In the current configuration of F5 Distributed Cloud, SSO-enabled users retain the ability to log in locally as a fallback if SSO fails—this is by design. However, Multi-Factor Authentication (MFA) cannot be enforced for these local logins unless the user is a Tenant Owner. This limitation poses a significant security risk, as it leaves local logins of SSO users unprotected by MFA. We recommend enabling MFA support for all local login attempts in SSO-enabled environments to enhance security posture.