OAuth token generation stopped working after enabling the SSOIssue If SSO is enabled in an instance, then OAuth communication might not work for our 3rd party external vendors however the basic authentication does work.CauseIf you are able to see the below message in the system logs by invoking the API call to get the OAuth token (via postman in this case for the illustration) with the "glide.authenticate.multisso.enabled" property enabled then its an indication that one of the authentication policy is preventing the user from accessing the instance. {"error_description":"access_denied","error":"server_error"} 2023-03-22 14:40:39 (954) Default-thread-5 DCB894FCC3B5A11008CF92AF050131E8 txid=762954fcc3b5 event="LOGIN_FAILURE" mode="glide_auth_event_login" authentication_parameter1="user_name=test.integration" authentication_multi_factor_enabled="true" authentication_parameter2="User is not allowed as per Auth Policy." log_type="SECLOG" session_id="DCB894FCC3B5A11008CF92AF050131E8" tx_num="55985" url="/oauth_token.do" domain="global" http_last_time="1679521115070" jsession_id="013951" http_uagent="PostmanRuntime/7.31.3" user="guest" user_id="5136503cc611227c0183e96598c4f706" http_time_zone="US/Eastern" user_group="n/a" http_browser="unknown"ResolutionDeactivating the below policy should resolve the issue ➜ Allow Non Local Login Users # https://XXXXX.service-now.com/nav_to.do?uri=sys_authentication_policy.do?sys_id=2f024f70730220103a5b0dd43cf6a70a ➜ This policy gets enabled via the plugin "com.snc.adaptive_authentication" Reference # https://XXXX.service-now.com/nav_to.do?uri=v_plugin.do?sys_id=com.snc.adaptive_authentication When enabling Multi-Provider SSO, the platform also enables Account Recovery (ACR) - which is a new feature introduced in the Rome release and does not allow users to login with username and password. Only an Admin user is an exception and it also demands enabling Multi-Factor Authentication (MFA) for Admin users. Review the access policies as suggested above and the relevant documents and make the changes as per your organization's need.Related Links Authentication policiesAccount recovery (ACR)