AD is the source of truth that is changed updated by the permission system. The permission system tracks the progress and the people who approve it.im merly a user of it and i can say that an absolute minority of applications don't use the AD for authentication.
so is it safe to beleive that AD is multi-point approval system, almost for all applications, and tickets can be raised using it? So that means making another platform is rather obsolete, isn't?
Also I have never used AD but reading its docs i came to know that, for using sso the company has to use the domain provided by the AD, like yourcompanyname@microsoft.com, what company will want its users to sign in using this kind of a domain?
Ad is an extension omtop of ldap.using the kerberos like usernames is possible, but most systems accept the username, since there are no conflicts with the usernames.
