Yes, that’s pretty much it.
For reference here are exemplar login sequences without SSO - note that Discourse has to understand how to interface with each possible backend:
Here is an example with SSO - note that Discourse only communicates with a Single system - whatever happens behind that (username/password, oAuth2, fingerprints, RFID card, blood sample, retinal scanner) is of no concern to Discourse:
