SSO possible without personal account?

I have migrated to “Require SSO” for my organization but from time to time users still have to provide their personal account username and password.

We’ve provided a password storage tool where our employees keep their long random passwords for services. I want to sunset that tool since we are migrating entirely to SSO so they don’t need to remember so many passwords.

Is it possible to have just an SSO enabled account associated with just my Organization with none of the added end-user cost (and risk of them forgetting or losing their personal password) for them managing the personal account username/password?

For GHEC (github.com) the organization/enterprise SAML SSO still requires a GitHub account, the integration just provides a linkage to the SAML identity in your IDP, all your work is performed as you GitHub Account
For GHES (on premise self hosted) it will work more like a tradional true SSO solution

1 Like

Thanks @byrneh!!

So it seems like my only option is to set up a secondary entry in my IdP service to provide a base to store their personal password alongside the icon to get them into our organization. Otherwise they are likely to lose their old password or resort to less random or long passwords. But at least I know bad actors will have a tougher time getting into my org…

Or has anyone else found a viable solution short of letting their end users be frustrated because of the multiple authN experience or worrying about an on-site github deploy?