Enabling Provision for Customer admins to disable the security(SSO) - Mendix Forum

Enabling Provision for Customer admins to disable the security(SSO)


Our organization accounts are enabled with SSO, we recently had incident were none of the users were able to access cloud services (Deployment/Portal/Studio Pro etc), even couldn’t leverage customer support to raise a P1/ critical incident as no login to Mendix services working due to SSO issue. What we could leverage was email support and got only medium priority which in turns ended up in loosing productive hours from development team. The issue was a simple certificate expiration, just needed an admin to update the renewed one.

It would be better  if there can be some solution to bypass the SSO for emergencies for customer admins only.

2 answers

Coincidentally, we ran into this exact issue last week. Our certificate expired and there was no way to enter a new client secret. A Mendix Support representative had to disable SSO for us, so we could access the platform again after a password reset. I wanted to setup SSO again and disable SSO only for certain users (Mx Admins), but as far as I know, this seems impossible. If SSO is enabled, you’re forced to use it as soon as you enter the domain name while logging in.

I’d love to see a possibility to gain access to the platform as Mx Admin, without forcing us to use SSO.


We’ve recently updated our documentation for the platform SSO (BYOIDP) to provide better guidance on how to prevent such problems with access to the platform. https://docs.mendix.com/developerportal/control-center/set-up-sso-byoidp/#client-secret
The possibility for a Mendix administrator to bypass the SSO and update the client secret is something I will be looking into.