I forgot about this post, and recently started another thread: LDAP and Azure SSO - 
Support - Nextcloud community
Short story is SSO seems limited or requires extra setup. Unless I can get groups enabled, I am going to stick with ldap and TOTP app for now. Check the other thread for a few more details. Let me know if you made progress and have tips. Thanks.