Local authentication
Starting with version 1.6.0, IAM introduces the ability to limit or disable authentication with local IAM credentials, so that external, brokered authentication is required.
It's possible to hide the local login form from the IAM login page and also to control for which users local authentication is enabled (all users, VO administrators, no users).
iam:
local-authn:
enabled-for: vo-admins # possible values: all, vo-admins, none
login-page-visibility: hidden # possible values: hidden, visible
Local authentication settings are configured providing a custom configuration file, as described here.