SAML with AAD from NTLM SSO

SAML with AAD from NTLM SSO

Hi

What is the best option to migrate NTLM SSO to SAML based? Ideally with AAD.
We also have optiomn to use on premesis ADFS, 
Main concern is to mach login and not creating separae users when dynamic creatin is enabled, 



EDIT, Further more,  Is 11307 , cannot use NTLM SSO?
SD-96393 : Support for NTLM SSO is deprecated further. Going forward, users with NTLM SSO configured in their applications are advised to configure SAML SSO.