Why an Identity Provider is required
Why is an Identity Provider so important for a domain, its applications and services?
When an individual application collects user credentials, it effectively means that if a single application is compromised, an attacker would likely have access to other applications not just in the domain but even externally. This is because users typically re-use passwords.
We also do not have the ability to introduce stronger encryption, such as multi-factor authentication.
We do not get the benefits of using single sign-on (SSO).
For any application in a domain that requires login, the best practise is for the application to redirect the user to a trusted identity partner for authentication, especially in SSO scenarios. This is also a pattern that most domain users will already be familiar with as it is widely used nowadays.