Authentication method considerations
Review these considerations before modifying authentication methods for any user. Authentication method changes take effect immediately and can affect the user's ability to access CertCentral.
Before making changes
SAML must be configured and tested before restricting any user to SSO-only access
Confirm the user exists in the identity provider before enabling SAML-only access
Verify that at least one administrator retains access through a non-SSO method to prevent account lockout
Division restrictions do not override authentication requirements. A user restricted to specific divisions still follows account-level authentication policies.
Important
Always keep at least one administrator with direct CertCentral access. If all administrators are restricted to SAML SSO-only and the identity provider becomes unavailable, no one can sign in.