Your users are accessing numerous web applications, both on-premises and in the cloud, likely requiring a username and password for each application or group of applications.
As the number of applications increases, so does the number of credentials needed to access them. Some applications are integrated using Active Directory, Google, or other external identity providers. Some require their own username and password. With so many credentials to remember, your users may resort to writing them down or reusing the same password across multiple applications. Both common solutions, but both posing tremendous security risks.