If your identity provider has a "Single Logout" option, then you can turn this feature ON from the identity provider configuration screen.
For example, Okta has a "Single Logout" checkbox and they require that the "Keeper SP Certificate" is uploaded. After changing this setting, you will need to export the metadata from the IdP and import it back into the Keeper SSO configuration screen.