Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Local accounts in Atlassian for break glass procedure

Mahesh Bhosle
Mahesh Bhosle
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 27, 2026

Hi,

We are currently evaluating/configuring SSO authentication for our Atlassian environment, and had a question regarding contingency access.

In the event that SSO authentication does not work properly, or if there is an issue during the SSO configuration/setup process, does Atlassian support local user accounts that can still authenticate directly to the platform?

Specifically, we would like to understand whether there is a recommended “break glass” procedure that allows administrators to retain emergency access independent of the SSO identity provider.

Could you please clarify:
- Whether local/native Atlassian user accounts are supported alongside SSO
- If local admin accounts can be excluded from SSO enforcement
- Any best practices recommended by Atlassian for emergency or recovery access scenarios

Thank you for your assistance.

Best regards,
Mahesh

Answer
Watch
Like Be the first to like this
28 views

1 answer

1 accepted

0 votes
Answer accepted
Arkadiusz Wroblewski
Arkadiusz Wroblewski
Community Champion
May 27, 2026

Hello @Mahesh Bhosle 

Atlassian Cloud doesn't use local product accounts like Data Center did, so if your IdP goes down, global SAML enforcement will lock out your admins.

You need an emergency admin account configured to bypass SSO.

You can achieve this either by using an email address entirely outside your verified domains, or by isolating a corporate domain account inside a dedicated Atlassian Guard authentication policy with SSO disabled. Just make sure this account is strictly reserved for emergencies, protected by native 2FA with securely stored recovery codes, and heavily monitored for any activity.

Best,

Arkadiusz🤠

View More Comments
Mahesh Bhosle
Mahesh Bhosle
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 27, 2026

Thank you, Arkadiusz.

Like Arkadiusz Wroblewski likes this
Arkadiusz Wroblewski
Arkadiusz Wroblewski
Community Champion
May 27, 2026

@Mahesh Bhosle 

You're welcome. Having a backup administrator is generally a good practice. You never know what might happen.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Statuspage
Statuspage
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security