Only the dev/architect of the application would know what model would be the best fit.
SAML2 is old school. That works, and that's supported by ADFS. But that's usually not a good fit for those multi tier apps. I mean, that's the very reason was OAuth2 was born.
In general, for a modern multi-tiered application, OAuth2/OIDC seem to be a better option as it is very flexible for these scanario. But that depends if the frontend has to authenticate the end user, what type of access/auth between the frontend and the backend, etc...
OAuth2 applications are created in ADFS through the Application Groups wizard.