In conjunction with a RadiantOne virtual directory, CFS provides a complete identity provider out of the box. The RadiantOne Cloud Federation Service:

• Acts as a complete Security Token Service (STS).
• Builds claims based on attributes culled from all identity sources, including AD, LDAP directories, databases, and applications.
• Allows users in any AD domain and forest to be authenticated using Windows Integrated Authentication, so users can leverage their AD credentials for non-Microsoft applications and achieve SSO.
• Provides template mappings for cloud applications such as Google Apps, Salesforce, SharePoint 2010, and Webex—with more applications to be added.
• Configured to trust additional external identity providers supporting Windows Azure ACS.
• Supports multiple authentication systems, including form-based, certificate, AD domains and forest, RSA SecurID, and other trusted IdPs.
• Delivers SSO both inside and outside the firewall, so users can sign on securely from remote locations and still access all their applications.