What is gradual rollout?
- By default, when SSO is enabled for your organization (domain/tenant), users sign in with SSO.
- With gradual rollout, you can allow specific users to continue using Cedar identity temporarily while you complete your SSO rollout.
This is ideal for large teams, staged rollouts, or when you want a safety net while testing SSO with a subset of
users.
How it works (at a glance)
Default (SSO only)
Users are directed to sign in with your configured identity provider (e.g., Okta, Microsoft, Google).
Gradual rollout
SSO is on, and selected users can still sign in with Cedar identity during the transition.
What your users see
- When gradual rollout is enabled, affected users will see a friendly option to use Cedar identity if SSO isn’t working for them yet.
- Everyone else signs in with SSO as usual.
When to use it
- You’re piloting SSO with a smaller group first
- You have mixed user bases (contractors, external partners) and need time to migrate
- You want a straightforward fallback plan during cutover
Rolling back a single user
If a user can’t sign in with SSO during rollout, an administrator can quickly switch them back to Cedar identity while you investigate. This change is reversible, and the rest of your users remain on SSO.Contact your Cedar support representative if you’d like help enabling gradual rollout or planning a phased migration.
FAQs
Is gradual rollout available for all providers?
Is gradual rollout available for all providers?
Yes. Gradual rollout is supported for Google, Okta, and Microsoft (Azure AD).
Does this affect security?
Does this affect security?
No. Your organization remains protected. Gradual rollout only allows a subset of users to sign in with Cedar
identity while SSO is being phased in.
How do we enable it?
How do we enable it?
Your Cedar representative can turn it on for your tenant/domain and guide you through a staged rollout.