Whatever works. Only reason I recommended doing it in core is because it's a relatively minor change for what I thought would have been a reasonable SSO scenario.New registration method is only to distinguish from private, for backend user registration purposes, but also to distinguish from public for the other presentation layer code changes (registration link).As for the access, we do have WIA enabled as an optional thing but we have this working right now and people can login using their SSO (In our case, AD domain credentials) using the web login form anonymously.