Restrict User Login to SSO Only restrict-user-login-to-sso-only

If you’re using SSO and want to ensure users cannot bypass the SSO security, follow these instructions.

This article does not apply to Adobe IMS-enabled Marketo subscriptions.
Admin Permissions Required
  1. Go to the Admin area.

  2. Click Login Settings.

  3. Click Edit Security Settings.

  4. Expand the Advanced settings, check Require SSO, and click Save.

Best practice is for the user(s) to be invited and accept the invite. After the invite is accepted, Admins should then set them to “Require SSO.”
If you select Require SSO, you can exclude a user role from this restriction by checking the Bypass Single Sign-On option while setting up the role. This will allow users to sign in normally. For example, Admin users may still need to log into Marketo through the login screen.
When new users are invited, they receive invite emails. However, if Require SSO is selected, they won’t receive these emails, unless they are assigned to a role which is set to Bypass Single Sign-On.

That’s it! Now all users (except users with permission to bypass single sign-on) will be restricted to using SSO login only.