -> Emergency Access -> Emergency Contacts -> Delete.

All events such as an emergency declaration, new emergency contact addition, and deletion are captured as audit trails. You can be track this by navigating to Audit -> User Audit / Misc.