@Frank Thanks for reaching out and apologies for delay on this. Choosing a SSO method depends on lot of other things as well.
Cloud applications can use OpenID Connect, OAuth, SAML, password-based, linked, or disabled methods for single sign-on.
On-premises applications can use password-based, Integrated Windows Authentication, header-based, linked, or disabled methods for single sign-on. The on-premises choices work when applications are configured for Application Proxy.
I want to share a flowchart which can shed some more light on your scenario,
Let us know if this helps or if you have any questions.
-----------------------------------------------------------------------------------------------------------------
If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.