Currently users can login using any of the available aliases. While this may increase comfort by a tiny bit, it drastically increases the attack surface.
Is it possible to limit users to being able to login with only one of their aliases, except by using an external identity provider?