This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Looker
- Looker Forums
- Administering Looker
- How to avoid and troubleshoot an instance lockout
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Solved
LinkedIn
Twitter
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reply posted on
--/--/---- --:-- AM
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Author: Sam Asher @sam8
These steps are for emergencies only. To avoid crises like these, you should always enable alternate login or have backup API credentials for an admin on your Looker instance.
The problem you want to avoid
You are stuck at the login page and cannot access your Looker instance. This may have occurred because of misconfigured authentication settings, or because users logging in with SAML/LDAP settings have no permissions due to an error with group to role mapping.
To get back into your Looker instance, you need one of the following:
- A set of credentials that were once valid (email/password or API)
- Looker Support Access enabled on your instance
- A backup of the instance
- If your instance is hosted by Looker, your instance is automatically backed up five different ways.
- Customer-hosted instances are not automatically backed up by Looker. See the Creating Backups documentation page for more information about creating backups for customer-hosted instances.
To avoid an instance lockout altogether, ensure that one of the three listed above are enabled. The section below provides a detailed overview of how to troubleshoot an instance lockout, using the listed items above.
Troubleshooting a lockout
Knowing that you need one of the three items to resolve an instance lockout, we can proceed according to these lockout troubleshooting steps, in increasing order of difficulty to execute:
- Do you have Support Access enabled on your instance?
- If yes, Looker Support can authenticate into your instance and disable the authentication method causing the lockout. You can then log in with your email and password credentials.
- If no, proceed with step 2.
- Does an admin have API credentials?
- If yes, have an admin log in and use the API endpoint appropriate to the authentication method you use (for example,
update_odic_config,update_saml_configorupdate_ldap_config) to disable the authentication method or enable alternate login for a user. This step will not currently work for instances using Google Authentication for their Looker instance. - If no, confirm whether you have email/password credentials. Skip to step 5 if you do not, otherwise proceed to step 3.
- If yes, have an admin log in and use the API endpoint appropriate to the authentication method you use (for example,
- Is alternate login enabled for an admin?
- If yes, have the admin log in and fix the authentication issues that are causing the lockout.
- If no, proceed to step 4.
- Are you using SAML, LDAP, or OpenID Connect authentication?
- If yes, Looker Support can disable these authentication methods for your instance so you can log in with your regular email/password credentials.
- If you want to re-enable SAML, LDAP, or OpenID Connect after the issue is resoled, create API credentials for an admin, and then contact Looker Support to re-enable the authentication method of your choice.
- If no, proceed to step 5.
- If yes, Looker Support can disable these authentication methods for your instance so you can log in with your regular email/password credentials.
- Do you have a backup of the instance?
- If your instance is hosted by Looker, the answer is automatically yes. Contact Looker Support to restore your instance from a backup.
- If you host your own instance, double-check that you have a backup of the instance and restore from that backup.
- If no, contact Looker Support for additional assistance.
If at any point during this process you have questions or need assistance, don’t hesitate to reach out to Looker Support!
0
0
575
Topic Labels
- Labels:
-
Authentication
0 REPLIES 0
Top Labels in this Space
-
access grant
5 -
actionhub
2 -
Actions
4 -
Admin
32 -
alert
6 -
Analytics
1 -
Analytics Block
13 -
API
10 -
Authentication
13 -
bestpractice
1 -
BigQuery
13 -
blocks
2 -
boards
5 -
Bug
30 -
cache
3 -
Cloud Error Reporting
1 -
Cloud Load Balancing
1 -
connection
20 -
connection database
4 -
content access
4 -
content-validator
2 -
custom field
2 -
custom measure
1 -
Dashboards
27 -
Data
1 -
Data Sources
1 -
Database
13 -
datagroup
1 -
derivedtable
1 -
develop
1 -
development
2 -
done
1 -
download
4 -
downloading
2 -
embed
8 -
Errors
9 -
explore
9 -
Explores
1 -
Extensions
1 -
feature-requests
2 -
filed
1 -
filter
12 -
folders
2 -
formatting
1 -
General Looker Administration
160 -
git
16 -
Google Sheets
1 -
googlesheets
1 -
i__looker
3 -
imported project
1 -
Integrations
1 -
internal db
4 -
liquid
1 -
Looker
5 -
LookerStudio
1 -
lookml
13 -
looks
4 -
manage projects
2 -
Marketplace
2 -
model
1 -
modeling
1 -
mysql
5 -
Networking
3 -
pdf
1 -
pdt
6 -
performance
3 -
permission management
12 -
Projects
3 -
query manager
1 -
redshift
6 -
release
9 -
rendering
1 -
Reporting
1 -
schedule
20 -
schedule delivery
2 -
sdk
2 -
Security
8 -
server configuration
2 -
Setting up your Looker Instance
33 -
sharing
2 -
snowflake
1 -
sql
4 -
SSO
7 -
system activity
8 -
time zone
2 -
Training
2 -
Ui
2 -
usage
5 -
User access & management
46 -
user access management
10 -
user management
8 -
user-attributes
9 -
visualizations
7 -
webhook
3
- « Previous
- Next »