if you are using spnego authentication, you must bind. you can still bind and use local accounts as long as they have the same username in my experience with this. SAP on Mac is kinda spotty and our devs refuse to support it, so I get some awkward requests from execs....that said, once you understand the need for bind (and local accounts with same name), it resolves a lot of headaches
my workflow for SAP Macs is as follows:
Mac enrolls via DEP, NoMAD Login creates a local account based on AD object on first login
Machine is not bound
SAP policy available in self service contains a domain bind profile
this gives you the best of both worlds when using the tiny number of applications that rely on bind
@jameson you don't have much option if you are using an older mechanism of Windows authentication, which a lot of companies seemingly still have because upgrading production ERP systems is even scarier than binding a Mac to AD for whatever reason.
Binding a Mac to AD does not create problems on its own, full stop. Everything you do after enabling that connection is your downfall. My bind profile has nothing other than a bind; network login is not allowed, mobile accounts are not created, home folders are not mounted, etc. In my environment, nothing is different between the bind/no bind other than a green light in the System Preferences indicating that there is indeed a connection to the domain.
For the slim portion of my userbase that even needs SAP access, and thus have this profile setup, I have not ran into any issues with this setup