Thanks for the shoutout @koen1.
SAML2 is an authentication protocol (verify the user’s identity) while Oauth2 is an authorization protocol (verify what the user can access).
SAML2 doesn’t address authorization at all and is usually only used in B2B settings since it requires IT works on both applications.
Oauth2 is not an authentication protocol, it’s an authorization protocol. Your application is asking for permission to act on behalf of the user, and the user has to approve it. Oauth2 is used to implement social login (e.g. login with Facebook). The way it works is that your application will ask the identity provider (in this case Azure) to access your user details and Azure will ask the user to agree to provide that access.
Open ID Connect (OIDC) is a newer authentication protocol (similar to SAML). OIDC uses OAuth2 to access the user details, and that why there is sometime confusion between the two protocols. Like OAuth2, OIDC will usually request the user to consent to the data access, especially if the request is comping from a system outside the organization
OKTA, Azure, Auth0, PING federated and others are all systems that allow organizations to manage their users identities and they support all three protocols (depending on the organization licensing)… but in my experience most B2B SSO is still done with SAML 2.0. In that regards, as long as you are using a standard protocol you wouldn’t need to worry about which system you are integrating to.