Single Sign On (SSO) solutions are widely used to streamline and secure access to multiple applications through one central authentication process. However, there are occasions when organisations or users may seek to disable SSO, whether to troubleshoot login issues, change authentication methods, or revert to manual sign-ins for specific systems.
The process of disabling SSO can vary depending on the provider, so in this article we will cover how it typically works with Google, Microsoft, and My1Login. We will also explore why disabling SSO can introduce significant security risks.
How to Disable Google Single Sign-On (SSO)
In the context of Google Workspace (formerly G Suite), SSO is commonly set up to allow users to access Google services through an external identity provider.
To disable SSO for Google Workspace:
- Sign in to Google Admin Console: Go to admin.google.com and log in with your administrator account.
- Navigate to Security Settings:
- From the Admin Console homepage, click Security.
- If you don't see Security, select Menu > Security.
- Manage SSO Settings:
- Click Set up Single Sign-On (SSO) with a third-party IdP.
- Disable SSO:
- Deselect or disable the Use a third-party identity provider option.
- Save the changes.
After disabling SSO, users will authenticate directly through Google's own login page rather than the third-party identity provider.
Important: Ensure you communicate changes clearly to users, as disabling SSO may temporarily disrupt their ability to log in.
How to Disable Microsoft Single Sign-On (SSO)
In Microsoft environments, SSO is often enabled via Entra ID or Azure Active Directory (Azure AD) or associated services like Office 365.
To disable SSO in Microsoft Azure AD:
- Access Azure Portal: Visit portal.azure.com and sign in with an admin account.
- Navigate to Azure Active Directory:
- In the left-hand navigation pane, select Azure Active Directory.
- Manage Authentication Methods:
- Go to Enterprise Applications.
- Find the relevant application where SSO is enabled.
- Disable SSO Configuration:
- Under Single Sign-On settings for the application, change the mode back to Password-based authentication or Disable SSO.
- Save the changes.
How to Disable My1Login Single Sign-On (SSO)
My1Login provides enterprise-grade SSO solutions designed for flexibility and high security. Disabling SSO within a My1Login deployment would typically be carried out by administrators within the platform’s management portal.
To disable SSO for specific applications or users in My1Login:
To disable SSO for specific users (for directory connected accounts)
- Just delete or suspend the user within the corporate directory (e.g. Entra ID, Active Directory etc)
This will automatically de-provision user access to SSO within My1Login
To disable SSO for specific applications (for directory connected accounts)
- Remove the users membership of the relevant group(s) within the corporate directory (e.g. Entra ID, Active Directory etc)
This will automatically de-provision user access to SSO for any applications that were provisioned to group members using My1Login
Alternatively
- Log in to the My1Login Admin Portal.
- Select Applications or Users:
- Navigate to the application(s) or user group where SSO is configured.
- Modify or Remove SSO Settings:
- Disable the SSO configuration for that application or remove the user(s) from SSO-protected groups.
For full environment-wide changes to SSO behaviour, it is recommended to contact My1Login support to ensure a safe and secure transition.
Note: Disabling SSO for My1Login could impact security policies, user experience, and auditing capabilities.
The Dangers of Disabling Single Sign-On
Although there may be technical reasons to disable Single Sign-On in certain cases, it is important to understand the significant risks and disadvantages this can introduce, particularly across a wider organisational environment.
Firstly, disabling SSO reintroduces credential fatigue. Without a central login system, users must manage separate usernames and passwords for each application they use. This leads to poor password practices, such as reusing passwords across different systems, using weak passwords, or writing them down to avoid forgetting them. All of these habits increase the risk of password theft and unauthorised access.
Secondly, removing SSO increases the organisation’s vulnerability to cyberattacks. Each application and service becomes an individual point of authentication, meaning that if any one system's login security is compromised, it could be exploited without the oversight that a centralised identity solution provides. Attackers tend to target the weakest link, and when authentication is fragmented across multiple systems, the likelihood of weak or poorly managed credentials grows substantially.
Another critical consideration is regulatory compliance. Frameworks such as ISO 27001, GDPR, and HIPAA emphasise the importance of secure and auditable access controls. SSO systems often come with built-in audit trails, making it easier to monitor and report on user access. Disabling SSO could undermine an organisation’s ability to demonstrate compliance, increasing the risk of regulatory breaches, fines, and reputational damage.
There is also the matter of IT and administrative overhead. Managing separate credentials for every application significantly increases the burden on IT teams, who must now respond to higher volumes of password reset requests and access issues. This leads to lost productivity both for support teams and for end users who are locked out of their systems.
Finally, without SSO, an organisation loses the benefits of centralised access control. When an employee leaves the business, revoking access to multiple systems individually is far more complex and prone to error. If access to even one critical application is missed during the offboarding process, it creates a potential vulnerability that could be exploited maliciously or accidentally.
In summary, disabling SSO weakens an organisation’s security posture, makes compliance harder to achieve, places a heavier load on IT teams, and risks exposing sensitive information. Unless there is a compelling business or technical need, and even then, only after implementing alternative safeguards, disabling SSO should be approached with extreme caution.
