This is the most security-aligned approach - storing credentials creates significant liability (breach risks, compliance requirements, password rotation policies) while offloading authentication to specialized providers reduces attack surface and improves user experience.

If you ran a saas, you'd know how much more supporting SSO costs and sing a different tune.

Why do some sites require SSO, without an option for a local (better term?) account?

I prefer to have a unique username and password for each service. KeepassXC is my SSO provider.

keepassxc is not a good SSO provider for 100 employees.

This is a real problem of misaligned incentives.