Support for single sign-on (SSO) in the cloud environment has become a necessity, as there are many different management applications that a service provider and enterprise customer typically use. Some of these applications are part of the platform, and others are delivered by third parties but should be integrated in the cloud solution.

The identity and federation market has moved from a closed enterprise-centric view to an open federated view. Not only do service providers and enterprise customers alike expect single sign-on across applications within the client environments, but they would also like the same identity to work across security boundaries in public cloud setups as well as with SaaS applications. In a private and public cloud setup, the authentication service must support multitenancy as well.

One of the cornerstones of achieving federation is the ability to make user identities transportable from one security domain to another relatively seamlessly. The industry has adopted standards such as WS-Trust and SAML for achieving this. VMware adheres to these standards and builds a Secure Token Service (STS) that generates SAML 2.0 tokens. These standards are also very important for supporting multisite use cases because this allows for Cloud components like vCenter to be passed a SAML token from a previously authenticated secure session. As long as there is mutual trust between the Cloud environments the same authenticated SAML token is respected.