Kantega SSO Enterprise allow you to define how users should be redirected to identity providers. You can choose to have no redirection and only a SSO link on the login page, instant redirection of all users as well as 2-step login where a subset of users are redirected.
The screenshot below shows the various redirection modes. At the bottom of the page you can specify whether the Idp (in this example Azure AD) should be shown with a link on the login page and whether SSO should apply to the customer portal of Jira Service Desk.
2-step login
Many organizations have multiple user groups with various login requirements. While SSO to Atlassian application is typically setup as the default login mechanism for most users, it is also commonly necessary to give user who are not a part of the corporate user databases (for example external consultants, system admins and interns) access.
2 Step Login allow you to align one or more SAML identity providers with traditional and native username / password login. It creates a login experience where users are asked to only type in their username. Then based on properties of the particular user, he or she is redirected to the relevant SAML identity provider or simply asked to type the built-in password.
The following three redirect modes will enable 2 Step Login:
Email domain - Redirect user based on the domain part of their provided username.
User directory - Redirect user based on the user directory they are stored.
Group memberships - Redirect user based on the groups they are members of.
The following video demonstrates both how to setup this and this plays out in practice for the users.