diff --git a/app/controllers/sso_settings_controller.rb b/app/controllers/sso_settings_controller.rb
index 9e90d1de..3e9b6bba 100644
--- a/app/controllers/sso_settings_controller.rb
+++ b/app/controllers/sso_settings_controller.rb
@@ -3,7 +3,6 @@
 class SsoSettingsController < ApplicationController
   before_action :load_encrypted_config
   authorize_resource :encrypted_config, only: :index
-  authorize_resource :encrypted_config, parent: false, except: :index
 
   def index; end
 
diff --git a/app/views/shared/_settings_nav.html.erb b/app/views/shared/_settings_nav.html.erb
index ec4d5c43..480c5002 100644
--- a/app/views/shared/_settings_nav.html.erb
+++ b/app/views/shared/_settings_nav.html.erb
@@ -42,12 +42,10 @@
           <%= link_to 'Users', settings_users_path, class: 'text-base hover:bg-base-300' %>
         </li>
       <% end %>
-      <% unless Docuseal.multitenant? %>
-        <% if can?(:read, EncryptedConfig.new(key: 'saml_configs', account: current_account)) && true_user == current_user %>
-          <li>
-            <%= link_to 'SSO', settings_sso_index_path, class: 'text-base hover:bg-base-300' %>
-          </li>
-        <% end %>
+      <% if can?(:manage, :saml_sso) && can?(:read, EncryptedConfig.new(key: 'saml_configs', account: current_account)) && true_user == current_user %>
+        <li>
+          <%= link_to 'SSO', settings_sso_index_path, class: 'text-base hover:bg-base-300' %>
+        </li>
       <% end %>
       <% if Docuseal.demo? || !Docuseal.multitenant? %>
         <% if can?(:read, AccessToken) %>
diff --git a/config/routes.rb b/config/routes.rb
index 9c618b29..76bf5399 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -122,8 +122,8 @@ Rails.application.routes.draw do
       resources :storage, only: %i[index create], controller: 'storage_settings'
       resources :email, only: %i[index create], controller: 'email_smtp_settings'
       resources :sms, only: %i[index], controller: 'sms_settings'
-      resources :sso, only: %i[index], controller: 'sso_settings'
     end
+    resources :sso, only: %i[index], controller: 'sso_settings'
     resources :notifications, only: %i[index create], controller: 'notifications_settings'
     resource :esign, only: %i[show create new update destroy], controller: 'esign_settings'
     resources :users, only: %i[index]