SSO is great, especially with AD integration.

If you use SAML, make sure you use a "tried and tested" implementation or make sure you know what you're doing. Bugs can be subtle.
A friend wrote this Brup-extension to debug/check SAML-bugs:
Unfortunately it requires The pro-version of Burp...
He wrote his bachelor thesis about this topic if you're interested (he wrote it in German):