SAML has a “Enforce SAML” checkbox, but it doesn’t seem to do what the description says.
Organization members with emails on the domains configured below can use only SAML SSO to log in.
Members from our email domain are still able to login with other login options like username/password.
If this can be fixed, I wouldn’t need Require Two Factor Authentication for Managers and Admins anymore.
Also, logging in via SAML seems to produce an error if the user has enabled 2FA as well.
Hi Gerhard, what type of error is produced? Any chance you can provide more details, i.e. screenshot with the error response? Maybe some steps so I can reproduce this?
If there’s something sensitive, please share it directly via private message.
Hi @gerhard just checked the code, and this is expected for Admin-level users - Admins can log in using any available method, this is the current system logic.
This was made for security purposes, in order for Admins not to lose access in case of some problems with their SAML or OpenID application. We don’t plan to change it for now.
As a workaround solution, ask them to set up an extremely hard password for example.
Hmm, I can’t reproduce it right now. Maybe it’s been fixed since I last tested this. 
Oh, now that you explain that, it makes perfect sense. We’ve switched most of our team members from admin to manager, which solved this. Thanks for the tip.