We're using Microsoft ADFS, which I believe is included in server licenses and user CALs, for our SSO integration. We ended up with Azure Active Directory integration, but I think that was needed only because of additional components we're using (mainly O365). The actual SSO logons happen with on-premises servers and corresponding internet-facing proxies. If you're in-house and your browser supports it, you're automatically logged in when visiting Jive and other SSO-integrated sites. When you're on the road or at home, or using a browser that doesn't handle integrated authentication, you're challenged to authenticate. We had consulting help getting started, but depending on how complex your SSO rules need to be this can be a relatively painless setup.
We tried first with Okta, which should work fine as well for many companies, but we had a handful of edge cases (or maybe not-so-edge) that they couldn't handle and moved to ADFS instead.