You can create service accounts and tokens... Although long lived tokens are discouraged, that's as simple as it gets.
Sorry I think you're in the minority here. Most people don't want what you are talking about, they want to use SSO. Even with plain Linux machines, they want SSO.
Service accounts can't belong to groups, so they are super not convenient for human operators. You can't just create group "developers", assign roles for this group and add service accounts to this group. You must assign role for every user in every namespace, etc.
Having SSO is fine as long as it's built-in. Installing and configuring separate SSO software is not fine.
Sorry I think you're in the minority here. Most people don't want what you are talking about, they want to use SSO. Even with plain Linux machines, they want SSO.