To allow users to access cloud services without separate credentials, which identity mechanism is configured?

Federation lets users authenticate with their existing organizational identity and then access cloud services without creating new, separate credentials. By configuring trust between the organization’s identity provider and the cloud service (often using standards like SAML or OpenID Connect), the cloud service accepts the user’s home credentials and grants access. In practice, this means a user signs in once with their organization’s credentials, and those credentials are trusted across linked services, eliminating the need for separate cloud-specific logins. Single Sign-On is related because it provides a seamless login experience after authentication, but the underlying mechanism that enables cross-domain credential use is federation. OAuth is about authorizing access to resources, not primary authentication, so it doesn’t fit the scenario.