Why bother with SSO? If your family and closest friends use something like a wireguard client (iOS for example has a very good one that takes only a minute to configure permanently), the users simply switch a toggle and they are now on your private network and don’t need to SSO to anything (provided you have left everything open).
For a small home network the pros of that approach vastly exceed the cons.
The services we use, like Nextcloud or Mealie, are designed for folks to have their own user accounts. SSO means they can use the same login across all of them without me having to manage that for them (and also avoids me having to know their passwords). It does complicated the setup, but not the operation, and that makes it more likely folks will use the services
I self host about 20 separate apps. I’m in the middle of an SSO implementation project because I do not want to continue managing credentials for 20 separate apps.
I’ve considered opening some of these apps to family members, and having one place to deal with any auth issues is a high priority for me.
That’s ok. But step back further. Do you need to fine grain permission people on the majority of those apps? If you don’t, then SSO is more of a pain than it’s worth. Simply control the network access and leave the apps alone.
For a small home network the pros of that approach vastly exceed the cons.