Scenario:
Custoemr is using SAML SSO with import of users from IdP. Such users are created in UMC as local users.
Users who are using SAML
today are still able to reset their passwords, and use the "SKIPSSO" backdoor to
login with their identity as if they are local accounts though they can be in the future locked on IdP.
Expected behavior is that the parameter "skipsso" will work only for users "system" and "superuser". For common users may be thap option prohibited.
