I recently submitted my first OIN app and one of the questions was “Is your app considered a “Big Bang”? This means you don’t allow username password logins once SSO is enabled.”
The answer is yes or that is our intention at least. The method for doing is the problem. I have worked with Okta support and they told me there is no way out of the box to do this. I am really skeptical that Okta would ask this question via the OIN submission form but not have it as a feature for Service Providers.
Is there a way, once a user is associated with an IdP, to not allow them to login via username and password? We do already use IdP discovery policies but there are places (native desktop app) where we can’t do this and thus want to basic auth there.