Pressingly · UsamaSadiq · May 25, 2026 · May 22, 2026
diff --git a/...y-front/src/modules/settings/profile/components/ProfileTwoFactorAuthenticationSection.tsx b/...y-front/src/modules/settings/profile/components/ProfileTwoFactorAuthenticationSection.tsx
@@ -0,0 +1,59 @@
+import { useIsSsoEnabled } from '@/auth/hooks/useIsSsoEnabled';
+import { SettingsCard } from '@/settings/components/SettingsCard';
+import { useCurrentUserWorkspaceTwoFactorAuthentication } from '@/settings/two-factor-authentication/hooks/useCurrentUserWorkspaceTwoFactorAuthentication';
+import { useLingui } from '@lingui/react/macro';
+import { SettingsPath } from 'twenty-shared/types';
+import { getSettingsPath } from 'twenty-shared/utils';
+import { H2Title, IconShield, Status } from 'twenty-ui/display';
+import { Section } from 'twenty-ui/layout';
+import { UndecoratedLink } from 'twenty-ui/navigation';
+
+// Under SSO the IdP owns MFA — Twenty's local TOTP setup is a dead control.
+// Outer component bails out before inner hooks run.
+export const ProfileTwoFactorAuthenticationSection = () => {
+  const isSsoEnabled = useIsSsoEnabled();
+
+  if (isSsoEnabled) {
+    return null;
+  }
+
+  return <ProfileTwoFactorAuthenticationSectionInner />;
+};
+
+const ProfileTwoFactorAuthenticationSectionInner = () => {
+  const { t } = useLingui();
+
+  const { currentUserWorkspaceTwoFactorAuthenticationMethods } =
+    useCurrentUserWorkspaceTwoFactorAuthentication();
+
+  const has2FAMethod =
+    currentUserWorkspaceTwoFactorAuthenticationMethods['TOTP']?.status ===
+    'VERIFIED';
+
+  return (
+    <Section>
+      <H2Title
+        title={t`Two Factor Authentication`}
+        description={t`Enhances security by requiring a code along with your password`}
+      />
+      <UndecoratedLink
+        to={getSettingsPath(
+          SettingsPath.TwoFactorAuthenticationStrategyConfig,
+          { twoFactorAuthenticationStrategy: 'TOTP' },
+        )}
+      >
+        <SettingsCard
+          title={t`Authenticator App`}
+          Icon={<IconShield />}
+          Status={
+            has2FAMethod ? (
+              <Status text={t`Active`} color="turquoise" />
+            ) : (
+              <Status text={t`Deactivated`} color="gray" />
+            )
+          }
+        />
+      </UndecoratedLink>
+    </Section>
+  );
+};
diff --git a/...ules/settings/profile/components/__tests__/ProfileTwoFactorAuthenticationSection.test.tsx b/...ules/settings/profile/components/__tests__/ProfileTwoFactorAuthenticationSection.test.tsx
@@ -0,0 +1,44 @@
+import { render } from '@testing-library/react';
+
+import { ProfileTwoFactorAuthenticationSection } from '@/settings/profile/components/ProfileTwoFactorAuthenticationSection';
+
+jest.mock('@/auth/hooks/useIsSsoEnabled', () => ({
+  useIsSsoEnabled: jest.fn(),
+}));
+
+jest.mock(
+  '@/settings/two-factor-authentication/hooks/useCurrentUserWorkspaceTwoFactorAuthentication',
+  () => ({
+    useCurrentUserWorkspaceTwoFactorAuthentication: jest.fn(),
+  }),
+);
+
+const useIsSsoEnabledMock: jest.Mock = jest.requireMock(
+  '@/auth/hooks/useIsSsoEnabled',
+).useIsSsoEnabled;
+
+const useCurrentUserWorkspaceTwoFactorAuthenticationMock: jest.Mock =
+  jest.requireMock(
+    '@/settings/two-factor-authentication/hooks/useCurrentUserWorkspaceTwoFactorAuthentication',
+  ).useCurrentUserWorkspaceTwoFactorAuthentication;
+
+describe('ProfileTwoFactorAuthenticationSection', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  // Under SSO the IdP owns MFA — the outer component returns null before
+  // useCurrentUserWorkspaceTwoFactorAuthentication runs. The SSO-off path
+  // defers to the inner component which needs providers — out of scope here.
+  it('returns null when SSO is enabled without invoking inner hooks', () => {
+    useIsSsoEnabledMock.mockReturnValue(true);
+
+    const { container } = render(<ProfileTwoFactorAuthenticationSection />);
+
+    expect(container.firstChild).toBeNull();
+    expect(useIsSsoEnabledMock).toHaveBeenCalled();
+    expect(
+      useCurrentUserWorkspaceTwoFactorAuthenticationMock,
+    ).not.toHaveBeenCalled();
+  });
+});
diff --git a/packages/twenty-front/src/pages/settings/SettingsProfile.tsx b/packages/twenty-front/src/pages/settings/SettingsProfile.tsx
@@ -1,32 +1,25 @@
 import { currentWorkspaceMemberState } from '@/auth/states/currentWorkspaceMemberState';
-import { SettingsCard } from '@/settings/components/SettingsCard';
+import { useIsSsoEnabled } from '@/auth/hooks/useIsSsoEnabled';
 import { SettingsPageContainer } from '@/settings/components/SettingsPageContainer';
 import { SetOrChangePassword } from '@/settings/profile/components/SetOrChangePassword';
 import { DeleteAccount } from '@/settings/profile/components/DeleteAccount';
 import { EmailField } from '@/settings/profile/components/EmailField';
 import { NameFields } from '@/settings/profile/components/NameFields';
+import { ProfileTwoFactorAuthenticationSection } from '@/settings/profile/components/ProfileTwoFactorAuthenticationSection';
 import { WorkspaceMemberPictureUploader } from '@/settings/workspace-member/components/WorkspaceMemberPictureUploader';
 import { useCanChangePassword } from '@/settings/profile/hooks/useCanChangePassword';
-import { useCurrentUserWorkspaceTwoFactorAuthentication } from '@/settings/two-factor-authentication/hooks/useCurrentUserWorkspaceTwoFactorAuthentication';
 import { SubMenuTopBarContainer } from '@/ui/layout/page/components/SubMenuTopBarContainer';
 import { Trans, useLingui } from '@lingui/react/macro';
 import { useAtomStateValue } from '@/ui/utilities/state/jotai/hooks/useAtomStateValue';
 import { SettingsPath } from 'twenty-shared/types';
 import { getSettingsPath } from 'twenty-shared/utils';
-import { H2Title, IconShield, Status } from 'twenty-ui/display';
+import { H2Title } from 'twenty-ui/display';
 import { Section } from 'twenty-ui/layout';
-import { UndecoratedLink } from 'twenty-ui/navigation';
 
 export const SettingsProfile = () => {
   const { t } = useLingui();
   const currentWorkspaceMember = useAtomStateValue(currentWorkspaceMemberState);
-
-  const { currentUserWorkspaceTwoFactorAuthenticationMethods } =
-    useCurrentUserWorkspaceTwoFactorAuthentication();
-
-  const has2FAMethod =
-    currentUserWorkspaceTwoFactorAuthenticationMethods['TOTP']?.status ===
-    'VERIFIED';
+  const isSsoEnabled = useIsSsoEnabled();
 
   const { canChangePassword } = useCanChangePassword();
 
@@ -66,38 +59,17 @@ export const SettingsProfile = () => {
           />
           <EmailField />
         </Section>
-        <Section>
-          <H2Title
-            title={t`Two Factor Authentication`}
-            description={t`Enhances security by requiring a code along with your password`}
-          />
-          <UndecoratedLink
-            to={getSettingsPath(
-              SettingsPath.TwoFactorAuthenticationStrategyConfig,
-              { twoFactorAuthenticationStrategy: 'TOTP' },
-            )}
-          >
-            <SettingsCard
-              title={t`Authenticator App`}
-              Icon={<IconShield />}
-              Status={
-                has2FAMethod ? (
-                  <Status text={t`Active`} color="turquoise" />
-                ) : (
-                  <Status text={t`Deactivated`} color="gray" />
-                )
-              }
-            />
-          </UndecoratedLink>
-        </Section>
+        <ProfileTwoFactorAuthenticationSection />
         {canChangePassword && (
           <Section>
             <SetOrChangePassword />
           </Section>
         )}
-        <Section>
-          <DeleteAccount />
-        </Section>
+        {!isSsoEnabled && (
+          <Section>
+            <DeleteAccount />
+          </Section>
+        )}
       </SettingsPageContainer>
     </SubMenuTopBarContainer>
   );