Neither the API access for use in scripts and integrations nor the Virtualization CLI access requires SSO. Instead, username and password (optionally with LDAP integration) authentication must be used for API or CLI access. When SSO is enabled on a Delphix Engine, new users by default will have no API access and no password. Administrators can enable API access for any user through the User Management or Masking UIs. The user’s password or LDAP credentials is used for API authentication.

Users created before enabling SSO will maintain their API access enabled. Users with API access but no email address are useful for scripts or integration via the API - they cannot be used to login via the UI. When SSO is enabled, only administrators can change or set email addresses.

A user with API access may also login via SAML into an SSO enabled engine through the UI when they have an email set.