HCP platform docs: Disable SSO connection (#1498)

boruszak · web-flow · commit a67234ae79cd · 2026-01-05T14:22:06.000-08:00
## Description  :ticket: [CE-1090] [Preview link](https://unified-docs-frontend-preview-696zw0rbp-hashicorp.vercel.app/hcp/docs/hcp/iam/sso/manage#disable-sso-connection)   This PR adds documentation for a new HCP platform setting the gives adminstrators the ability to temporarily suspend an SSO connection without deleting the existing configuration. ### Requested review scope: - [x] Content touched by the PR _only_ (typos, clarifications, tips) - [ ] Code test (command and code block changes) - [ ] Flow and language near changes (new/rearranged steps) - [ ] Review everything (rewrites, major changes) ### Review urgency: - [ ] ASAP (bug fixes, broken content, imminent releases) - [x] 3 days (small changes, easy reviews) - [ ] 1 week (default) - [ ] Best effort (very non-urgent)  ## All updates:  I have: - [x] Verified that all status checks have passed - [x] Verified that preview environment has successfully deployed - [x] Verified appropriate `label` applied (`hcp` + `product name`) - [x] Added all required reviewers (code owners and external) ## Content checklist (optional) Please do these things before requesting a review. I have: - [ ] Made any associated code repositories public - [ ] Added the `hashicorp-education/teamName` to any additional code or example repos as repo admin - [ ] Added redirects for any moved or removed pages - [ ] Spell checked the tutorial(s) - [ ] Followed the [unified style guide](https://github.com/hashicorp/web-unified-docs/tree/main/docs/style-guide) - [ ] Linted code snippets (Details per language [here](https://github.com/hashicorp/engineering-docs/blob/master/writing/markdown.md#code-blocks)) - [ ] Checked the steps for completeness (no steps are implied or hidden) - [x] Looked at the local or vercel build and checked each new or changed page for: - display on the product curriculum page - callout box formatting - code block highlighting - right-hand navigation - next and back buttons - URL path [SPE-1234]: https://hashicorp.atlassian.net/browse/SPE-1234?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ [CE-1090]: https://hashicorp.atlassian.net/browse/CE-1090?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
diff --git a/content/hcp-docs/content/docs/hcp/iam/sso/index.mdx b/content/hcp-docs/content/docs/hcp/iam/sso/index.mdx
@@ -58,7 +58,7 @@ The process to enable SSO for an HCP organization consists of the following step
 1. Add information from your identity provider to HCP.
 1. [Assign a default role](/hcp/docs/hcp/iam/sso/default-role) to users.
 
-After you enable SSO, you can manage, update, and delete your SSO from HCP. For more information, refer to [manage SSO for your organization](/hcp/docs/hcp/iam/sso/manage).
+After you enable SSO, you can manage, update, disable, and delete your SSO from HCP. For more information, refer to [manage SSO for your organization](/hcp/docs/hcp/iam/sso/manage).
 
 ## SSO integration with HCP Terraform
 
diff --git a/content/hcp-docs/content/docs/hcp/iam/sso/manage.mdx b/content/hcp-docs/content/docs/hcp/iam/sso/manage.mdx
@@ -6,7 +6,7 @@ description: |-
 
 # Manage SSO for your HCP organization
 
-This page describes the processes to manage SSO configurations for an HCP organization, including how to update and delete an existing SSO configuration.
+This page describes the processes to manage SSO configurations for an HCP organization, including how to update, disable, and delete an existing SSO configuration.
 
 ## Manage an HCP Organization with SSO enabled
 
@@ -29,21 +29,39 @@ It is important to delete SSO accounts for users that were removed from your ide
 
 The administrator who owns the organization and enabled SSO can still use their original, non-SSO account to sign in to the HCP web portal and access the SSO-enabled organization. If they previously signed in through GitHub, they can continue to access the organization through GitHub as well.
 
-## Update SSO
+## Update SSO configuration
 
 Organization owners and admins can edit an SSO configuration.
 
 To edit SSO:
 
-1. Click **Settings** and then click **SSO**. You will be redirected to the **Single Sign-On** page.
+1. [Log in to HCP](https://portal.cloud.hashicorp.com/) and go to your organization.
+1. From your organization, click **Organization settings**.
+1. Click **SSO**.
 1. Open the **Manage** menu and select **Edit**. Users can modify the list of domains, the public signing certificate, endpoints, and the default organization role.
 
 Users can add and remove domains, but domains cannot be empty.
 
 - Adding a new domain will allow users with an email address matching the domain to sign up as new SSO users. SSO users using email addresses for the other domains will not be affected. You must also provision new domains on your identity provider and configure them for the Auth0-SSO-Connection.
 - Removing an existing domain will affect SSO users whose email addresses match the removed domain. They can sign in through other methods but will become different users in the database. Organization administrators can remove inactive users from the organization.
 
-## Delete SSO
+## Disable SSO connection
+
+You can temporarily suspend your existing SSO connection without deleting existing configurations. This approach is useful for operations such as troubleshooting, identity provider outages, and policy changes. When you suspend SSO, [user invitations](/hcp/docs/hcp/iam/users) automatically activate. That means existing users can invite other users to your HCP organization according to your current [access management settings](/hcp/docs/hcp/iam/access-management).
+
+To disable your SSO connection:
+
+1. [Log in to HCP](https://portal.cloud.hashicorp.com/) and go to your organization.
+1. From your organization, click **Organization settings**.
+1. Click **SSO**.
+1. Next to your `Enabled` SSO connection, click **...**. Then click **Disable connection**.
+1. Review the warning that appears. Then click **Disable**.
+
+HCP returns you to the **Single sign-on details** page. Your connection's status should appear as `Disabled`. 
+
+When you are ready to re-enable your connection, click **...** and **Enable connection**.
+
+## Delete SSO connection
 
 Organization owners and admins can delete an SSO configuration from their organization.
 
@@ -55,7 +73,11 @@ When you delete an SSO configuration, no SSO user can sign in to HCP. Current SS
 
 To delete SSO from an organization:
 
-1. Select **Delete SSO Configuration** in the **Manage** menu. A dialog appears for you to confirm the deletion of SSO from this organization.
+1. [Log in to HCP](https://portal.cloud.hashicorp.com/) and go to your organization.
+1. From your organization, click **Organization settings**.
+1. Click **SSO**.
+1. Next to the SSO connection you want to delete, click **...**. Then click **Delete connection**.
+1. A dialog appears for you to confirm the deletion of SSO from this organization.
 1. Type **DELETE** and then click **Delete**.
 
 After deletion, organization owners and admins can [re-invite users](/hcp/docs/hcp/iam/users#invite-users) with the default Access Controls (IAM) system.
