SSO is great, especially with AD integration.

If you use SAML, make sure you use a "tried and tested" implementation or make sure you know what you're doing. Bugs can be subtle.
A friend wrote this Brup-extension to debug/check SAML-bugs: https://portswigger.net/bappstore/c6...1775554f7b802e
Unfortunately it requires The pro-version of Burp...
He wrote his bachelor thesis about this topic if you're interested (he wrote it in German): http://eprints.hsr.ch/464/1/eprints_...s_rbischof.pdf