[la_fayette]

I would use a standard open source product like keycloak for user management and all related permission, authentication and authorization handling. Most requirements like you said sso, connecting to active directory, etc can be solved out of the box then. When working with such a product you learn a lot about security, as you need to configure all the things.

[spion]

I can't second this strongly enough. You will be asked for SSO, SCIM and so on very quickly by any sizable business. Using a mature auth solution will save you a lot of work.

(If on AWS, you might also want to look at AWS Cognito. I've not worked with Azure or Google Cloud so no idea about those)

[konha]

Google Cloud has Identity Platform. Basically Firebase Auth re-branded.

It’s meh. At least compared to polished / feature complete solutions like Auth0.