Hi Jessie,
Have you tried the following?
1) Add a web application item in your Portal/AGOL with the URL of your locally deployed app. This item will function as a placeholder for your locally deployed app.
2) Go into the just registered app's settings and click Register at the bottom to generate an AppId.
3) Set the redirect URI(s) to your app.
4) Copy the appId into your locally deployed app's config.json in the appId property. (see below)
5) Attempt to load the app in your browser. Do you receive an OAuth2 Modal with an Enterprise Login option rather than the ArcGIS Datastore Named User login?
"portalUrl": "https://portal url",
"appId": "insert appid from registered app in portal",
Permissions to the app using ADFS would then be scoped as to how the registered app is shared across your organization.