The failover url can be randomized(regenerated) and can only be seen by the administrators

The whole point of having the failover is if your SSO provider isn't working properly and you can't login then you use the failover so you can still login to your Jamf Pro server. The whole point of having a SSO is to only allow authorized users to login to your Jamf Pro server. 

it won't work unless you turn on fail over.. 

So security team can enable that option in their console?

 plus the recent update to randomise the URL.. only an admin will know it.. 

So if I uncheck it from Jamf console then it will be disabled to bypass SSO authentication?

correct, but.. if you SSO goes down.. or something goes.. funky.. you won't be able to log in.. so make sure you have a back up plan.. 

Make sense what you said, but if SSO goes down that time security team can remove the SSO also if I cant login to my Jamf console, correct?

depends on your business security requirements. I'd suggest checking in with jamf support on this. 

Make sense, thanks a ton.

That was a long concern about the failover login as it was the same for every Jamf instance. Now you can generate a random URL that is unique to your instance. Go in to Settings -> Single Sign On. Click edit and click the regenerate button. Take note of the URL that is generated. If you every need to login with a local account (like your "break glass in case of emergency" account) you will need this random URL. 

Make sense, that is a good news for security.