Problem
When attempting to log in to a Terraform Enterprise (TFE) instance where Single Sign-On (SSO) is enabled, non-administrative users with local accounts (username and password) receive the following error message:
Username/password login is disabled for non-admin users. Contact your TFE Administrator for additional information.
Cause
This behavior is by design. When SSO is enabled in a TFE instance, the system intentionally restricts local username and password logins for non-administrative users to enforce the configured SSO authentication policy.
Solution
There is no configuration that allows non-administrative local users to log in with a username and password when SSO is enabled.
The only exception is for local users who have administrative permissions. These admin accounts can bypass SSO and log in directly to the TFE instance using their username and password. This provides an access path for administrative tasks if the SSO provider is unavailable.
Additional Information
For more details on managing authentication, refer to the Terraform Enterprise documentation on configuring Single Sign-On.