Using the administrative API and a new token to disable SSO
If basic authorization is disabled but administrative application programming interface (API) OAuth is enabled, you can also use the administrative API to disable single sign-on (SSO).
Steps
-
Retrieve a valid token for admin API OAuth from your token provider.
-
Submit a PUT request to
https://<pa-host>/pa-admin-api/<api version>/auth/oidc
with the valid access token, where <pa-host> is thehostname:port
for the PingAccess admin node and <api-version> is the API version (v3
on PingAccess 5.0 or later, andv2
on 4.X).The request body must contain:
{ "enabled": false, }
Result
You can sign on normally and reconfigure the SSO from Settings → Admin UI Authentication → Authentication Method.