Disabling the Cloudera SSO login
After you complete the identity federation setup between Cloudera and your enterprise IdP, you can disable the Cloudera SSO login option if you do not want to allow users in your organization to log in to CDP through the Cloudera registration and login page.
When you disable Cloudera SSO login for non-administrator users, CDP users must log in to CDP through the identity management system in your organization. Only the designated account administrator for your CDP subscription can log in to CDP through the Cloudera registration and login page.
Even after you disable the Cloudera SSO login, the designated account administrator can log in to CDP using their Cloudera SSO credentials. For added security, you can restrict all Cloudera SSO access (including the designated account administrator's access) by contacting Cloudera Support and they can disable or enable the "Cloudera SSO All Login Enabled" setting for your account. You can see "Cloudera SSO All Login Enabled" setting on the UI. When all Cloudera SSO logins are restricted, you will see this on the UI:
Required role: Account administrator or PowerUser
Sign in to the CDP web interface.
From the CDP home page, click Management Console.
In the User Management section of the side navigation panel, click Identity Providers.
The Identity Providers page shows the status of the Cloudera SSO Login option.
Click Disable to prevent users from logging in through the Cloudera registration and login page.
When the Cloudera SSO Login option is disabled, all CDP users except the CDP account administrators must log in through the identity management system in your organization. To log in to CDP, a user must be among the users included in the identity providers that you set up in CDP.