Having to connect everything via LDAP actually seems to be the more difficult way.
For managing Authentication but also authorization OpenID and SAML are easier to set up and easier to secure in my opinion. They also allow to manage multiple groups and permissions.
Unlike LDAP these options send you to the Auth server where you can centrally manage 2FA as well as additional login methods (e.g. if your company uses Gsuite, use that to log in)
Though I've had to use LDAP for some things as well, I went with Authentik since it can do all of these. Users and groups are easy to manage. And you can block access in Authentik already instead of having to manage access by group in each application