We are running into an issue with the login behavior on paycor.com. All of our staff have SSO enabled for their accounts. We have a direct link to paycor on our internal dashboard that they are able to use to log in without authenticating. This works very well, but some staff insist on going to paycor.com to log in. Most of our staff have no idea what SSO means or that it is enabled for them on their paycor account (despite multiple emails to staff about SSO for paycor). They are not clicking the SSO button on the login page and instead try to use the username and password that they used to register to attempt to log into paycor. This will throw a generic "We couldn't find an account that matches this username or password" error.
My suggestion is to change the login screen at https://hcm.paycor.com/authentication/signin to simply ask for the user's email. If the user account that is associated with that email has SSO enabled, it should automatically direct the user to the SSO signin page. If the account does not have SSO enabled, it should prompt them for their paycor password.
Many other solutions use this method when dealing with SSO and it seems to work well. If this method does not work for some reason, I would suggest that the error message that the users receive indicate that they must use SSO when logging in instead of receiving a generic error message (or redirect them to the SSO login automatically).
Why should we implement this
Paycor's implementation of SSO is confusing for users. Users will spend a lot of time attempting to log in and resetting passwords without a clear reason why their SSO enabled account is not able to log into paycor.com