When you implement SSO late in the game, what happens to all your existing users who do not have SSO logins? Can they update the way they login? Or do they continue to use their username and password? Should a customer be mindful of anything when setting up SSO late in the game?
Implementing SSO without disabling username/password login:
As long as you do not disable the ability to login via username and password, the users will still be able to log in. If they are using the same email address that corresponds with the new SSO, they will now have two forms of logging in. Users can choose if they keep logging in the way they did (username + pw), or they choose SSO
Implementing SSO with disabling username/password login:
if you decide to move away from username/password login and only do SSO login, users will lose access to their manually registered accounts, if the SSO email doesn't match that existing account
An administer would have to manually change the email address of any existing accounts that do not match the SSO provided one.