https://www.servicenow.com/community/community-central-forum/sso-auth-options-insight-needed/m-p/3242543#M2847 <P>Hello,&nbsp;good day! I'm keen to understand how to configure this kind of set-up as I'm still grasping the concepts of ServiceNow's SSO:</P><P>If a user is part of an SSO group,</P><P>-allow login with username &amp; password</P><P>If not part of group,</P><P>-need to login via provider</P><P>&nbsp;</P><P>We found this OOB auth policy context called "SSO - ACR Context" and we thought changing the Policy Condition: "Allow Non Local Login Users" to</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ZackZap_0-1745198942269.jpeg" style="width: 400px;"><img src="https://www.servicenow.com/community/image/serverpage/image-id/436493i992358A7AF1C40DA/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="ZackZap_0-1745198942269.jpeg" alt="ZackZap_0-1745198942269.jpeg" /></span></P><P>&nbsp;</P><P>would allow this to take effect. Am I missing a config somewhere?</P><P>Also checked the documentation for reference but I'm still quite confused:</P><P><A title="https://www.servicenow.com/docs/bundle/washingtondc-platform-security/page/integrate/single-sign-on/concept/sso-acct-recovery.html" href="https://www.servicenow.com/docs/bundle/washingtondc-platform-security/page/integrate/single-sign-on/concept/sso-acct-recovery.html" target="_blank" rel="noopener noreferrer">https://www.servicenow.com/docs/bundle/washingtondc-platform-security/page/integrate/single-sign-on/concept/sso-acct-recovery.html</A></P><P>&nbsp;</P><P>Your help and insight would be appreciated. Thanks!</P><P><SPAN>&nbsp;</SPAN></P> Mon, 21 Apr 2025 01:40:07 GMT Zack Zap 2025-04-21T01:40:07Z https://www.servicenow.com/community/community-central-forum/sso-auth-options-insight-needed/m-p/3242543#M2847 <P>Hello,&nbsp;good day! I'm keen to understand how to configure this kind of set-up as I'm still grasping the concepts of ServiceNow's SSO:</P><P>If a user is part of an SSO group,</P><P>-allow login with username &amp; password</P><P>If not part of group,</P><P>-need to login via provider</P><P>&nbsp;</P><P>We found this OOB auth policy context called "SSO - ACR Context" and we thought changing the Policy Condition: "Allow Non Local Login Users" to</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ZackZap_0-1745198942269.jpeg" style="width: 400px;"><img src="https://www.servicenow.com/community/image/serverpage/image-id/436493i992358A7AF1C40DA/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="ZackZap_0-1745198942269.jpeg" alt="ZackZap_0-1745198942269.jpeg" /></span></P><P>&nbsp;</P><P>would allow this to take effect. Am I missing a config somewhere?</P><P>Also checked the documentation for reference but I'm still quite confused:</P><P><A title="https://www.servicenow.com/docs/bundle/washingtondc-platform-security/page/integrate/single-sign-on/concept/sso-acct-recovery.html" href="https://www.servicenow.com/docs/bundle/washingtondc-platform-security/page/integrate/single-sign-on/concept/sso-acct-recovery.html" target="_blank" rel="noopener noreferrer">https://www.servicenow.com/docs/bundle/washingtondc-platform-security/page/integrate/single-sign-on/concept/sso-acct-recovery.html</A></P><P>&nbsp;</P><P>Your help and insight would be appreciated. Thanks!</P><P><SPAN>&nbsp;</SPAN></P> Mon, 21 Apr 2025 01:40:07 GMT https://www.servicenow.com/community/community-central-forum/sso-auth-options-insight-needed/m-p/3242543#M2847 Zack Zap 2025-04-21T01:40:07Z https://www.servicenow.com/community/community-central-forum/sso-auth-options-insight-needed/m-p/3242597#M2851 <P>Hello&nbsp;<a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/613903">@Zack Zap</a>&nbsp;,</P><P>&nbsp;</P><P>If SSO is configured successfully, you can set\create the property "<STRONG>glide.sso.acr.enabled</STRONG>" as "false". Then users can login with local login as well. Reference KB:</P><P><SPAN><A href="https://support.servicenow.com/kb?id=kb_article_view&amp;sysparm_article=KB0997746" target="_blank">https://support.servicenow.com/kb?id=kb_article_view&amp;sysparm_article=KB0997746</A></SPAN></P><P>&nbsp;</P> Mon, 21 Apr 2025 05:04:08 GMT https://www.servicenow.com/community/community-central-forum/sso-auth-options-insight-needed/m-p/3242597#M2851 Shree_G 2025-04-21T05:04:08Z https://www.servicenow.com/community/community-central-forum/sso-auth-options-insight-needed/m-p/3246016#M2882 <P>Hi&nbsp;<a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/86085">@Shree_G</a>&nbsp;,</P><P>&nbsp;</P><P>Thank you for the reply! I'm not too comfortable deactivating this system property due to the security implications, unfortunately. Also, this may not cover the:<BR /><EM>"If a user is part of an SSO group,</EM></P><P><EM>-allow login with username &amp; password</EM></P><P><EM>If not part of group,</EM></P><P><EM>-need to login via provider"<BR /></EM>part of the requirement. Thank you nonetheless. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span>&nbsp;</P> Thu, 24 Apr 2025 02:09:40 GMT https://www.servicenow.com/community/community-central-forum/sso-auth-options-insight-needed/m-p/3246016#M2882 Zack Zap 2025-04-24T02:09:40Z