Best practise for disabling password login for a realm


I want to used IdP brokered login only and in my case it offers a much higher assurance level of the user identity than keycloaks userid/password and I would like to thoroughly disable that method for logging in. I am using Keycloak 16.1.0.

I have looked around as good as I could and it seems to be different opinions and solutions for disabling password login. And I just want to make sure that I have thought of everything.

  1. Created a new theme and removed all mentions on password logins.
  2. Disabled everything from the “Login”-Tab of “Realm Settings”.
  3. Routing from internt only towards auth/realms och auth/resources
  4. Set regular expressions to \A(?!x)x on password policy and maximum length to -1

Anything else that comes to mind?