DocumentationMarketo EngageMarketo Guide

Restrict User Login to SSO Only

Last update: September 5, 2024
  • Topics:
  • Administration

If you’re using SSO and want to ensure users cannot bypass the SSO security, follow these instructions.

IMPORTANT
This article does not apply to Adobe IMS-enabled Marketo subscriptions.
NOTE
Admin Permissions Required

  1. Go to the Admin area.

  2. Click Login Settings.

  3. Click Edit Security Settings.

  4. Expand the Advanced settings, check Require SSO, and click Save.

NOTE
Best practice is for the user(s) to be invited and accept the invite. After the invite is accepted, Admins should then set them to “Require SSO.”
TIP
If you select Require SSO, you can exclude a user role from this restriction by checking the Bypass Single Sign-On option while setting up the role. This will allow users to sign in normally. For example, Admin users may still need to log into Marketo through the login screen. If both SSO and Universal ID are enabled, you must have the “Bypass Single Signed On” permission set to toggle between subscriptions.
CAUTION
When new users are invited, they receive invite emails. However, if Require SSO is selected, they won’t receive these emails, unless they are assigned to a role which is set to Bypass Single Sign-On.

That’s it! Now all users (except users with permission to bypass single sign-on) will be restricted to using SSO login only.

Related Articles
  • Add Single Sign-On to a Portal
  • Using a Universal ID for Subscription Login
  • Inviting Marketo Users to Two Instances with Universal ID
recommendation-more-help
94ec3174-1d6c-4f51-822d-5424bedeecac