It depends on what you already have in your infrastructure. If you already have an identity provider setup e.g. Shibboleth, ADFS, OKTA etc you can go for SAML authentication handler. If you have other security solutions like IBM Security Access Manager, Oracle Identity Manger, CA Siteminder, IIS Windows Integrated Login etc. you can go for Granite SSO handler. Though any of these products could provide several authentication mechanisms including SAML.
Former relies on SAML based protocols for authentication and later makes use of authentication based on header, params & cookies.
HTH.