[closeparen]

An individual OneLogin relying party does not have credentials to leak that could be used anywhere else. It just verifies signed messages from OneLogin.

The sheer number of databases that have and can lose your password is most of the risk with password reuse.

Companies aren't going to maintain separate user tables for every authenticated service that employees use. The alternative is to have each service handle passwords directly and pass them through to an LDAP server, or run their own SAML IdP with considerable difficulty.

At least an individual company's IdP doesn't have the "hack many companies at once" target on its back.