[wil421]

I’ll take SSO over manually logging into 8-10 company apps I use. If the team implementing an onprem SSS/IDP solution has deep domain knowledge and sys admin skills go for it. Had issues before and cloud based providers like Okta were much better, IMHO.

[Nextgrid]

If Windows didn't turn into a shit-show post-Windows 7 I would prefer Active Directory over all of this mess. Log in once with your password or smartcard and that auth magically works across all applications without ever seeing a login screen or dozens of redirects to do the SAML flow, at least for internal tools. For external stuff, SAML/OIDC is kind of a necessary evil I think (I'm not sure if there's anything preventing external tools from interoperating with Kerberos).

[wil421]

Sheesh the redirects. My HSA bank has the most I’ve ever seen, even Safari screams sometimes about too many redirects.

Can you use AD on Chrome in Windows to login to a web app? Would it be for internal apps only?

[philliphaydon]

Windows 11 is so much superior to 7 in every way.

[Nextgrid]

Modern Windows has great improvements at the kernel level and OS internals but both the UI and general direction of the product (more focused on media consumption, services and the “attention economy”) is a massive downgrade.