I have an external authentication provider (saml), which I would like all users to use. So, I’m willing to disable the internal login screen. However, I have some doubts that I may lock myself out in case the external authentication provider goes down.
Is there a workaround to access the internal login in case it’s disabled?
My solution to simillar problem was as follows:
- Enable and configure external auth
- Set the following options for auth settings:
Users won’t need and won’t be able to reset their password for given login; They also won’t be able to create new accounts.
When split-credential check is enabled, even when the user inputs their email address like they would with login/password, they will be redirected to saml login if the account exists and has external login set. This way, if you have admin login which doesn’t exist in saml provider, you’ll be asked to provide password when trying to login as admin.