You could create a bookmark application to just gue users to a login page. I am not sure on the use case but If additioanl security is the goal, I would advise using Multi Factor Authentication for this app, Where users would need to satisify an additional requiremernt of an MFA Policy to access the app.
Thank you for the response Jim. I think I left out a few details that were obviously important. The app only supports IDP initated flow, so if it were to redirect them to the login page, it would bypass sso all together. We want users to be prompted for their active directory credentials every time they login to this specific app, and not the application credentials, much like it would work if we didn't have desktop SSO setup. Hopefully that sheds some more light into the challenge I'm trying to resolve.
to get it to work for just 1 app, I used the sign on rules, as I could never get the IWA above action to work. It seemed to satisfy the use case requirement I had at the time. I forced a reauthentication after XX minutes applied to all zones.