Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

SSO Bypass URL / Backdoor access for Emergency

Regular Contributor
Regular Contributor



We want to try out SSO and the what is the backdoor or bypass SSO URL to login to EIC in case SSO is not working.

This URL -> is not working as it gives Invalid User error even for admin credentials.




Hi @rituparna_pwc ,

Set passwordexpired=0, localauthenabled=1 for the user to bypass the SSO and then use above url and try to login. Use below query to do that, make sure change the username of the user.

update users set passwordexpired=0, localauthenabled=1 where username='SAVIyntXXXXX'

Let me know if it helps.

Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

@pmahalle , We are locked out of Saviynt to run any queries now. Will try this route thanks

Valued Contributor
Valued Contributor

Hi @rituparna_pwc 

For users to be able to login to IGA using local login, the LOCALAUTHENABLED flag on the user profile needs to be set and set the PASSWORDEXPIRED to false.

Please create an FD for this as the Enhanced Query Execution in your version does not support updates to the users table via the Saviynt UI.

Solved: API & Local Authentication - Saviynt Forums - 25216


Md Armaan Zahir

Saviynt Employee
Saviynt Employee

@rituparna_pwc ,

We are currently not supporting local auth enabled identities as it poses a security risk. So as per the product team's guidelines we have disabled few already local auth enabled identities in old environments by informing the customers and we do not  supporting creation of new ones.

Thanks for understanding.


New Contributor III
New Contributor III

Hello @pruthvi_t ,


Then in the new version how are we able to create/use api users? I'm in 23.9 and because I don't have auth enabled I cannot have api users if I have the SSO enabled.

Kind regards,