We use auth standards of SAML 2.0, OIDC, and OATH along with a Windows agent and a PAM module for integration to applications, Windows endpoints, and for Linux SSH/SFTP. This allows us to either sit in front of an existing IAM (SSO) solution or act as the IDP. We can also go to the service provider directly.
SSO is not required nor is an AD/AAD server. What we do require is for an auth standard to be in place or the ability to install the Windows agent or Linux PAM.