This article walks through the process of temporarily disabling Single Sign-On (SSO) for a Security Assertion Markup Language (SAML) application integration.
- SAML Applications
- Temporarily disabling SSO
Steps to temporarily deactivate a SAML integration:
- In the Okta Admin Console, navigate to Applications > Applications > <Application to deactivate>.
- Click the dropdown menu underneath the name of the SAML integration, and then select Deactivate.
Once the SAML integration is deactivated, users will no longer be able to log in using the SSO federation provided by this app integration.
NOTE: For SAML integrations that leverage Provisioning, verify that the Deactivate Users option is disabled to prevent users from being inadvertently disabled or deleted. To verify this in the Okta Admin Console, navigate to Applications > Applications > <Application name> > Provisioning > Settings > To App > Deactivate Users.
NOTE: Many applications enforce SSO for all logins once it has been configured, and making the changes described above will halt the login flow once the user is redirected to Okta. Applications typically are not aware of this status change in Okta, and do not automatically alter their login flow behavior. Please consult the vendor's documentation or support team to determine if any additional steps are required to allow for an alternative login flow for users (such as using local accounts) if wanting to ensure uninterrupted access to applications without SSO.
