This is now implemented:
If there is only one external authenticator enabled and local logins are disabled and the site requires login, then users will be directed straight to the external authentication page. This exactly matches the implementation of our Discourse-native SSO.
I can’t think of a reason why anyone wouldn’t want this, so this is now the default behaviour.