Hi Anand. These options are only available on older tenants, as they are legacy features. Newer tenants always have Seamless SSO enabled.
Application can force a login step by passing prompt=login. Note that this works as a “suggestion” for cases where the user says “this is not my account, switch to other” (a user could easily bypass the login screen by crafting a new /authorize URL that doesn’t have the prompt=login parameter).
If the application needs to enforce that the login step actually happened, it will need to use a combination of max_age=xxx in the authorize request (where xxx is how many seconds at most the authentication session is accepted) and then check the auth_time claim in the ID Token to make sure the authentication actually happened at the expected moment (again, to ensure that the user didn’t tamper with the /authorize request).