Problem
Users in an HCP Terraform organization configured with single sign-on (SSO) are required to have a password associated with their account, even though they authenticate to that specific organization using their SSO provider.
Cause
All user accounts in HCP Terraform require a password to ensure full platform functionality. This requirement exists for two primary reasons:
- Membership in Multiple Organizations: A single HCP Terraform user account can be a member of multiple organizations. If a user belongs to both an SSO-enabled organization and a non-SSO organization, they must use their password to log in and access the non-SSO organization.
- Step-Up Authentication: HCP Terraform requires password re-authentication for actions that affect sensitive user data, such as accessing the user settings page. This security measure applies to all users, regardless of how they authenticated to their organization.
Without an associated password, users would be unable to access non-SSO organizations or perform essential administrative actions on their own accounts.
Additional Information
For more details on configuring single sign-on, please refer to the official HCP Terraform documentation on SSO.