[SalesForce] Single Sign-On Error when viewing Subscriber org in LMA

If you are unable to delete SAML Single Sign-On Settings in Salesforce, check the below before deleting it.

1. Go to Domain Management --> My Domain. Check whether the SAML Settings is disabled in "Authentication Configuration" section. If not, please disable it.

2. Please check the Portal Login and Registration Settings and Community Login and Registration Settings and do the same.

Based on the details I was able to gather from the comments, here's a bit of explanation on this.

1. Your org is configured prior to Summer '13 and that's the reason you are getting that button. For orgs later than Summer '13, this option does not even exist (and I can say that based on all my experiences around previous versions of Salesforce, definitely not anything prior to 2015). Refer to this excerpt from the documentation:

   If you don’t see the Assertion Decryption Certificate field you need to enable multiple single sign-on for your organization. (Applies to orgs created before the Summer ’13 release that aren’t using SAML 1.1)

2. As for your question:

   Will this be a necessity to enable SSO for the partner community?

   You don't need to enable or utilize another SSO configuration just for using it with Partner community. You can just use the same SSO configuration that you have currently if your IdP remains the same, which does look like it will be still Okta. What you only need here is to make sure that the SAML assertion being sent for the Community has the correct URL in it. Refer to the below excerpt from the documentation (I can confirm this as I have had a very recent experience around this use case):

   When implementing SAML for communities, the key is to use the community URL associated with login for the single sign-on flow. Also make sure that the community URL in the SAML assertion POST includes /login

3. As for your other question around the message that you get if you attempt to Enable multiple configs.

   If so, then when it says the Salesforce Login URL will change, will that affect logins from other sources (From web browser, connected apps, etc.)?

   While I don't have any experience around the message itself, but based on your comments, as you already have My Domain enabled which is kind of a pre-requisite for SSO, so you definitely don't have to worry about that piece assuming your SSO works on the My Domain enabled URL. As long as you are not restricting the login from login.salesforce.com, you are still good to use that URL even if My Domain is enabled. And that, this restriction is applicable only for UI flows, API integrations always work fine.

   Also, you mentioned that you are already using SAML 2.0 for SSO, so the message which mentions SAML 1.1 is irrelevant in that case too.

With how it stands right now, below is my recommendation:

1. Identify if you really need to configure another SSO configuration. If you intend to use the same IdP and utilize that for Community, you can still use the same configuration with the changes in SAML assertion as mentioned above
2. If at all you need to enable multiple configs, then make sure you first test this out in a Sandbox before making any changes in Production. That way you make sure your existing SSO does not break.