Enforcing SSO Login and Disabling Password Authentication

Enforcing SSO Login and Disabling Password Authentication

Administrators can disable password-based login for all users in their tenant, requiring everyone to authenticate via SSO or a one-time email link. This is useful for organizations that enforce identity provider (IdP) authentication policies.

Enabling the Setting

1. Go to Settings > Access.
2. Toggle on Disable Password Login.
3. Click Save.

Once enabled, all users must log in using SSO (if configured) or a one-time email link. Password-based login attempts will be rejected with guidance to use the alternative method.

What Changes When Enabled

• The login form automatically switches to email token mode when a user tries to use a password
• The Change Password option is hidden from Personal Settings
• The Reset Password action is hidden from the admin user management page
• Welcome emails sent to new users will include SSO/email login instructions instead of a temporary password

Requirements

Before enabling this setting, ensure that at least one of the following is configured for your tenant:

• An SSO provider (e.g., Microsoft Entra ID, Google Workspace) connected under Settings > SSO
• Users have access to the email addresses on their accounts so they can receive login links

Important: If you lock yourself out by enabling this setting without a working SSO or email login method, contact support to restore access.