Overview
This article explains how to retain ownership of connection enablement with Self-Service Single Sign-On (SSO) configured, so that the SSO ticket consumer is unable to enable the connection.
Cause
- Self-Service Single Sign-On (SSO)
Solution
SSO ticket consumers can be prevented from enabling the connection by passing in an empty enabled_clients property or removing the property altogether. See an example in the SSO ticket sample body below, which can also be found in the Auth0 documentation: Create an SSO access ticket to initiate the Self Service SSO Flow:
{
"connection_config": {
"name": "test-selfservice",
"display_name": "Test Self Service",
"is_domain_connection": true
},
"enabled_clients": [],
"ttl_sec": 0
}
The ticket consumer can set up the connection, but cannot enable it. Something similar to the below screen will be generated at the end of the process, which does not contain the “Enable Connection” button:
