Question
The question often comes up, why do Terraform Cloud users tied to single sign-on orgs need full accounts with passwords if they will never use these passwords to authenticate to their org?
Answer
The primary reason that all users in Terraform Cloud require passwords is that users may belong to multiple orgs, and without a password they cannot access non-SSO orgs. Additionally, users need to use step-up security to access certain areas of Terraform Cloud, such as the user settings page. Therefore, all accounts need passwords in order to function at even a basic level within one SSO org.