Better Ways to Break Glass: Planning for Emergency Access

In modern identity management, the guiding principle is clear: least privilege. Users should only have access to the systems and data they need—no more, no less. This reduces the attack surface, limits accidental damage, and ensures compliance with security frameworks.

But even in the most tightly controlled environments, reality has a way of throwing curveballs. Systems go down, key employees are unavailable, security incidents demand urgent response—and suddenly, your strict access controls are the very thing preventing recovery. That’s when you need “break glass” access—temporary, emergency access that gives trusted individuals extraordinary privileges when the situation demands it.

The challenge? Making that access instantly available—but only to the right person and for the right amount of time.

Everything Breaks: When You Need Emergency Access

Break glass access refers to predefined methods that allow certain individuals or teams to override normal access restrictions during emergencies. Think of it like a fire extinguisher behind glass: you don’t want people using it casually, but you do need it to be immediately accessible when things are on fire.

Here are a few scenarios where emergency access is not just helpful but essential:

• Security incidents: During a breach, investigators may need urgent access to audit logs, production environments, or user accounts to stop malicious activity.
• Personnel changes: If an admin is abruptly terminated or becomes unavailable, remaining team members may need access to their accounts or tools to keep operations going.
• Critical business continuity: In regulated sectors like healthcare or finance, emergency access may be required to retrieve patient data, restore transactions, or ensure compliance.
• IAM misconfigurations: Sometimes, the IAM system itself breaks—locking everyone out. If no one can fix it from the inside, you’re stuck.

Without a break glass plan, teams risk losing hours—or even days—trying to regain control, losing revenue and reputation with each passing minute.

The Risks of Traditional Break Glass Access

Historically, emergency access has been handled through shared credentials, out-of-band admin accounts, or manual escalation paths. While functional, these methods come with serious risks:

• Static credentials: A common approach is to store credentials in a vault or password manager. But if those credentials are never rotated or too broadly accessible, they become a security liability.
• Lack of visibility: Who used the break glass account? Why? What did they do while they had it? Without strong logging, this access can be a black hole.
• Overuse: If break glass access is too easy to get, it becomes a shortcut. “Just break glass and fix it” becomes the culture, bypassing least privilege entirely.
• Audit failures: In compliance-focused environments, undocumented or poorly controlled emergency access can trigger audit findings or policy violations.

In other words: traditional break glass mechanisms often succeed at providing access, but fail at controlling, monitoring, and securing that access.

The Autonomous Approach: Break Glass Access with Lumos

At Lumos, our goal is “Autonomous Identity”—to make access self-managing and self-optimizing as much as possible, so the right identity gets the right access for the right amount of time. This applies to break glass access too. With just-in-time (JIT) access, pre-approval workflows, and detailed auditing, you can have your fire extinguisher—and still keep it secure.

Here’s how break glass access works in Lumos:

• Pre-approved Emergency Paths
• Just-in-Time (JIT) Requests
• Full Auditability
• Integrated Alerts

Pre-approved Emergency Paths

Security teams can define break glass access in advance—specifying who can request what, under which circumstances, and for how long. These rules can include:

• Users or groups eligible for emergency roles
• Conditions under which access is granted (e.g., only outside working hours)
• Whether an identity is “on call” in an incident management platform like PagerDuty or incident.io
• How long access is granted for

This ensures that when an emergency happens, you’re not scrambling for approvals—you’ve already planned for it.

Just-in-Time (JIT) Requests

Instead of granting standing admin privileges or static credentials, Lumos supports JIT access. An eligible user can trigger an emergency request, and access is provisioned dynamically—just for the duration needed. When the time expires, access is automatically revoked.

This drastically reduces the risk of long-lived privileges sitting unused, where they can be exploited by an attacker.

Full Auditability

Every access request, including break glass scenarios, is logged in detail: who made the request, and how it was approved. In addition, since emergency access is temporarily granted to an employee's existing identities, all logs will show who has taken an emergency action, with no confusion around which person was actually behind a break glass identity. This creates a clean audit trail that simplifies compliance reviews and builds trust with security teams.

Integrated Alerts

Security or compliance teams can be automatically notified when break glass access is used. This ensures oversight without delay and helps enforce accountability without needing to micromanage.

Plan for the Worst So it Doesn’t Happen

Break glass access is a necessity—not a failure of identity governance, but a safety net for the real world. The key is not just making it possible, but making it secure, traceable, and hard to misuse.

By combining pre-approved workflows, time-limited access, and detailed monitoring, Lumos makes it easy to support emergencies without sacrificing control. The power goes only to the right person, when you really need it, and only as long as you need it. Book a demo today to learn more!