The person who set up SSO for one or more domains in Cloud is by default the owner of that SSO connection. An SSO connection has at least one owner. Optionally, you can add more Cloud SSO managers. Having multiple managers is ideal for redundancy and security purposes, so you are not dependent on a single person to manage the SSO configuration. An SSO connection can have up to 10 managers and there are two possible manager roles:
An admin can edit the settings of the SSO connection, e.g. can add domains to the connection.
An owner can edit the settings of the SSO connection, e.g. can add domains to the connection. In addition, an owner can manage other owners and admins. An owner can add or remove other owners and admins and can change a user's manager role.
To add managers, browse to the
Settings menu in the bottom-left corner of your screen. It's the menu behind your profile image. Select the
Single Sign-On sub-menu and then click the
Add new managers button next to the relevant SSO connection.
Within the resulting popup, submit the email address(es) of the user(s) you want to invite as manager(s). Note that these users must have already created their own user account in Cloud, though they do not need to be in your SSO connection's domains. In the popup, you can also select the users' desired role, admin or owner.
Once you've confirmed, the selected users will receive an email about their new manager role. To remove a previously added manager or to change their role, hover over the manager's user icon within the SSO connection and click one of the available buttons.
As previously mentioned, every SSO connection must have at least one owner. For this reason, if you are the only owner of a connection, you cannot leave it. You as an owner cannot change your own manager role either; only another owner can change your role.