Thanks for raising this question around the way the login entry page handles internal SSO users and external users. Unfortunately, there are no ways out of the box to differentiate between the two when a user is not yet authenticated, so this page will be presented to both user types. The configuration options for this page is covered here in the documentation:
Once an internal user has authenticated for the first time, depending on the length of time configured for the session timeout (see "Max Authentication Age" setting in the documentation), a returning internal user should not be prompted to sign in again.
Let me know if you have any other questions on this.