I ended up with a similar solution in the past because I had no other option.

However, be aware that this is not the best way to enforce security. Users should be unable to login because they don't have a login at all.