When you have completed testing and are certain that the SSO configuration works correctly, you need to activate SSO. This will switch the authentication type for the tenancy (all users in the tenancy) to SSO, and AD login will no longer be permitted (except for System Administrators who can use it if they need to fix issues with the SSO configuration at a later date - when activated changes to the SSO configuration can only be made when logged in directly).

You must be logged in using SSO to enable the Activate button. After activation, the status for SAML 2.0 Single Sign-On Configuration changes to Active.

The process to enable SSO on your tenancy is now complete and auto creation of users through SSO login will be active.

Distribute the custom SSO URL as required within your organization.

Your tenancy is now SSO enabled.

Any new user registration emails sent before your tenancy was SSO enabled will be invalid after activation (direct login is no longer permitted so the setting up of security credentials in MXO is redundant). New System Administrators who have received the registration email but have not yet set up their security credentials (or a System Administrator created through the SSO login process) will need another System Administrator to reset their account so they can set up credentials for direct login.

When SSO is active, any change to the configuration will immediately apply to all users. For this reason we recommend that you test changes on a pre-production tenancy first.