We use Umbrella, and recently migrated to sign into Umbrella via SSO.  Previously, we could at a glance audit all users' 2FA status from the Umbrella dashboard, but now that users use their CCOID to sign in, the 2FA status of that account is divorced...