What is the best way to handle the following scenario:
I have both my clients and my employees login to my product, but I want to enforce separate security rules on them.
I want my employees (all with emails of @mydomain.com) to be able to ONLY login with gsuite SSO, and my clients (all with emails NOT @mydomain.com) to only be able to login with a generated user and password I’ve provided.
The user name is always the email address so it’s easy to recognize if a user is my employee or a client.
I don’t really care UI-wise if both sets of users will see both login options (i.e. Google login button AND user name and password fields).
All I care is to be able to enforce the security of gsuite on my employees (i.e. 2step-auth, password length, etc.) and provide them with SSO, and at the same time no security restrictions for my clients.
The simplest solution is NOT to tell my employees their user and password, thus forcing them to use Google login button, BUT then they can click the “forgot password” and bypass this obstacle easily.