Regardless of the identity provider, and the protocol (JWT or SAML), you can choose to use a forced SSO, or a mixed SSO.
Forced SSO
- Users can connect to the platform using the login and password of your identity provider only.
- Users will not be able to reset their password from the platform.
We suggest using this method when you want to keep the entire control over your user passwords, or when you want to control who has access to the application from the dashboard of your identity provider.
Mixed SSO
- Users can connect to the platform using the login and password of your identity provider, or the ones from the platform.
- Users can reset their account’s password from the platform.
We suggest using this method when you have users who do not belong in your identity provider repository, or if you just want to give more flexibility to your users.