When enabling RealVNC Account SSO for your RealVNC Connect team, please be aware of the below restrictions and security considerations.

Restrictions

Teams

1. Your SSO tenant/identity provider can only be associated with one Team
2. All other members of an SSO-enabled Team must be SSO users; users with a standard RealVNC account cannot be part of an SSO-enabled Team
3. Mandated two-factor authentication using RealVNC Connect's 2FA cannot be enabled on SSO-enabled Teams
   1. Note, this does not prevent using your identity provider's 2FA for accounts, this refers to RealVNC's own 2FA for accounts which cannot be used with an SSO account
4. Once a Team has SSO enabled, it cannot be undone

People (Users)

1. SSO Users cannot sign in to the License Wizard, a cloud connectivity token must be used instead
2. SSO Users cannot change their contact details or authentication settings in the RealVNC Connect Portal as they are controlled by your identity provider

Security considerations

Once your Team has been enabled for SSO sign-in, please be aware that:

1. RealVNC Connect will not perform device authorization or two-factor authentication for users
2. Mandated two-factor authentication using RealVNC Connect's 2FA is disabled on the Team
   1. Note, this does not prevent using your identity provider's 2FA for accounts, this refers to RealVNC's own 2FA for accounts which cannot be used with an SSO account
3. It is up to the customer to ensure that their identity provider is configured to provide adequate security for their users