Yep, this is why I have been evaluating it recently. Have a customer that wants SAML 2.0 support, others that want LDAP support, 2FA support, and multi-tenancy support, while being something we can self-host. The other main suggestions I have seen - ORY or Zitadel - tend to be missing at least one of those (from what I can tell).
Keycloak looks like a big complicated monster, so I would prefer to stay away except that it looks like I will be required to have all that complexity to support all the use-cases we are looking at.
As far as I can tell, Zitadel cannot be used as a SAML client, only as a provider. One of my requirements is that we use customer-provided (and controlled) SAML for SSO. Otherwise it was looking very promising.
Keycloak looks like a big complicated monster, so I would prefer to stay away except that it looks like I will be required to have all that complexity to support all the use-cases we are looking at.