Hi,
the standard logon procedure tries multiple authentication methods. The cert based authentication is the second option with standard procedure. SAML is usually after that. Hence you should just need to set up that user to use certs and her browser needs to provide a cert when accessing the system.
Cheers