cancel
Showing results for 
Search instead for 
Did you mean: 

Require SSO Login for all but a few logins

TimTrag
Explorer
Explorer

We want to require SSO for our Users, but we have a few accounts that are used by Departments to host Webinars, so they use a shared email address for hosting.

 

We want to allow those accounts to sign in with email address and password, but all other accounts to require SSO.

I cannot figure out if this is possible and how I would go about setting it up.

 

I have SSO set up and configured, so that is not an issue.

1 ACCEPTED SOLUTION

Bort
Community Champion | Employee
Community Champion | Employee

Yes, this is possible by requiring users to authenticate via SSO, and setting a few exceptions to that rule.

  1. As an admin, login to the account and go to the Security page, found under Advanced. 
  2. Enable Allow users to sign in with Single Sign-On (SSO).
  3. Enable Require users to sign in with SSO if their e-mail address belongs to one of the domains below. There you will set the email domains you want to require to use SSO, as well as set specific users who can bypass this requirement. 

Hope that helps and please make sure to mark the solution as accepted if this information is what you needed.

View solution in original post

6 REPLIES 6

Bort
Community Champion | Employee
Community Champion | Employee

Yes, this is possible by requiring users to authenticate via SSO, and setting a few exceptions to that rule.

  1. As an admin, login to the account and go to the Security page, found under Advanced. 
  2. Enable Allow users to sign in with Single Sign-On (SSO).
  3. Enable Require users to sign in with SSO if their e-mail address belongs to one of the domains below. There you will set the email domains you want to require to use SSO, as well as set specific users who can bypass this requirement. 

Hope that helps and please make sure to mark the solution as accepted if this information is what you needed.

I dont see those options under security.

Hi Bort!

 

I'm just confirming I understand the above resolution.

 

First, we'd need to have SSO already setup, enabled and allowed for users to sing in with SSO. Then, we choose the option to Require users to sign in with SSO if their e-mail address belongs to one of the domains below. Once that is enabled, we are able to allow exceptions to logging in with SSO. Is that correct?

this entry is no longer valid as those choices do not exist anymore; pls update 

The setting " Require users to sign in with SSO if their e-mail address belongs to one of the domains below." does not exist, or it was moved. Where can I find it? 

I have found it under "ADMIN" -> "Advanced" -> "Security" -> "Sign-in Methods" -> "Allow users to sign in with Single Sign-On (SSO)"