Break-Glass URL

Enabling Break-Glass URL Endpoint in Workspace ONE Access

fabio1975, , Leave a comment

A customer during the integration of Workspace One Access with Azure AD for MFA activation “locked out” the admin interface.

Prior to version 21.08, a URL was enabled by default on each Workspace One Access VSA for Break-glass URL Endpoint access.

https://< TENANT URL>/SAAS/login/0

from 21.08 onwards it was disabled because it was not security complaint for customer environments

To enable it, you must SSH or WEB GUI access one of the Workspace One Access VSA and run the following command:

hznAdminTool configureBreakGlassLogin enable -loginZero

and restart the horizon-workspace service with the following command.

Service Horizon-workspace restart

Text Description automatically generated

At this point the “Emergency” URL is enabled again

Graphical user interface, application, website Description automatically generated

And you can access it to fix the necessary policies.

To turn it off:

hznAdminTool configureBreakGlassLogin disable -loginZero

Service Horizon-workspace restart

Enabling Break-Glass URL Endpoint in Workspace ONE Access