In my eyes it is a huge benefit that users see the organisations login page instead of yet another login page. No need for the user to wonder whether that YALP is trustworthy or not. Each additional login page increases the risk that the user gives his credentials to any site that asks for it.
And I love to just use my kerberos token to authenticate instead of having to type username and password.
Now if JAMF would accept SSO with certificates that would be really nice for the users that don't have a kerberos token at hand.