Set Up Break Glass Access in 1Password

8 months ago
Written by
Indent
@indent

Named after breaking glass to activate a fire alarm, break glass access is an expidited way for users without access to certain accounts to get access in emergency situations through a predetermined workflow.

To implement it safely, you should store your break glass credentials in a vault within an enterprise password management system like 1Password.

But, how do you manage access to that vault?

Break glass access should be time-bound and create an audit trail to prevent abuse. 1Password doesn’t have that functionality natively, but it’s simple to get set up. Let’s walk through it.

TL;DR: Break Glass Access with Indent

Indent integrates with 1Password to get users fast and secure emergency access to vaults, and then will automatically expire that access after a configured length of time.

How does it work?

Through Slack, a user is able to request time-bound, role-based access to vaults.

Here is what that workflow looks like:

  1. Open slack and enter ‘/access’
  2. Fill out request form requesting access to break glass group, give reason, and hit enter
  3. Indent verifies on-call status or other configured attribute of requester
  4. Once verified, access is granted and provisioned for configured length of time
  5. Indent notifies admins that break glass access has been granted
  6. After configured duration, the requester loses access, but can request again if necessary

FAQ

Does Indent integrate with PagerDuty, Opsgenie, and Incident.io for on-call verification?

Yes! Indent integrates with all the most popular incident management systems.

Does Indent still work if identity, authentication, or authorization systems are down?

Indent can integrate into a break glass workflow even if your primary identity management systems are down. If you have questions about how to get this set up, reach out.

Is there a free tier or a trial?

Yes, setting up break glass access for 1Password won't cost you anything. You can either use Indent Free or sign up for a free 30 day trial of the Business or Enterprise tiers.

To find the right tier for you, check out the pricing page.

Setting Up Emergency Access with Indent and 1Password

In less than an hour you can get break glass access for 1Password set up by following these steps:

  • Create group: Create a new group in your identity provider and give it a name that indicates it's for break glass access e.g. break-glass-1Password

  • Register with Indent and configure: Sign up for a free Indent account, install the 1Password integration and follow the 1Password + Indent docs to configure. If you’re interested in setting up auto-approvals with on-call verification install the Indent integration for Opsgenie, PagerDuty, or Incident.io.

  • Set up your breakglass vault in 1Password: Create a vault in 1Password to store your admin credentials for your cloud apps and infrastructure. Assign your new break glass group to the vault.

    Get Started

    Want to learn more about Indent or have questions about getting break glass access set up? Feel free to schedule time that works for you and we're happy to answer any questions you have!

Try Indent for free.