We got a requirement recently to limit access to single sign-on setting. At the moment all administrators are able to deactivate this for themselves at any given moment and effectively skip all security controls. We believe that not all admins should be able to do this. In companies which have more builders (for example 25) you may find some 'regular' developers who are just building their models and some people who are also responsible for overall governance (COE team). I'd suggest that SSO should be changed at Tenant administrator level as only limited amount of admins have access to it and it could be easily controlled there. We are not even able to see in history who and when did the change (it appears under blank model change) so the only way to control it is to export Users tab every day to keep track on all changes, which is quite tedious process. Moreover, currently administrator can turn SSO off for himself which should not be possible at all. I suggest it works exactly the same way as administrator (admin can't revoke his admin privileges and needs another admin to do this) so additional person will be needed to do that action. It should slightly increase SSO security.