I think most often these days the users themselves are the centralized point of entry for attackers—a focused attacker is not necessarily going after every application a company uses and trying to breach it individually, but instead trying to compromise a user who has access to all of them.
So in that scenario, centralizing auth is desirable because you don’t have that user holding dozens of weak passwords, and you can monitor access and use heuristics to lock the user out of everything automatically if, say, they access the SSO portal from an unexpected IP. You can also always set things up to require re-auth or MFA whenever someone actually signs into something through the IdP, as an extra layer on top.
So in that scenario, centralizing auth is desirable because you don’t have that user holding dozens of weak passwords, and you can monitor access and use heuristics to lock the user out of everything automatically if, say, they access the SSO portal from an unexpected IP. You can also always set things up to require re-auth or MFA whenever someone actually signs into something through the IdP, as an extra layer on top.