![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 44%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 4%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
Hello Jessica L E Marshall,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
You're trying to log in to Oracle for work and encountering an error that says "single sign-on has to be disabled." If the Oracle application is managed by your organization, you cannot fix this issue yourself. It requires an IT administrator to correct the Oracle application's configuration. We would recommend you contact your company's IT support and relay the following information:
The Immediate Workaround: You can ask if a separate URL or sign-in page exists for logging in without using SSO.
The Administrative Fix: The IT administrator needs to verify and correct the SAML trust relationship between the Oracle application and the corporate Identity Provider (IdP). The most common causes are:
- Expired SAML Signing Certificate: The certificate used to secure the communication between the IdP (e.g., Microsoft Entra ID) and the Oracle application has expired. The administrator must download the new certificate from the IdP and upload it to the Oracle application's settings.
- Incorrect Reply URL or Entity ID: The Reply URL (Assertion Consumer Service URL) or Entity ID configured in the IdP's enterprise application settings may not exactly match the values configured in the Oracle application. Even a minor typo will cause a login failure.
- Authentication Policy Misconfiguration: The Oracle application's authentication policy might be configured to only allow local user accounts, not federated accounts. The administrator needs to adjust this policy to enable federated authentication.
You can refer below document for better understanding, and it can help the IT team:
https://learn.microsoft.com/en-us/entra/identity/saas-apps/oracle-fusion-erp-tutorial
https://learn.microsoft.com/en-us/entra/identity/saas-apps/oracle-idcs-for-ebs-tutorial
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/debug-saml-sso-issues
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you and 'upvote' for it. This will help us and others in the community as well. Happy to help!
Regards,
Monalisha