How Can We Help?
Locking Users Out When Doing System ChangesLocking Users Out When Doing System Changes
If you want to prevent users having access to their Pure, maybe because you are upgrading or during maintenance of Pure, and you are using a SSO for access, this information below may be useful.
This guide applies to 5.30.0 and forward that has the improved authentication setup.
If the users are "authenticated by external system", then you can do the following:
- Create one or two Administrator users that are not authenticated; so do not have the "authenticated by external system" checked in the user setup, if they do not exist already.
- Once you do this, first test that those users can access your Pure without using SSO. To bypass SSO use "...admin/login.xhtml" at the end of url, this should bring you to the normal Pure login screen.
- Once you confirm these users can log into Pure without SSO, you can go ahead and turn off SSO.
- To turn this off go to Administrator > Security > Authentication configurations > SSO authentication method
- Choose SSO authentication method
Select None from the dropdown and save. Now it is disabled. - The SSO configurations are kept, so when re-enabling it the already filled out fields and certs will re-appear.
- When you are ready to let your users access again, log in with your non-SSO admin. user and then go back into Administrator > Security > Authentication configurations > SSO authentication method
- Choose SSO authentication method
- Select the authentication method from the dropdown and save. Now SSO is enabled.
We strongly recommend that before turning off SSO you test the Administrator users you created to make sure they can access your system without SSO (bypass SSO by adding "...admin/login.xhtml" to the end of your URL).
It would also be a good idea to warn your users that they will be unable to access your system by creating a system message by going to Admin > Messages and text ressources > System messages
Published at July 07, 2025