diff --git a/ee/api/chalicelib/core/custom_metrics.py b/ee/api/chalicelib/core/custom_metrics.py
index e93792aa7..3ac4012c6 100644
--- a/ee/api/chalicelib/core/custom_metrics.py
+++ b/ee/api/chalicelib/core/custom_metrics.py
@@ -483,7 +483,7 @@ def get_card(metric_id, project_id, user_id, flatten=True, include_data: bool =
         query = cur.mogrify(
             f"""SELECT metric_id, project_id, user_id, name, is_public, created_at, deleted_at, edited_at, metric_type, 
                         view_type, metric_of, metric_value, metric_format, is_pinned, predefined_key, default_config, 
-                        thumbnail, default_config AS config,
+                        thumbnail, DEFAULT_CONFIG AS config,
                         series, dashboards, owner_email {',data' if include_data else ''}
                 FROM metrics
                          LEFT JOIN LATERAL (SELECT COALESCE(jsonb_agg(metric_series.* ORDER BY index),'[]'::jsonb) AS series
diff --git a/ee/api/chalicelib/core/reset_password.py b/ee/api/chalicelib/core/reset_password.py
index 5566ad27f..889b6d2f8 100644
--- a/ee/api/chalicelib/core/reset_password.py
+++ b/ee/api/chalicelib/core/reset_password.py
@@ -17,7 +17,7 @@ def reset(data: schemas.ForgetPasswordPayloadSchema):
         # ---FOR SSO
         if a_user.get("origin") is not None and a_user.get("hasPassword", False) is False:
             return {"errors": ["Please use your SSO to login"]}
-        if config("enforce_SSO", cast=bool, default=False) and not a_user["superAdmin"]:
+        if config("enforce_SSO", cast=bool, default=False) and not a_user["superAdmin"] and helper.is_saml2_available():
             return {"errors": ["Please use your SSO to login, enforced by admin"]}
         # ----------
         invitation_link = users.generate_new_invitation(user_id=a_user["id"])
diff --git a/ee/api/chalicelib/core/users.py b/ee/api/chalicelib/core/users.py
index 14f7052e5..fe6d1c368 100644
--- a/ee/api/chalicelib/core/users.py
+++ b/ee/api/chalicelib/core/users.py
@@ -543,6 +543,9 @@ def change_password(tenant_id, user_id, email, old_password, new_password):
     item = get(tenant_id=tenant_id, user_id=user_id)
     if item is None:
         return {"errors": ["access denied"]}
+    if item["origin"] is not None and config("enforce_SSO", cast=bool, default=False) \
+            and not item["superAdmin"] and helper.is_saml2_available():
+        return {"errors": ["Please use your SSO to change your password, enforced by admin"]}
     if item["origin"] is not None and item["hasPassword"] is False:
         return {"errors": ["cannot change your password because you are logged-in from an SSO service"]}
     if old_password == new_password:
@@ -741,7 +744,7 @@ def authenticate(email, password, for_change_password=False):
         if for_change_password:
             return True
         r = helper.dict_to_camel_case(r)
-        if config("enforce_SSO", cast=bool, default=False) and not r["superAdmin"]:
+        if config("enforce_SSO", cast=bool, default=False) and not r["superAdmin"] and helper.is_saml2_available():
             return {"errors": ["must sign-in with SSO, enforced by admin"]}
 
         jwt_iat = change_jwt_iat(r['userId'])