After we implemented SSO in Aha!, we wanted to disable non-SSO login for users who have email addresses in the domain supported by SSO. We created hundreds of accounts in Aha! before we implemented SSO. After we implemented SSO, all we could do is encourage and ask users to switch to SSO. Subsequently we've had employees leave the company voluntarily and involuntarily. The information in Aha! is company proprietary and confidential. We want to ENFORCE SSO at the next login, not just encourage it. Note, we do have contractors who cannot use SSO bc their email is not in the company domain and we need to continue to support their login (non-SSO).
It is possible to force a user to log in using SSO by editing the user and choosing the SSO provider as their identity provider. Once that is done the user can only login using that identity provider.
In the list of users the SSO identity provider is displayed so it is possible to see any users who are not using SSO.
New users cannot add themselves to the account using password, only by provisioning though SSO.
Here is the field to set to for a user to use the SSO provider (in this case it is using SSO via Google, but the it works the same way with SAML):