Forgive me if this should be obvious.
I know Pharos offers an Active Directory plugin for allowing users to authenticate via Microsoft Active Directory. I believe it's called adldap. This name makes me believe it works via LDAP protocols. I have been asked to make no LDAP connections to our domain, and instead to ensure SAML connections are used instead. I am less than familiar with the differences, though I have passing familiarity with each (on a good day, I can tell you what each acronym stands for!), and I have no idea if the Active Directory plugin might be SAML compatible and/or compliant. Anyone have more info on that they might be willing to share?