@bednar as far as I know when you create an user with access you have to provide a password, doesn't matter if their role's setup has full SAML access. Before 2015.1 release they allowed password based authentication for SAML enabled user. One thing I could think of if your user's accounts were created by a role you doesn't have access to "Users and Password" permission but have "Manage Users" permission can create an account and will not require a password to give access.