[computerfriend]

I genuinely don't know what AD is used for. If you need SSO, why not just use a SSO/SAML IdP?

[barbazoo]

AAD can be used as a SAML IdP.

https://learn.microsoft.com/en-us/azure/active-directory/fun...

[dmarlow]

What's the source of data and truth for your SSO?

[computerfriend]

The SSO IdP itself.

[mnd999]

OpenID Connect seems like the current popular flavour. SAML seems to be increasingly considered legacy.

[cratermoon]

Indeed legacy, but you know how Fortune 500 companies are about new technology not directly relevant to their line of business.

Also, SAML as a spec is really complex precisely because it was created to satisfy a broad range of Enterprise-y requirements. I don't know if OpenID Connect is there yet. It certainly could be, the underlying spec (oauth2) could support a lot of variant complexity, and OIDC supports mobile and there are lot of extensions available or in progress. https://openid.net/developers/specs/