Switching to Single Sign-On (SSO) doesn’t have to be all‑or‑nothing. Gradual rollout lets you turn on SSO for your organization while keeping a safe fallback to Cedar identity for select users.

What is gradual rollout?

  • By default, when SSO is enabled for your organization (domain/tenant), users sign in with SSO.
  • With gradual rollout, you can allow specific users to continue using Cedar identity temporarily while you complete your SSO rollout.
This is ideal for large teams, staged rollouts, or when you want a safety net while testing SSO with a subset of users.

How it works (at a glance)

Default (SSO only)

Users are directed to sign in with your configured identity provider (e.g., Okta, Microsoft, Google).

Gradual rollout

SSO is on, and selected users can still sign in with Cedar identity during the transition.

What your users see

  • When gradual rollout is enabled, affected users will see a friendly option to use Cedar identity if SSO isn’t working for them yet.
  • Everyone else signs in with SSO as usual.

When to use it

  • You’re piloting SSO with a smaller group first
  • You have mixed user bases (contractors, external partners) and need time to migrate
  • You want a straightforward fallback plan during cutover

Rolling back a single user

If a user can’t sign in with SSO during rollout, an administrator can quickly switch them back to Cedar identity while you investigate. This change is reversible, and the rest of your users remain on SSO.
Contact your Cedar support representative if you’d like help enabling gradual rollout or planning a phased migration.

FAQs