After enabling SSO, Algolia restricts the authentication methods so it's not possible for selected users to bypass the SSO.
For contractors and externals in general, it is possible to provide them an email address with a suffix like '.ext@my-company.com' so we can add this to our domain restriction list.
It can be an email address just used for SAML access, the email address doesn't have to be valid.