I think technically this should not be a problem. It depends on the platform they are using. On most of these platforms (like Okta) SAML2.0 is supported. It could be company security policy to only allow OAuth.
The good Consulting answer is always… it depends ;-)
It depends on the outcome you are trying to achieve. If you are simply trying to authenticate to your Mendix app using Office 365 Credentials then there are a couple of approaches I am aware of:
SAML authentication does NOT provide you with authentication into the Office 365 platform. We need to access the OneDrive for Business service from our Mendix App so we’re attempting to use the resulting SAML Assertion to retrieve an OAUTH token from the Microsoft token service – not working yet. Once this is done we can also make calls to the Office 365 graph API based on the authorization of the logged in user.
I believe #2 will accomplish both of the steps we’re attempting on the SAML side (authentication to Mendix AND to Office 365) so we are testing that too. I don’t think it will provide desktop SSO though and it is not platform agnostic as SAML should be. I’m interested to see the outcome of our test. If anyone else has achieved SSO using the Graph API I would be interested to see the solution.