function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Nathan Prats 22Nathan Prats 22 

Force Single Sign all for all profiles except System Administrators

Hi, 

I'd like to force Single Sign all for all profiles except System Administrators. 
Is it possible ? I don't want to force SSO yet because I'm afraid admin won't be able to log in once I forced it. 

I reached salesforce support but they don't handle SSO request for standard support customers. 

Nathan
Best Answer chosen by Nathan Prats 22
NagendraNagendra (Salesforce Developers) 
Hi Nathan,

Assign the SSO permission through 'Permission Set' instead of enabling at the profile level by you will have control of enabling or disabling the SSO permissions for single user level. Disable Is Single Sign-On Enabled check box for all profiles and create a permission set with Is Single Sign-On Enabled checkbox enabled, now assign this permission set to the users whom you want to enable SSO access later you can able remove that permission for the user at any time, without affecting for other users.

Please let us know if the information helps.

Regards,
Nagendra

All Answers

NagendraNagendra (Salesforce Developers) 
Hi Nathan,

Assign the SSO permission through 'Permission Set' instead of enabling at the profile level by you will have control of enabling or disabling the SSO permissions for single user level. Disable Is Single Sign-On Enabled check box for all profiles and create a permission set with Is Single Sign-On Enabled checkbox enabled, now assign this permission set to the users whom you want to enable SSO access later you can able remove that permission for the user at any time, without affecting for other users.

Please let us know if the information helps.

Regards,
Nagendra
This was selected as the best answer
Dwayne Branthoover 4Dwayne Branthoover 4
Hi Nathan,
I must be missing something, I do not find the option "Is Single Sign-On Enabled" even for the standard profiles such as System Admin.  Has something changed with the latest releases?
We are enabling Federated SSO SAML.
Thanks Dwayne
Jordan Yarbrough 12Jordan Yarbrough 12

Hi Dwayne (and future readers) - the "Is Single Sign-On Enabled" permission will not exist until "Delegated Authentication" is enabled by Salesforce support. See the linked help article on the topic.

https://help.salesforce.com/articleView?id=sso_tips.htm&type=5
Bharatesh Shetty 7Bharatesh Shetty 7
I'm a system admin and I have "View Setup and Configuration", "Customize Application" AND, "Modify All Data" permissions but still I'm unable to view the "Delegated Authentication" option at all under "Single Sign-On Settings". I just have the Federated authentication-related settings. Does anyone know why is that so?
Matthew AllenMatthew Allen
The documentation on this is poor and mis-leading I think. By ticking the "Disable Login with Salesforce credentials" under SSO settings, doesn't actually appear to do anything except give you the option to Enable SSO at a profile/Permission set level. 

So when DLWSC is ticked, users can still login with their SF credentials, it's only when you tick the 'Enable SSO' on the profile/permission set that you can then force them to use SSO.

That is how I understand it anyway!!