Display sso mfa devices as 'SSO' in tsh and 'SSO Provider' in the WebUI.

api/types/mfa.go

@@ -148,15 +148,15 @@ func (d *MFADevice) SetExpiry(exp time.Time) { d.Metadata.SetExpiry(exp) }
 
 // MFAType returns the human-readable name of the MFA protocol of this device.
 func (d *MFADevice) MFAType() string {
-	switch d := d.Device.(type) {
+	switch d.Device.(type) {
 	case *MFADevice_Totp:
 		return "TOTP"
 	case *MFADevice_U2F:
 		return "U2F"
 	case *MFADevice_Webauthn:
 		return "WebAuthn"
 	case *MFADevice_Sso:
-		return d.Sso.ConnectorType
+		return "SSO"
 	default:
 		return "unknown"
 	}

lib/services/local/users.go

@@ -1318,6 +1318,7 @@ func (s *IdentityService) getSSOMFADevice(ctx context.Context, user string) (*ty
 
 	var mfaConnector interface {
 		IsMFAEnabled() bool
+		GetDisplay() string
 	}
 
 	switch cb.Connector.Type {
@@ -1339,7 +1340,7 @@ func (s *IdentityService) getSSOMFADevice(ctx context.Context, user string) (*ty
 		return nil, trace.NotFound("no SSO MFA device found; user's auth connector does not have MFA enabled")
 	}
 
-	return types.NewMFADevice(cb.Connector.ID, cb.Connector.ID, cb.Time.UTC(), &types.MFADevice_Sso{
+	return types.NewMFADevice(mfaConnector.GetDisplay(), cb.Connector.ID, cb.Time.UTC(), &types.MFADevice_Sso{
 		Sso: &types.SSOMFADevice{
 			ConnectorId:   cb.Connector.ID,
 			ConnectorType: cb.Connector.Type,

web/packages/teleport/src/services/mfa/makeMfaDevice.ts

@@ -26,6 +26,8 @@ export default function makeMfaDevice(json): MfaDevice {
     description = 'Authenticator App';
   } else if (json.type === 'U2F' || json.type === 'WebAuthn') {
     description = 'Hardware Key';
+  } else if (json.type === 'SSO') {
+    description = 'SSO Provider';
   } else {
     description = 'unknown device';
   }