Both handle authentication but they work differently. SAML passes an XML token between an identity provider and a service provider, and it works well for enterprise SSO scenarios. OIDC is built on top of OAuth 2.0 and uses a JSON web token instead. It is lighter and better suited to modern web and mobile applications. For most new integrations I would default to OIDC unless the application only supports SAML