How can I force all account users to authenticate with SSO?

A setting called Strict Mode allows accounts to restrict access to only those members that are currently authenticated with the account's IdP (e.g. Okta). Members authenticated with other providers (e.g. email/password or Google/GitHub/Twitter) will be forced to re-authenticate with their IdP when accessing the account.


This allows companies to have full control over access to their Ably accounts. If a user is removed from the IdP, he will no longer be able to access the account once his current session expires.


To enable Strict Mode:

  1. Navigate to the Home → Account Settings page.
  2. Toggle Enable Strict Mode? (note: this setting only appears if SSO is activated


Note: Account owners can access account resources regardless of their current authentication method.