Ok... so.   Vogon Constructor Fleet user logs into SN, then is re-routed to Okta?   Or does that user now have the ability to PICK between Okta and Local?

(sorry about the question volume, just want to be sure how it works)

Yes, they will be rerouted to Okta automatically.

These things have to be in place for that to happen:

• Users must have Vogon as their company on their user record
• The Vogon company record must have the SSO Source field populated with the Identity Provider record for Okta in SN like this --> sso:<sys_id of the IDP record>
• When users first navigate to SN, they will need to click the "Use External Login" link and input the UserID that's specified in SN to find their user record
• The user will then be automatically taken to the Okta SSO login
• After this, they will only have to do this again if they have cleared their browser cache or if they use a private browsing session

@kennywimberly that's not the case for us, we implemented SAML SSO with ADFS about a year ago and our login page still requires people to click "Use external login" if they want to do SSO.  Once they click it once, it remembers them using that one and then it will keep going there (at least for 30days or so) but our users aren't going to click Use External Login when typing it in right there also still works (because of LDAP).  So we need to remove their passwords from syncing with LDAP and force them to use SSO only but then still allow some different manually created users who have emailed in from their personal or a vendor email to login locally