Issue Summary

If an SSO provider has an outage, or the org admin misconfigures either SSO or SAML, the organization's Atlassian cloud users won't be able to access their Atlassian account and use their products.

Designated org admins should have the option of bypassing SSO without needing a backup account not enforced with SSO and or self-servicing a passwordless login without having to create a ticket.

The current workaround requires an extra step to create a breakglass account and it is susceptible to human error. 

It might be in our interest to have an alternative for the customers to bypass SSO authentication without contacting support in outage events. For example, a page where they need to type the admin email address so we can send a passwordless link to that account (if it matches an admin email that is locked out by SAML enforced).

Workarounds

Enable a breakglass account by having a separate authentication policy that:

• has at least one organization admin account in it.
• does not have SAML SSO enforced.

This will allow the org admin to get back into the organization and make any necessary changes in case of critical events.