In a organization with lots (hundreds) of internal systems, and lots (thousands) of users, and lots (dozens) of Domain Controllers sites, all WAN-connected, is it a good practice to use Active Directory as a SSO provider and its groups for access control implementation?
Any significant scalability, performance or management issues I should be aware before deciding for it?