Redirect to SSO page when access to SAML resources is denied
What
When SSO enforcement prevents access to a group or project we should redirect to the SSO page for the user to sign in.
We might also want to consider a more general redirect when a user visits a SAML resource without enforcement being enabled. This would make it more convenient for signed out users to access resources without having to remember the long SSO URL for that group.
Why
Showing a 404 is confusing, especially if the user is signed in but has been denied access because they used password sign in instead of the specific SAML provider required by a group