As a part of the Fleet 4.61.1 release, we added the ability to add an extra layer of security for your "break glass" account that's used to login to Fleet in the rare scenario that your Identify Provider (IdP) goes down. For all other accounts, the best practice is to require users to login with single-sign on (SSO).
GitHub issue:
https://github.com/fleetdm/fleet/issues/22078
User story:
As a security team who is checking out the IT team's new tool,
I want us to be able to use email verification for our “break glass” account in Fleet so that I can feel confident that we're following security best practices.
Learn More:
https://fleetdm.com/docs/deploy/single-sign-on-sso
See other features released in Fleet 4.61.1:
https://fleetdm.com/releases/fleet-4.61.1
