These settings applies to both SAML and Windows Integrated Authentication (Kerberos), and are found under the Common menu.
Disable traditional username / password login
Kantega Single Sign-on will by default keep traditional username / password login available. However, when stronger authentication mechanisms (like 2FA) is applied, it is useful to disable this alternative. By disabling the username and password fields from login pages, users will be forced to authenticate via the single sign-on mechanisms.
Enabling this will not let you log in to an administrator account with username and password. If necessary, you may disable this feature by deleting the following file on your Atlassian product server:
It takes up to one minute for change to have effect if you disable by removing the file.
Please notice that this is not to be considered a security feature.
Users with the knowledge of modifying HTML or sending REST request directly, will still in
theory be able to log in using username and password.
Forced SSO URLs
Kantega Single Sign-on will by default only authenticate users where your Atlassian product would otherwise require them to log in with a username and password.
By activating Forced SSO URLs, users may be logged in also on pages that normally do not require this.