The plugin is GDPR compliant. We are going to release a Privacy Policy soon which would mention how the plugin collects and processes Personal Information. Just to let you know that as this is a plugin running entirely on your WordPress site, no Personal Information is stored on our servers. Everything is stored in WordPress.
The SSO integration is directly between the WordPress site and your IDP. WordPress has already released their policies for GDPR compliance. Now the other end of Single Sign-On is IDP. You can check with your IDP whether it is GDPR compliant.
Thanks,
