.svg)
When SSO enforcement is active, all admins must authenticate through your Identity Provider. Enpass allows Super Admins to exempt specific admins from this requirement, so they can continue signing in with email, password, and two-factor authentication (2FA).
This is useful for emergency access — for example, if your IdP experiences an outage or a misconfiguration locks admins out.
Best practice: Set up your exclusion list before enabling SSO enforcement. Keep it limited to a small number of trusted Super Admins.
Add Admins to the Exclusion List
The Manage Exclusions option appears in SSO settings once Enforce SSO is enabled.
-
Log in to the Enpass Admin Console.
-
Navigate to Settings > Single Sign-On.
-
Confirm that Enforce SSO is enabled.
-
Click Manage Exclusions.
-
In the dialog, use the search bar or dropdown to find the admins you want to exempt.
-
Select one or more admins (multi-select is supported).
-
Click Save.
Excluded admins are listed below the exclusion controls. Up to five email addresses are shown by default — click + More to see additional entries.
Remove Admins from the Exclusion List
-
Navigate to Settings > Single Sign-On and click Manage Exclusions.
-
Deselect the admin(s) you want to remove.
-
Click Update to save the changes.