function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
TheRotnelsonTheRotnelson 

How to not enable single sign-on for your system administrator ?

Hi,
Salesforce documentation suggest that in order to prevent lockout of your org when using SSO "System Administrators should not be SSO-enabled as they will be locked out during outages"
How can I accomplish this? I don't find any such in the settings menu options or on the profile.
Is it possible to allow just selected user groups to use SSO?

https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/integration_and_single_sign-on.htm
 
SandhyaSandhya (Salesforce Developers) 
Hi,

As this question is answered in success community, I am posting the link so that others can benefit from it.

https://success.salesforce.com/answers?id=9063A0000019UtSQAU

Please refer below Salesforce document which explains about SSO  with examples and its Best practices.

https://developer.salesforce.com/page/How_to_Implement_Single_Sign-On_with_Force.com

Thanks and Regards
Sandhya
Lokesh KumarLokesh Kumar
HI,

you can remove the sso enabled from your System Admin Profile.

PFB to disable the SSO on profile level.

 User-added image


Thanks !
TheRotnelsonTheRotnelson
I don't have the option "Is single sign-on enabled" available on the profile.Is this option only available if you have the federaded login enabled?
SATHISH REDDY.SATHISH REDDY.
Hi Rotnelson,
We are trying to achieve the same and we use SAML SSO. Please let me know if you found any solution for this.
Thanks,
Sathish
TheRotnelsonTheRotnelson
Hi, I newer found a solution to this. I did not not enable the option to not allow login trough login.salesforce.com to make sure a lock out is possible.
Will Bowditch 3Will Bowditch 3
Hi All, appreciate this is an old thread but thought I'd post here incase anyone else finds this. You need to ask Salesforce Support to enable "Delegated Authentication". Once enabled, you'll see the system permission Is Single Sign-On Enabled show up in profiles, permision sets, etc.
Philip HarrisonPhilip Harrison
From my testing, even after you enable "Prevent login from https://login.salesforce.com" your users/admins can still browse to https://yourdomain.my.salesforce.com/?login to bypass SSO and login with a local Salesforce account.  Which raises the question for me - is there ANY way with Federated Authentication to actually prevent users bypassing SSO and using local accounts?
Will Bowditch 3Will Bowditch 3
@Philip, have you gone to Setup > Company Settings > My Domain and disabled the standard login / "Login Form" authentication service?
Philip HarrisonPhilip Harrison
Yep, the only Authentication Service enabled is our Azure SSO config.  That setting only seems to affect what happens when users go to https://yourdomain.my.salesforce.com, do they get a form to login or sent right to your SSO login.  The /?login URL seems to be separate and I saw it described on another thread as the mechanism to bypass SSO if you have issues - which to be fair would be handy, but not for all accounts!
Desland VandoDesland Vando
Hello @TheRotnelson

This is old old, BUT you will NEVER see the " Is Single Sing-On Enable" in any Profile until you do the next steps:
  1. Settings|Single Sign-On Settigns
  2. Edit
  3. You need to check "Disable login with Salesforce credentials" (PLEASE DON'T LOG OUT YET)
  4. Now that you checked the "Disable login with Salesforce credentials" you will see un any Profile the "Is Single Sing-On Enable" checkbox.
  5. Usually this is uncheck to all profile, so you need to add the check to all profile you want to push the SSO.
  6. I'm assuming you built the SSO and went to You Domain and Add in the "Authentication Configuration" section you new SSO Provider as one of the "Authentication Service"
I hope this help all the people tha have been dancing around all the search engines, Hehe.

PS Remember to mark this as the BEST Answer @TheRotnelson if at this moement helped you, :)