Skip to main content

Frequently Asked Questions

What is "break-glass" access?

"Break-glass" access is a controlled emergency procedure for accessing critical systems when normal access paths are unavailable or too slow.

Who can approve a request?

Users with the Approver role (or Admin) can approve or deny requests.

See Roles and Permissions.

Does AccessLedger store secrets?

No. AccessLedger stores credential metadata (where a secret is stored, how risky it is, how often it should be rotated) and the audit trail around break-glass access.

How do request statuses work?

Requests have internal statuses such as pending, approved, denied, closed.

The UI also shows derived statuses:

  • Active: approved and not yet expired
  • Expired: approved but past the expiry time

Can one email belong to multiple organizations?

No. One email can belong to one organization.

If an email is already in use, signup prompts the user to log in instead.

Do users need to verify email?

Yes, for notification delivery. Unverified users can still sign in, but the dashboard shows a verification reminder.

Use /resend-verification to request a new verification link.

How often should credentials be rotated?

AccessLedger tracks rotation based on the credential's Rotation Interval (days) and Last Rotation timestamp.

Rotation policy is set by your organization. A common baseline is 60 to 90 days for high-risk credentials, but requirements vary by environment.

Where are audit logs stored?

Audit events are stored in AccessLedger and available in the Audit Log UI. You can filter by user, credential, event type, and date range.

Admins and auditors can export the audit log to CSV.

How do I enable email notifications?

Admins configure reminder cadence under Settings -> Notification Settings.

SMTP must also be configured by the deployment operator.

See Notification Settings.

Can I create additional users or change roles?

Yes. Admins can invite users and manage roles in Settings -> Users.

Invites are token links that expire based on server configuration (default: 24 hours). Users can be deactivated (disabled from login) or deleted (hidden in the tenant UI while retained for audit).

See User Management for details.