A customer during the integration of Workspace One Access with Azure AD for MFA activation “locked out” the admin interface.
Prior to version 21.08, a URL was enabled by default on each Workspace One Access VSA for Break-glass URL Endpoint access.
https://< TENANT URL>/SAAS/login/0
from 21.08 onwards it was disabled because it was not security complaint for customer environments
To enable it, you must SSH or WEB GUI access one of the Workspace One Access VSA and run the following command:
hznAdminTool configureBreakGlassLogin –enable -loginZero
and restart the horizon-workspace service with the following command.
Service Horizon-workspace restart
At this point the “Emergency” URL is enabled again
And you can access it to fix the necessary policies.
To turn it off:
hznAdminTool configureBreakGlassLogin –disable -loginZero
Service Horizon-workspace restart