What's a good solution for LDAP, MFA and SSO for modern applications?

BIG-IP APM can provide IdM(LDAP) connection. And can also act as an SAML IdP like Using APM as a SAML IdP SSO portal.

Also there is an example as Configuration Example: BIG-IP APM as SAML IdP for Amazon Web Services.

We want to use a centralized IdM service for application like Jira. We can comparing with F5 BIG-IP ARM, Keycloak and Jira's SAML SP Plugin service to make them together.

Maybe it's possible:

• Use BIG-IP ARM connect IdM + Jira SAML Plugin(With SSO and MFA auth features) to connect Jira application
• Use Jira SAML Plugin(With SSO and MFA auth features) + Jira application to connect IdM directly. -> Most simple
• Use BIG-IP ARM + Keycloak(with SSO and MFA) + IdM(with LDAP) + Jira application -> This maybe overwork.
• Use Keycloak + IdM(LDAP) + Jira application -> Need to onboard users from IdM to Keycloak, also maybe overwork.

So which one is the best solution?