Not a problem, I got it sorted.
I created a test member account setting it with a password. Setting the "members_pass_hash" and "members_pass_salt" fields to null for the test member in the core_members table resulted in the AdminCP showing "Set Password" as the option. The Security and Privacy section now requests Sign In using the IDP to continue.
Everything now as if the user had joined using the IDP login.
