Cloud environments are designed to be resilient and automated, but even the most well architected systems need a trusted fallback mechanism. In Oracle Cloud Infrastructure (OCI), a break glass account is a deliberately designed, secure fallback mechanism used only when regular access methods are unavailable.
A well managed break glass setup is not a failure of architecture, but a sign of operational maturity. It ensures that your organization can regain control swiftly and securely when faced with unforeseen access issues.
This post outlines best practices for securing break glass access to OCI
Best Practices for Console Login Break Glass Accounts
1. Use a Dedicated Local IAM User
Create a local IAM user specifically for emergency access. Avoid assigning broad administrative privileges across the tenancy. Instead, apply targeted policies that enable access recovery tasks, while maintaining clear audit trails.
2. Enforce Strong Multi-Factor Authentication (MFA)
Configure MFA using hardware backed devices, such as YubiKeys or app based authenticators with biometric protection. Try to avoid less secure methods such as SMS based MFA.
3. Separate the MFA and Password Custodians
- One person holds the password.
- Another holds the physical MFA device.
Both must collaborate to gain access and this ensures accountability and reduces misuse risk.
4. Monitor and Alert on Usage
Use OCI Audit and Cloud Guard to log and alert on any login events associated with the break glass user. Treat any usage of this account as a security event, requiring incident response procedures and postmortem review.
5. Regularly Test Access and Rotate Credentials
Schedule controlled drills to test break glass access end to end. Ensure that credentials, MFA devices and alerting systems are functional. Rotate passwords and MFA registrations at least annually or when a custodian changes roles.