I have set up Office 365 for single sign-on in a dev environment and it is working. Now, I need to do some testing and have to disable SSO in this environment before turning it back on. I disabled the application but I am still being brought to the SSO landing page. Are additional steps necessary to disable the application other than checking the box in the application properties?
Hi Lisa - the Disabled checkbox does not currently work as you would expect. The upcoming April cloud release (planned for April 20th) fixes this issue. Look for issue NGX-17276 in the April 2019 Release Notes when published.
Hope that helps,
Ted
Thanks for the reply. Is there any way to disable SSO then?
Lisa
Hi Lisa - I'm not aware of an easier solution than temporarily undoing the configuration on the Admin Console and/or on the O365 side.
Hi again - posting in an actual reply to you to make sure you see my new questions.
Hi Ted - thank you again for replying. Are you saying the only way to reverse SSO is to delete the application entirely from the Admin console? Are there any other steps beyond that? I am not sure of any other way to undo the configuration. I'm also not sure how to do it on the O365 side. I'm still in my test environment but I do need a back out plan for go-live. Do you know of any documentation on reversing SSO for O365?
Thank you,
Lisa
Hi Ted - thank you again for replying. Are you saying the only way to reverse SSO is to delete the application entirely from the Admin console? Are there any other steps beyond that? I am not sure of any other way to undo the configuration. I'm also not sure how to do it on the O365 side. I'm still in my test environment but I do need a back out plan for go-live. Do you know of any documentation on reversing SSO for O365?
Thank you,
Lisa
If you don't want the O365 icon in the portal, on the RSA side, you would need to delete the application configuration.
On the O365 side I believe you un-federate with powershell command:
"Set-MsolDomainAuthentication -DomainName <domain> -Authentication Managed"
If users are going directly to O365 (SP-initiated) then just un-federating would be enough to prevent O365 from reaching out to the RSA IdP for authentication.
Hope that helps,
Ted
Thank you so much for your help!
If you don't want the O365 icon in the portal, on the RSA side, you would need to delete the application configuration.
On the O365 side I believe you un-federate with powershell command:
"Set-MsolDomainAuthentication -DomainName <domain> -Authentication Managed"
If users are going directly to O365 (SP-initiated) then just un-federating would be enough to prevent O365 from reaching out to the RSA IdP for authentication.
Hope that helps,
Ted