Earlier this year Microsoft added Azure Active Directory to their collection of cloud-based offerings, and this is what is used for their SSO support. It is difficult to setup because you tend to get lost in the hall of mirrors that is the Azure setup process: the AD services haven’t yet been integrated into the main Azure management portal, and different bits of the Azure functionality come with different menu collections that aren’t easily navigated from one place to another. It can be deployed as an on-premises server or in the Azure cloud and it works with numerous non-Microsoft SaaS apps.
But once you have it working you can see that is designed mostly for supporting cloud-based apps that you have created using federated identity by exchanging various certificates. It is still very much a work in progress and mainly a developer’s toolkit rather than a polished service.
Azure AD supports a variety of identity providers, including Google, JSON Web tokens, and SAML, among others. You can subscribe to the Premium service level and this will support unlimited number of apps for the automated sign on as well as multiple factor support. There is also a free version that comes with an Azure or Office 365 subscription that will provide SSO for up to 10 apps per user that is a great way to get started and learn about the service.