Shouldn't the user still be able to log in directly from
Netsuite.com , even if SSO is broken? We're still working on fixing the SSO settings. The strange thing is that if I remove the "SAML Single Sign On" permission entry under Permissions --> Setup in the role, they are then able to see the role; even if "Single Sign-On Only" isn't checked.