In an organization, an AD login is required for multiple apps internally that do not authenticate via SSO, which means that for the same user and password, an additional TOTP is added. If I want to avoid this problem now, I have to create either a separate login with password incl. TOTP, which means again with 10 logins I have to change the password 10 times manually in the data set. The other variant is to create only the login without password and only with the TOTP, which is simply uncomfortable afterwards for the login.