Currently, when SSO enforcement is enabled in Liongard, users can still access the standard login screen and enter their username and password. Although authentication is ultimately redirected to the Identity Provider (IdP) — confirming that SSO enforcement is functioning correctly — this workflow creates a misleading user experience. Users perceive that their credentials are being used for authentication, even though the process is actually verified via SSO. This can cause confusion and concern, particularly for partners with strict security policies requiring exclusive SSO access. Proposed Enhancement: Modify the login UX to detect when SSO enforcement is enabled. When a user attempts to log in manually (via username and password) under enforced SSO, display a clear message or redirect that explains: “This account is configured for Single Sign-On. Please sign in via your Identity Provider.” Optionally, disable the manual credential fields entirely when SSO enforcement is active to prevent any confusion. Business Value / Impact: Increases transparency and trust for security. Prevents confusion or misinterpretation of the login process. Aligns the UX with expected authentication behavior and security standards.
