Emergency access users are third-party users (e.g., contractors and vendors) that are created in an Okta IdP and configured on the Emergency Access page of the Zscaler Private Access (ZPA) Admin Portal.

Prior to viewing and managing emergency access users, a list of prerequisites must be met. To learn more, see Configuring Emergency Access.

About the Emergency Access Users Page

The Emergency Access Users page is not visible if you are within a Microtenant that has Privileged Approvals disabled. To learn more, see About Microtenants.

On the Emergency Access Users page (Authentication > User Authentication > Emergency Access Users), you can do the following:

1. View a list of applied filters available from the current and previous user sessions. Applied filters must be saved to the user session first before they can be viewed. Use the drop-down menu to select the applied filters to view. To learn more, see Using Tables.
2. Hide the filters on the page by clicking Hide Filters. Click Show Filters to display the filters.
3. Refresh the Emergency Access Users page to reflect the most current information.
4. Filter the information that appears in the table. By default, no filter is applied. You can also save applied filters to your preferences so that they're visible in future user sessions. To learn more, see Using Tables.
5. View a list of emergency access users that were added. For each emergency access user, you can see:

• First Name: The first name of the emergency access user, as provided by the admin.
• Last Name: The last name of the emergency access user, as provided by the admin.
• Email Address: The email address of the emergency access user, as provided by the admin.
• Status: The status of the emergency user. The emergency access user can be in one of the following states:
  • Active: Indicates when the user is activated and has completed the email-based authentication.
  • Staged: Indicates when the user is created in the IdP but neither activated nor deactivated.
  • Provisioned: Indicates when the user is created and activated in the IdP, but still needs to complete activation via email-based authentication.
  • Deprovisioned: Indicates when the user is created in the IdP but not activated.
  • Suspended: Indicates when the user does not have access to applications within the IdP.

Other statuses (e.g., Password Expired, Locked Out, Recovery) might appear. To learn more, refer to the Okta Help Center.

• Activation Date: The date and time when the emergency access user was activated by the admin.
• Last Login Date: The date and time when the emergency access user last logged in.

6. Edit an emergency access user.
7. Activate an emergency access user.
8. Deactivate an emergency access user.
9. Modify the columns displayed in the table.
10. Open the Zscaler Help Browser and view Help Portal articles without leaving the ZPA Admin Portal.
11. Go to the IdP Configuration page to add a new IdP for single sign-on (SSO) or manage existing configurations.
12. Go to the SAML Attributes page to import attributes or add them manually.
13. Go to the Settings page to modify authentication settings (e.g., enabling Remote Assistance).
14. Go to the Emergency Access page to configure emergency access for third-party users.