How can I force all account users to authenticate with SSO?

A setting called Strict Mode allows accounts to restrict access to only those members that are currently authenticated with the account's IdP (e.g. Okta). Members authenticated with other providers (e.g. email/password or Google/GitHub/Twitter) will be forced to re-authenticate with their IdP when accessing the account.


This allows companies to have full control over access to their Ably accounts. If a user is removed from the IdP, he will no longer be able to access the account once his current session expires.


To enable Strict Mode:

  1. Navigate to the Home → Account Settings page.
  2. Toggle Enable Strict Mode? (note: this setting only appears if SSO is activated


If an email associated with an account with strict mode enabled tries to login local i.e via Ably username and password there will be an error in the browser Not found. Authentication passthru.

Note: Account owners can access account resources regardless of their current authentication method.