Break Glass Support for Environments

How to manage Oracle Break Glass for your Fusion Applications environments.

Occasionally, Oracle-authorized personnel need to access resources to troubleshoot or help resolve an issue with your applications environment. Break Glass provides you with the ability to temporarily grant access to Oracle Support using a securely administered workflow.

The Break Glass access control and approval workflow is enabled only for specific Oracle Applications bundles, or if you have specifically purchased the subscription. When you subscribe to Oracle Break Glass service, you get access to Oracle Managed Access, where you enable and manage requests for temporary access to your organization's cloud resources from authorized support operators.

Key features of Break Glass with Oracle Managed Access include:

  • Provides the operator temporary user credentials for a specific duration.
  • Specifies the access level for the representative.
  • Creates logs of all actions, providing an audit trail.

Enabling Break Glass for an Environment

When you provision an environment that has a break glass subscription included in the environment family, the lockbox is automatically created for the environment in Oracle Managed Access with the following default settings:

  • Password expiration time: 96 hours
  • Auto-approval: Enabled

Prerequisite:

  • A subscription that includes Break Glass has been added to the environment family.

You can verify that Break Glass is available for your environment by viewing the environment details:

Under Resources, click Security and then click the Breakglass tab to see details.

Follow the Managed Access documentation to setup the lockbox and approvals for your environment.

Viewing Break Glass Details

To view the break glass settings for the environment, you must have permissions to read the Managed Access resources. For example:

Allow group 'OracleIdentityCloudService'/'FusionAdmins' to read lockbox-family in tenancy

These permissions are included in the set defined for the Fusion Applications Administrator. See Adding a User with Specified Access for a Job Role.

To view details

On the environment details page:

  1. Under Resources, click Security and then click the Breakglass tab to see details.
  2. The following properties of your Breakglass setup are displayed:
    • Enabled
    • Password expiration time
    • Auto-aproval setting
    • Resource setting

Updating Break Glass Settings

To edit the break glass settings, you must have permissions to manage the lockbox-family resources. For example:

Allow group 'OracleIdentityCloudService'/'SecurityAdmins' to manage lockbox-family in tenancy

See Policy Reference for Job Roles for the required policy statements for the Security Administrator.

On the environment details page:

  1. Follow the instructions for Viewing Break Glass Details to view the settings.
  2. To edit these properties, click the resource setting name view its settings in the Managed Access service. Follow the Managed Access documentation.