This idea is related to the fact that some SAML Auth Providers have multi-account capabilities (e.g. Google Suite). Let me put it in an scenario. We have the 'user1' that has both institutional and personal email.
Institutional email: firstname.lastname@example.org
Personal email: email@example.com
'user1' is logged with the personal account and then when tries to login in Blackboard with the SSO, it will fail because the personal email is not in the GSuite records related to Blackboard.
This idea is basically to have an option (that you can turn off/turn on system wide) to force the saml auth provider to ask to enter the credentials. I've checked in the SAML response and there is a parameter that can accomplish this ForceAuthn="true"
|Product Version (if applicable):||0|