What do you have against SSO everywhere? I see it as actually one of the things that makes obvious sense. It makes the user's life easier and improves security. It makes it easy to give a new employee access to a bunch of systems at once using RBAC. That and putting users' SSH public keys in LDAP and using that for auth everywhere instead of passwords are two obvious pure wins to me.
SSO is great in a monoculture environment, but falls down in heterogenous systems. We have Azure SSO, Ping Federate, and a couple of others we're getting rid of. I think it adds unnecessary complexity, and fails too often. Our internal users don't like it because the failure modes are opaque to them compared to a userid/password.
