Service accounts can't belong to groups, so they are super not convenient for human operators. You can't just create group "developers", assign roles for this group and add service accounts to this group. You must assign role for every user in every namespace, etc.

Having SSO is fine as long as it's built-in. Installing and configuring separate SSO software is not fine.