Problem Statement
In the event of an Identity Provider (IdP) outage, administrators may be unable to access Lansweeper due to exclusive reliance on Single Sign-On (SSO) authentication. To mitigate this risk, there is a need to provision a secure “break-glass” account. This account would be a locally managed Lansweeper user with appropriate administrative and SSO-equivalent permissions, intended solely for emergency access when the IdP is unavailable.
Solution
Lansweeper supports multiple authentication methods, including Single Sign-On (SSO) and standard email-and-password login. In the event that the Identity Provider (IdP) is unavailable, access can still be maintained by enabling standard login credentials on an existing account.
If a user account was initially created using SSO, it may not yet have a password configured and will therefore be limited to SSO authentication. To enable an alternative login method, the account owner can initiate a password reset from the Lansweeper login page. This process allows a password to be set for the account, after which the user can authenticate using the standard email and password fields.
For break-glass access scenarios, it is recommended to ensure that at least one administrative account has standard login credentials configured in advance. This account can then be used to access Lansweeper if SSO authentication is temporarily unavailable.
