As a business customer of a SaaS product, being able to revoke any employee's access to the SaaS tool if they are terminated. (Imagine how hard this would be for e.g. the SaaS tool your company uses to view financial reporting if it required every user at your company to create their own username/password. If you wanted to prevent someone from "going rogue" during termination, you would need to have an admin remove their account access prior to termination -- and do it on every SaaS product that person used. With SSO you revoke their access and everything gets locked out.
Source: Watching an alcoholic CTO get fired by the board and taking the startup's hosted Mongo database hostage
Good clarification! If you're a solo dev who wants to sell your side project to any company >500 people, SAML integration is tablestakes. If you're a solo dev who needs to secure your hobby project on the public internet, it's like bringing a Space Shuttle engine to a knife fight.
With GitHub (cloud version) specifically it doesn't (currently) work that way, you still need a "normal" GitHub username and password, and you do the organisational SAML login in regular intervals when trying to access that org's resources. I'm not aware of this being a widespread way of doing SAML, but I guess it supports certain use-cases (like keeping a GitHub identity despite switching jobs/OSS projects).
