
KarenH.16388 (The Aspen Institute) asked a question.
Hi, We have started setting up Okta & Salesforce SSO/SAML integration but found a loophole. We are not currently handling provisioning to Salesforce via Okta. We completed the first and second steps in this article https://help.salesforce.com/s/articleView?id=sf.sso_enforce_sso_login.htm&type=5 :
1. Disable direct logins through login.salesforce.com; and
2. Disable logins using Salesforce credentials.
Despite completing those two steps, a user was still able to request a password reset link from the generic login page login.salesforce.com. Looks like the Salesforce article indicates a third step is required to prevent this. Have others found this to be the case as well? Is it better to indicate SSO is enabled on the profile or through a permission set?
Thank you, Karen

Hello @KarenH.16388 (The Aspen Institute),
Please check the following link with information:
https://help.okta.com/en/prod/Content/Topics/Provisioning/Salesforce/sfdc-enable-provisioning.htm
Regards;
Natalia
Okta Inc.