Overview
- This article explains the procedure to disconnect Access Control from Google Workspace.
Notes
- The content of this article is based on the product specifications as of July 2026 and may be changed without prior notice.
- A Google Workspace super administrator account is required to perform this procedure.
- For instructions on how to access the Access Control Administration, please refer to the following article.
How to Access the Access Control Administration - Before disconnecting Access Control, be sure to inform users of their Google Workspace login passwords in advance.
* After disabling Single Sign-On, users will log in using their Google Workspace login passwords.
Table of Contents
- Preparation
- Disabling Single Sign-On
- Disabling Other SSO Services
- Deleting Synchronization Services
- Deleting HENNGE Custom Domain
- Deleting "More" Links
- User Tasks
Procedure
Preparation
Before disconnecting Single Sign-On, inform users of their Google Workspace login passwords in advance.
If a user has forgotten their Google Workspace login password, please reset the password from the Google Workspace Admin console.
Reset a user's password in Google Workspace (external link)
Disabling Single Sign-On
- Access the Google Workspace Admin console and go to [Security] – [Authentication] – [SSO with third-party IdP].
- From the [Third-party SSO profiles] list, check the profile name used for SSO integration with Access Control and proceed to the corresponding procedure.
・If the SSO profile name is [Legasy SSO Profile], proceed to the following If the SSO profile name is Legasy SSO Profile section.
・If the SSO profile name is other than [Legasy SSO Profile], proceed to If the SSO profile name is not Legasy SSO Profile.
If the SSO profile name is Legasy SSO Profile
- From the [Third-party SSO profiles] list, click the relevant [Legasy SSO Profile].
- In the edit screen, uncheck [Enable previous SSO profile] and set all of the following fields to blank.
- Login page URL
- Logout page URL
- Change password URL
- On the same screen, uncheck [Use domain-specific issuer] and click [Save].
- From the [Third-party SSO profiles] list, click [Manage SSO profile assignments] – [Manage].
- Make sure that the value for [Select SSO profile] for the organizational unit is set to [None]. If it is set to [Previous SSO profile], change the dropdown to [None] and click [Save].
* If SSO integration is enabled for all users, check the top-level organizational unit. If SSO integration is enabled for only some users, check the relevant organizational unit.
If the SSO profile name is not Legasy SSO Profile
- From the [Third-party SSO profiles] list, click [Manage SSO profile assignments] – [Manage].
- Select the organizational unit where SSO integration is enabled, change the [Select SSO profile] dropdown to [None], and click [Save].
* If SSO integration is enabled for all users, select the top-level organizational unit. If SSO integration is enabled for only some users, select the relevant organizational unit and remove the SSO profile assignment. - Return to the [SSO with third-party IdP] screen from step 1, and from [Third-party SSO profiles], select the profile used for SSO integration.
- In the edit screen, click [Delete], and in the popup window that appears, select [Delete].
Disabling Other SSO Services
If there are any services (other than Google Workspace) that are using Single Sign-On (SSO) with Access Control, please disable SSO for those services as well.
Check the [Connected Services] in the Access Control Administration for the target services.
The SSO disabling process must be performed on the connected service provider (SP) side.
For detailed instructions on how to disable SSO, please contact the support desk of each SP.
Deleting Synchronization Services
If you are synchronizing Active Directory with Access Control
* If you are not using the synchronization service (HDE One Directory Sync), no action is required.
Perform the following steps on the Windows server where HDE One Directory Sync is installed.
- Uninstall HDE One Directory Sync.
From [Control Panel] – [Programs and Features], uninstall the following program:
HDE One Directory Sync - Delete files related to HDE One Directory Sync.
Manually delete the C:\Program Files\HDE One Directory Sync folder and all files directly under that folder. - Delete files under the HDEOne folder.
If the C:\HDEOne folder exists, manually delete that folder and all files directly under it.
If you are provisioning between Access Control and Google Workspace
* If you are not provisioning with Google Workspace, no action is required.
Perform the following steps in both the Access Control Administration and Google Workspace.
- From the Access Control Administration, go to [System] – [Provisioning Settings], and click [View Details] to the right of [Full Sync] – [Google Workspace].
- When the Google Provisioning settings are displayed, turn off [Account provisioning] and [Password provisioning], then click [Save Changes].
- From the Google Workspace Admin console, go to [Security] – [Access and data control] – [API controls], and click [Manage domain-wide delegation].
- Delete the entry where the "Name" is "HENNGE Access Control" and the end of the "Scopes" matches the following.
* To check the name, hover over the row you want to check and click [Show Details] displayed on the right.- admin.directory.user
- https://mail.google.com/
Deleting HENNGE Custom Domain
If you have created and used a xxxx.myhennge.com subdomain in Access Control, please delete the custom domain using the following procedure.
[HENNGE One Launcher] Procedure to Delete Custom Domain
Deleting "More" Links
* If you have not set up "More" links, no action is required.
Log in to the Google Workspace Admin console, and from [Apps] – [Google Workspace Marketplace apps] – [App list], delete any relevant service links if present.
User Tasks
* If you do not have a contract for Secure Browser app or Device Certificates, no action is required.
Please uninstall the Secure Browser app and Device Certificates from each user's device.
Even if they remain, they will not affect the device, but continued use will not be possible.