How to preserve the SSO data from being cloned down to the target instance
In order to preserve the SSO data (and not move it to the target instance) you would have to set up data preservers and excludes.
You would have to add the SSO tables to the data preserver table on the target instance, that way, when the clone runs, the data on those tables would be preserved.
You would also set up a data exclude, on the source instance and add the SSO tables to it. That way, the SSO information (tables) from source instance would not be carried over with the clone and because of the data preservers set on the target instance, the instance will preserve its SSO information.
Here is our documentation on Data Preservation:
"You can use data preservers to protect data on the target instance from being overwritten. If you have custom applications, you must also manually preserve unpublished application content."
Link to data excludes:
"Exclude a table to create an empty but usable table on the target instance.
About this task
The System Clone > Exclude Tables module lists the tables that are not copied during a system clone. By default, the system excludes tables for logging, auditing, notifications, workflow contexts, and license usage."