Self-Service SSO Configuration

[MarianRaphael]

Description

Current Situation

At present, the configuration of Single Sign-On (SSO) in FlowFuse is exclusively manageable through the FlowFuse Admin panel. This setup primarily impacts FF Cloud Users who are frequently unaware of the necessity to initiate a support ticket for an Admin to set up SSO on their behalf.

Feature Description

The proposed enhancement involves empowering Team Owners with the ability to directly configure SSO settings. This functionality would be integrated into the Team Admin Zone, specifically under the "Team Settings" section. By implementing this feature, we aim to streamline the SSO setup process, making it more user-friendly and efficient. It should still be possible for a FlowFuse Admin to set up configs.

Which customers would this be available to

Enterprise Tier Only (EE)

Have you provided an initial effort estimate for this issue?

I have provided an initial effort estimate

### First Iteration
- [ ] https://github.com/FlowFuse/flowfuse/issues/3377

Customer requested:

1. https://app-eu1.hubspot.com/contacts/26586079/record/0-1/973751

[knolleary]

SSO is related to users, not teams and gets applied to all users for a given email domain. This is why it has to be managed by the platform admin and cannot be self-service.

We do not allow self-service of this because we have to validate the user has authority to enable SSO for an entire email domain. For example, we would not want a team to self-service enable SSO for @gmail.com.

[joepavitt]

Need to better understand the use case here with the customer to be sure this is the "right" solution. As presented currently, this is not feasible, but we don't want to rule out the customer request if there is another way around it.