For a website that doesn’t natively speak SAML or OAuth but still wants Salesforce-backed social sign-in, the architecture typically combines authentication providers with Embedded Login, and the integration is supported through the connected app framework around Salesforce Identity. Authentication providers establish trust with the social sources, while Embedded Login brings the Salesforce-controlled sign-in experience into the existing site. Delegated Authentication is for username/password validation against an external system and doesn’t provide social sign-in. Identity Connect is also unrelated because it is aimed at directory synchronization. The key architectural move is to let Salesforce handle the identity transaction and present that capability inside the existing website, rather than trying to make the legacy site implement standards it doesn’t already support. This is why options A, B, D work together as the correct solution.