From Salesforce documentation:
Do not enable Single Sign-On for the system administrator’s profile.
If your system administrators were Single Sign-On users and your
Single Sign-On server had an outage, they would have no way to log in
to Salesforce. System administrators should always be able to log in
to Salesforce so they can disable Single Sign-On in the event of a
problem.
This sounds like certain users or profiles can be kept out of the SSO protocol and use the old school login urls. Is this true? If so, how does it get enabled? thanks.
Update – I found that SF support needed to activate delegated authentication for the permission to be visible, but I have not been able to use it to force SSO validation for some users and allow others to skip it.
It would be best practice to allow login validation for a system admin in the case the company's directory experiences issues.
Has anyone deployed this model successfully?
Best Answer
Go to
Setup | Manage Users | Profiles | theprofile | System Permissionsand look for
Is Single Sign-on Enabled