To increase isolation between user accounts, to prevent the use of a pre-existing account, and to isolate personal/work activity for a user, we should allow a group to force the usage of group managed accounts for use with an SSO-enabled group. This means: * A user must use a user account that is managed by the top-level group for their UI/SSH activity associated with the group (and associated subgroups/projects), * Managed user accounts will be forced to use the email address associated with their identity record on the configured identity provider. Thus, notifications and commits are associated with the user's work email address - and cannot be changed. When the account is deactivated from the identity provider, the user will be deprovisioned from the group. Since they'll also likely lose access to their email address, they'll be unable to access whatever sensitive information that may exist from prior notifications.