When using SAML or another login method than username password, it's important from a security perspective to block those users from login on with a username / password.
The old method was to create a fake/dummy radius configuration, which users could not get passed. This radius server could be setup as default for any new user.
In more recent versions, the option to “Disable Forms Login” has been made available. It was a great, only not finished.
Having to set this check box for 1000 users is no fun. And I hate going into the database and making these changes in there.
Worst part is new users. They don’t get this option by default. So as long as this check box is not checked, this users does not comply with our security rules.