Regardless of the login types selected to login to iLMS (SAML, Passwordless, Password, etc), Password-based authentication with username/password is ALWAYS ON with no option to turn it off.
For any customer using SSO SAML explicitly, this is a security risk that many SaaS companies recognize and have patched. This can bypass many security best practices such as a customers:
Regional conditional access policy
MFA enforcement
Termination of existing employees (which can access even if disabled in a customer's IDP).
Guest
