Understand storefront SSO limitations

The storefront single sign-on implementation has some limitations you should be aware of.

Storefront SSO does not provide single log-out (SLO). If a shopper signs out of Commerce or if the shopper’s session times out, the shopper may continue to be logged into the identity provider until the identity provider session times out. Similarly, if the shopper signs out or is timed out of the identity provider, the shopper may remain logged into Commerce until the Commerce session times out.

If a Commerce storefront uses SSO exclusively, customer service agents cannot reset shopper passwords in the Agent Console; shopper passwords can be reset only in the identity provider. If a Commerce storefront supports both SSO and standard logins, passwords of shoppers using standard logins can be reset in the Agent Console, but passwords of shoppers using SSO can be reset only in the identity provider.