docs: document per-org Google SSO opt-out policy

references/workspace/sso-providers.mdx

@@ -47,6 +47,38 @@ OAuth 2.0-based authentication using Google accounts. Ideal for organizations us
 - **Included in**: Cloud Pro, Enterprise, Self-hosted
 - **Setup guide**: [Google SSO configuration](/self-host/customize-deployment/use-sso-login-for-self-hosted-lightdash#google)
 
+#### Disable Google sign-in for your organization
+
+When Google SSO is enabled at the instance level, organization admins can opt out of Google sign-in for their domains — for example, to enforce sign-in through a dedicated identity provider (Okta, Azure AD, etc.) instead.
+
+To manage your organization's Google SSO policy:
+
+1. Go to **Settings** → **Organization** → **Authentication**.
+2. In the **Google** panel, toggle **Enable Google sign-in for this organization** off to hide the Google login button for users in your domains. Toggle it back on (or select **Reset to default**) to follow the instance default.
+3. Optional: expand **Advanced** to override the org's allowed email domains for this method, or to control whether email/password sign-in is shown alongside Google.
+
+<Note>
+  The opt-out applies only to users who belong to your organization. Users from other organizations on the same Lightdash instance are unaffected.
+</Note>
+
+You can also manage the policy through the API:
+
+```bash
+# Disable Google sign-in for your organization
+curl -X PUT https://{{ lightdash_domain }}/api/v1/org/sso/google \
+  -H "Authorization: Bearer <PAT>" \
+  -H "Content-Type: application/json" \
+  -d '{ "enabled": false }'
+
+# Read the current policy (returns null when no explicit policy is set)
+curl https://{{ lightdash_domain }}/api/v1/org/sso/google \
+  -H "Authorization: Bearer <PAT>"
+
+# Reset to the instance default
+curl -X DELETE https://{{ lightdash_domain }}/api/v1/org/sso/google \
+  -H "Authorization: Bearer <PAT>"
+```
+
 ### Okta
 
 OpenID Connect (OIDC) integration with Okta. Supports group synchronization and SCIM provisioning.