In the modern days authentication systems try to prevent situations when an attacker who stole some credentials tries to login on behalf of the actual user by not only checking the credentials but also factoring in other information like location of the user relative to time between authentications. For example if user logged in from US and then 10 minutes after that from other continent there is a problem.
It is well understood that in many cases this is much easier to do with the systems that are Internet exposed. But there are still tricks that hackers use to pretend that they are in one country while they actually come fro ma different part of the world.
Here we can and should focus on the enterprise use cases.
Couple user stories come to mind:

I am a user that SSHs (or logs into Cockpit) to a set of Linux hosts running in a cloud. I want to make sure that if someone steals my credentials and tries to login into those systems that such attempt will be detected and flagged. I should be able to define a policy what to do when some strange behavior detected. Options can be for example: "deny", or "allow but alert" or "ignore". The system should check whether it is possible for me to physically do such authentication.

Another story can be related to a VPN login but it is probably a lower priority. So I will just mention it without details.

The requests like this are starting to emerge. This one is based on a conversation at RSA conference. So far there is no actual demand behind this but we would like to track this for future.
It might very well be that the solution will require changes to multiple components including SSH for example. It is expected that solution might require collaboration between several projects.