>>I attempted to use SSO instead of LDAP as the authentication type but this seems to break the AD plugin
AD plugin is independent from the platform authentication.
If you go in vCO configurator->Active Directory there is a property "Copy from LDAP configuration"
If this property is cheked the AD plugin configuration is populated from the vCO platform authenticationss.
If you uncheck it you can configure the AD plugin to arbitrary AD server different from the platform one.
When the platform is configured in SSO mode. This property must be uncheked and proper configuration must be provided for AD plugin.
Hope it helps a bit..