1. Support Desk.
  2. Rules
  3. ERP Armor: Rules for ERP Cloud

What are the risks related to the SA190 rule related to SSO/Active Directory?

This privilege allows a user to turn on/off SSO configurations.  It could allows a user to temporarily turn off SSO to allow for local logins.  Someone with this ability to reset passswords could take over a local account.  This is especially high risk where local users and their assigned roles aren't be disabled/de-provisioned (which happens in many cases given the assumption that SSO controls override the ability to log in locally).  This also allows a user to configure password settings and other critical security configurations.