If you're using SSO and want to ensure users cannot bypass the SSO security, follow these instructions.


Go to Admin and click Login Settings.
Click Edit Security Settings.
Expand the advanced settings, check Require SSO, and click Save.

If you select Require SSO, you can exclude a user role from this restriction by checking the Bypass Single Sign-On option while setting up the role. This will allow users to sign in normally. For example, Admin users may still need to log into Marketo through the login screen.

When new users are invited, they receive invite emails. However, if Require SSO is selected, they won't receive these emails, unless they are assigned to a role which is set to Bypass Single Sign-On.

That's it! Now all users (except users with permission to bypass single sign-on) will be restricted to using SSO login only.