Managing Sub-User Access and Enforcement
This article explains how the Primary Account Owner (PAO) can configure the Identity Provider (IdP) and Single Sign-On (SSO) settings for sub-users in a 101domain account. It covers onboarding new sub-users, linking existing sub-users, and managing authentication policies.
As the Primary Account Owner, you are responsible for selecting and configuring the IdP for your organization’s account. Only one IdP can be active at a time, but you can change it if your organization switches providers.
Sub-users inherit the IdP from the primary account, but their login configuration must be set individually.
Sub-users are unable to configure or change these settings.
Sub-User Authentication Options
For each sub-user, you can choose one of the following authentication settings:
No SSO: Username and password only.
Require SSO: SSO login is mandatory; username/password login is disabled.
SSO Enabled: Both SSO and username/password login are available.
For more information on the configuration types, visit our article Authentication-Only: What 101domain SSO Does.
You can change the authentication policy for yourself and each sub-user at any time.