Hi Salesforce experts,

I have implemented Federated SSO in salesforce. i have tested login from sso login url using my ADS user  id and password and i am successful.

I tried to logging in from login.salesforce.com using my salesforce user id and password. i am successful to login from this too.

if a user is able to login throug login.salesforce.com after implementing federated sso in salesforce, there is no meaning at all for this implementation.  because SSO gives company admin to control access to all applications but here admin can not control salesforce user even after sso implementation.

I tried emplyoing a trigger on user account which changes the password everytime time user record is being updated as below so that users will not be known what is their salesforce password as shown below

trigger testtrigger on User ( before update )
{
       Double ran=Math.random();
       System.setPassword('005E0000000cSO9','asdfqwer'+ran);
       system.debug(' forgot   '+'asdfqwer'+ran);

}

This trigger is getting executed when ever the user record changes but the problem is when user clicks on forgot password and he reset the password , this trigger is not getting called.

at this moment, i dont have any option to enforce the users to login from sso login page.

Can anybody solve this problem.

Thanks