No, it's not configurable to have username and password as fallback.
The option is to log in to CLI and run the command:
system sso-reset
This command will remove the requirement to authenticate with SSO and ClearPass will revert to username and password.
Keep in mind to ha e the SSO configuration documented to be able to restore the configuration manually in an easy way.
CLI doesn't support SSO, thus you are always able to log in with appadmin and if you have configured a Service for Policy Manager authentication you can also use Active Directory accounts.
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Apr 30, 2025 11:50 AM
From: thecompnerd
Subject: Clearpass SSO for Policy Manager Login
We've setup several internal network products to use SSO and they all create a link on the login page to optionally login via SSO. This is nice because it doesn't force you into SSO, which is helpful if Internet access is down or there's an issue with your IdP. I'm in the process of configuring SSO for Clearpass and noticed that I'm forced to use SSO when going to the Clearpass app (guest, insight, etc), and there's no backup method to login, like we have with other network products we use.
Is there a setting to check or failback to use traditional or local login if encountering SSO issues? Including a screenshot of a mock example.