As has been discussed in many feature requests, by having the /?failover page be available to sign into the Jamf admin page when SSO is enabled, Jamf has essentially defeated the main point of using SSO - enforcement of MFA. Being able to access the admin page externally with nothing but a username and password just isn't secure.
We do have a locally hosted Jamf server so we do have access to all the Tomcat config files. What I'm looking for is any way to block/disable/break that "back door" of using the /?failover. Obviously firewalls and the like will be one area of investigation but I'm also looking for any ideas pertaining to the server itself. Is there anything in the Tomcat server that could be adjusted/deleted/broken that would prevent that /?failover page from being used?