Group SAML should redirect to SSO page when signed out, even with SSO enforcement disabled
Problem
If a signed out user tries to access a resource on a SAML group they will see a 404. This can be confusing, and it can be hard to navigate to the SSO page for that particular group.
Solution
When enforcement is enabled we redirect to the SSO page instead of showing a 404. We could extend that to include redirecting when accessing all SAML group resources while signed out.