Have a username and password non-SSO "break glass" account with the same email address for SSO

Problem statement

We have SAML or AD connections for SSO and we want to have a regular username-password account in case the SSO fails, but using the same address we use for SSO.

Solution

You can invite new members that would be created with a username and password from Settings > Tenant Members > Add Member and here’s the flow for that

  1. Invite the user john.doe@sso.com from the Dashboard with desired roles
  2. John must open an incognito window
  3. Go to https://manage.auth0.com/login?connection=auth0
  4. Paste john.doe@sso.com email
  5. Click on “Sign up”
  6. Choose a password
  7. After that, John will be logged in, but the screen will display the Complete User Profiling that corresponds to SSO users (ignore it, don’t take any action)
  8. Go to email and copy the link of the invitation (https://manage.auth0.com/invite?token=…)
  9. Paste the link in the same window/tab of the incognito window from which John signed up.
  10. A different User Profiling screen will show up, accept and continue.

Having HRD enabled and the same email is still redirecting to the SSO, you can access with your manage domain specifying the connection in the params (same as step 3).