00u4vih6gib3rg62H1t1.5107748594020828E12 (Customer) asked a question.
Access after SAML is enabled for certain apps
Hi everyone,
We are in the process of enabling SSO for a bunch of apps we use. In a few cases, using SAML will redirect to the Okta authentication page. This is great and what we'd expect, but the question is about what happens when someone that is outside the company and doesn't have an Okta account tries to gain access. In one case, there is someone from the developer of the app that has access and we obviously don't want to lock them out.
Advice or some direction as to what I should look up would but super helpful. Thanks!
If I'm understanding what you're asking correctly, it really would depend on the application, at least as far as I understand it.
We have some systems that still allow direct login (local login) when SSO is enabled, while others, once enabled is the only method to login.
The ones that allow direct login, usually have a different URL that you would need to do non-SSO login. I would check with the Service Provider of those apps you're concerned about and confirm with their support team.
I checked with the SP and they don't provide a local login. When SAML is enabled, that's the only way to auth. Their support said that they have had customers add people to a security group that would allow local login if they are outside your domain.