We cannot disable "Use Auth0 instead of the IdP to do Single Sign-on" for one of our applications

Problem statement

For our tenant setting, we have “Enable seamless SSO” disabled. Thus we should be able to enable or disable the feature to “Use Auth0 instead of the IdP to do Single Sign-on” per applications.

We have this enabled on one of our applications called “XYZ-app” and the application is not allowing me to toggle this feature to disable it. This is a problem for end users that share a computer.

When landing on the Auth0 screen, it shows the account last used and then the user will select the option to change user. It then changes the link that will redirect them to their IdP. Clicking that link, just logs them back in as the last user, instead of taking them to the IdP landing page to enter their credentials.

Symptoms

This applies to ‘old’ tenants that have the tenant setting “Enable seamless SSO”. Older tenants have this option in the Advanced Settings page to disable seamless SSO

Seamless SSO is the default for new tenants since 2018, and it cannot be disabled.

Look at the application settings for each of the apps. If this problem exists, then the app setting for “Use Auth0 instead of the IdP to do Single Sign On” will be locked in place and you will be unable to change it.

Solution

Open your application settings for the affected app (e.g. “XYZ-app” ): the particular setting of interest is OIDC Conformant : if this is enabled, then you will not be able to toggle “OFF” the setting for “Use Auth0 instead of IdP to do Single Sign On

So this is what you need to do to change the state of this option:

  1. Scroll down until you see the OIDC Conformant switch: change this to “OFF”

  2. Scroll up to the "Use Auth0 instead of IdP to do Single Sign On": change this to “OFF”

  3. Scroll back down to the OIDC Conformant switch: change this to “ON”.

  4. Scroll down towards the bottom until you see the button. Click to save your new settings.

Check whether this has the desired affect.