Before enabling Single Sign On (SSO) in a TFE instance, a non SSO recovery account should be created. This account is used to access the TFE instance if SSO is not behaving as expected, such as while testing team management.
These Rails commands should be used if a TFE instance is in a state where it cannot be accessed through the GUI due to a lack of non-SSO recovery admin accounts.
Access the Rails console by SSHing into the TFE instance and running the following command:
sudo docker exec -ti ptfe_atlas /usr/bin/init.sh /app/scripts/wait-for-token -- bash -ic 'cd /app && bin/rails c'
Create a user via Rails console:
User.create!(email: "email@example.com", username: "example", password: "example", is_admin: true)
Add a user to the owners team of an organization via Rails console:
Once the user is an admin and an owner of the org, it can be used to log into the TFE instance without SSO. Then, SSO can be disabled to allow for general access to the system.