In my case i do not want a way open for any other means then a login over SAML.
This has to do with the authentication contract i am using:
- IF user comes from local network (my LAN) the contract will execute a username/password login via SAML
- IF a/the user comes from any other source the contract will execute username/password/2FA login.
In short i am using a risk-based policy to entforce this.