The easiest way is to set really long, complex passwords for users and not distribute them. User are technically able to bypass this, because as soon as they are logged in, they have write access to their passwords. However, to bypass this, they would have to alter requests to the server to set a new password and commit - an unlikely scenario for most people.
If you need to be absolutely certain that users will never be able to log in manually, you should override the login action, and you can throw an error if the username does not equal MxAdmin.