We have seen how to login to Salesforce using Federated authentication in my last blog -
To restrict user login from Salesforce Login we need to follow the below steps:
Don’t forget to check out: Salesforce to Salesforce SSO using Authentication Provider
1) Go to Set up and search for 'Domain Management' in the quick search. Click on 'My Domain' and enable it. Follow instructions to set up My Domain and deploy it to users. This process may take 48 hours for domain name registration and this process is not reversible. Once the domain name is registered, under 'My Domain Settings', set the 'Login Policy' and check the 'Prevent login from https://login.salesforce.com' checkbox. See the below image for reference.
Under Authentication Configuration, set the Authentication service to <your SSO Settings name>. In my case, it is 'SSOAxiom'. See the below image.
2) Single Sign-On Settings - Set the 'Identity Provider Login URL' to the URL that the user must force login from. Now set the 'Entity Id' to your domain URL with https. See the below image.
If you will try login through Salesforce Login, it will not let you log in to the system as you have prevented that from My Domain settings. So, to login to the System, copy 'Salesforce Login URL' from SSO settings and paste it in the browser window to login into Salesforce it will ask to Continue and redirected to the Identity Provider Login URL that you have set up in SSO settings. Now fill the entries as we did in the previous blog. This time Entity id would be your <domain name> as we provided in SSO Settings. See the image below.
Now click the 'Request SAML Response' button and the formatted SAML response page will be shown. No need to change anything on this page. Click on the Login button and you are logged into Salesforce. To troubleshoot the login errors, go through my last blog on Federated Authentication