That’s exactly what I thought when I read that FR’s title:
Ability to Disable User-Added 2FA When SSO Is Enforced
But when I re-read the body of the FR:
He seems to be requesting exactly the same as I am.
I don’t want to be able to disable two-step-login for our users who enabled it.
If users had previously activated it when activating the policy, I guess it happen exactly the same that happens with other policies:
warning
Organization members who are not owners or admins and do not comply with this policy will have access revoked when you activate this policy. Users who have access revoked as a result of this policy will be notified via email, and must take steps to become compliant before their access can be restored.
It depends on what the other FR is really requesting: if he is requesting to be able to deactivate two-step-login for users that have previously activated it on their accounts, then I would prefer the two FRs not to be merged, as they are essentially different.
If the other FR is requesting the same that I am, of course they should be merged.
I agree that the end goal of both FRs is the same, but the means to that end are different, and the difference is important, IMHO.