I work for a large organization (thousands of employees + maybe tens of thousands of external users that have partial access to a fraction of internal information) and many of these people authenticate using username/password (which expires regularly).
However, most of these people (for employees is certain regardless if they typically work on Windows, Linux or iOS) are provided with an Active Directory account (internal e-mail address) and AFAIK all of our systems allow signing in using ADFS / Active Directory/LDAP Identity Provider.
Even for those external users that have very limited access (e.g. for some reports) we can implement a solution using a major identity provider (e.g. Google Identity provider), if ADFS is not allowed.
Having usernames/password creates a burden for the users and many are using Excel files and e-mails to store them which poses a security risk. Also, I have heard of user sharing, so one cannot possibly know who actually used a certain user.
So, by exclusively using only Windows credentials and maybe some other identity provider, the user has to take care only of one pair of credentials when dealing with all company's systems. Also, credentials sharing will disappear.
Question: Are there any objective reasons to use dedicated user/password instead of identity providers within a large organization?