1. Description

In environments where Single Sign-On (SSO) is enforced, there may be exceptional cases where certain users need to log in with a local username and password instead. This article explains how to manage these exception users securely and effectively.

2. Who can create SSO exception

To create an SSO exception for a user, you must have access to the Identity Provider (SSO) settings in the Administration module.

3. Creating an Exception for a new user

3.1 Create a new user

In the user setting, add a new user

Add a company and role and send the invite

3.2 Create the SSO exception

Go to the Identity providers (SSO) settings.

In the Single Sing-on Exceptions section (shown in red below), add users as exceptions and click Save.

Once the user and SSO exception are created, the user will be prompted by e-mail to create their account with a password.

4. Creating an Exception for an existing user

In some cases, a user currently authenticates via SSO, but you may need to switch them to a local login instead.

4.1 Create the SSO exception

Go to the Identity providers (SSO) settings.

In the Single Sing-on Exceptions section (shown in red below), add users as exceptions and click Save.

Once the SSO exception is created:

• User access the platform
• User clicks on forgot password

• User enters their email and clicks on “send me a reset link”

• User will receive an e-mail to set a password:

• Once the password is set, the user can access the platform without SSO.

5. Removing an Exception User

Click the arrow icon to remove the exception for a specific user.

If the user is removed from the SSO exception, the user can only log in using SSO.