For an IdP it seems like Dex combined with an LDAP server would be the simplest and most flexible solution. For reliability, I'm curious about throwing together a really simple LDAP server that stores records in AWS S3. That way your IdP can be trivially replicated with as much reliability as you want and nearly no maintenance. (Dex's storage can be Etcd, but I would also look to implement S3 storage)