Refactor proposed fixes for SSO related bug into smaller change sets
As part of the incident review we identified that SSO enforcement code can be refactored to consider admin_mode and clarify SSO behaviour. The work was previously done in the MR !116570 (closed)
This task is to review those changes and iteratively propose them in smaller MRs so that they can be reviewed/tested.