[psidebot]

Even if they don't use Azure AD as their primary SSO you can often federate indirectly via Azure. For many large corporations, an auth against Azure redirects to Microsoft, then to whatever enterprise SAML2 service they're running, then back to Microsoft to pick up an OIDC token or SAML transformation, then back to your app. Instead of supporting however many SAML 2 providers with custom claim mappings you get Azure's reasonably straightforward token. You can also pick up Azure group membership (which many companies maintain or sync from on-prem AD) which is nice for mapping application roles.