I am not sure if you are aware of that we’re extending the ability to use Azure AD single sign-on (SSO) for an unlimited number of cloud apps at no extra cost. Whether you need gallery apps or non-gallery apps, using OIDC, SAML or password SSO, we have removed the limit on the number of apps each user can be assigned for SSO access in Azure AD. This means any Microsoft customer using a subscription of a commercial online service such as Azure, Office 365, Dynamics and Power Platform can enable SSO for all their cloud apps, even with Azure AD Free. This complements our earlier announcement that multi-factor authentication (MFA) along with security defaults is free across all Azure AD pricing tiers, so every one of your apps can also be protected.
Refer to this Blog Post for more details: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/unlimited-sso-and-new-azure-ad-features-to-simplify-secure/ba-p/1257358#
Now the question is how do you deploy SSO? So here is the help with a document on SSO Deployment Plan attached.
Download the SSO Deployment Plan – SaaS SSO Deployment Plan
Tracking your plan is an important aspect of project success. You may use the Deployment Plan Tracker spreadsheet below to monitor and schedule your committed timelines for the project.
Download the SSO Deployment Plan Tracker – SaaS SSO Deployment Tracker
This step-by-step guide walks through the implementation of Single Sign On in a five-step process.
SSO planning Architecture:
Kiran NR Cyber-security blog 